Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ElastiCache ReplicationGroup auth token generation and connection details #1322

Merged
merged 2 commits into from
Jun 6, 2024
Merged

ElastiCache ReplicationGroup auth token generation and connection details #1322

merged 2 commits into from
Jun 6, 2024

Conversation

chlunde
Copy link
Contributor

@chlunde chlunde commented May 23, 2024
edited by turkenf
Loading

  • Add option autoGenerateAuthToken for ElastiCache ReplicationGroup
  • Add port/endpoint connection details for ElastiCache ReplicationGroup

Description of your changes

Fixes #1102

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Uptest run: https://github.com/crossplane-contrib/provider-upjet-aws/actions/runs/9397299773

@haarchri
Copy link
Member

@chlunde i am interested too in this PR - do you need help to finish ?

@chlunde
Copy link
Contributor Author

chlunde commented May 30, 2024

Cool, I will try to fix it tonight, I will let you know if there's some issue I need help wit (except for review and approval) 😀

@chlunde chlunde marked this pull request as ready for review May 31, 2024 16:20
@chlunde
Copy link
Contributor Author

chlunde commented May 31, 2024

@haarchri I pushed again now. I changed the example region to us-east-1 and added a VPC to get a complete example. The existing region has only two az-s per account so it's not good for examples.

I'm a bit confused as I don't remember getting an error about needing a VPC to use auth tokens the last time I tested, but now I do. This is why I added a VPC to the example.

@chlunde
Copy link
Contributor Author

chlunde commented May 31, 2024 

kind: Secret
apiVersion: v1
data:
  attribute.auth_token: VDN4S2dVaFNsVFllMVFScmpmUFNGYTB5aUl4
  port: NjM3OQ==
  primary_endpoint_address: ...==
  reader_endpoint_address: ...=

ulucinar
ulucinar reviewed Jun 4, 2024
View reviewed changes
Copy link
Collaborator

@ulucinar ulucinar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @chlunde,
Thank you for taking care of this. Left some comments for discussion. The most critical one is the error handling comment.

examples/elasticache/v1beta2/replicationgroup.yaml Show resolved Hide resolved
examples/elasticache/v1beta2/replicationgroup.yaml Show resolved Hide resolved
examples/elasticache/v1beta2/replicationgroup.yaml Outdated Show resolved Hide resolved
apis/elasticache/v1beta2/zz_replicationgroup_types.go
// +kubebuilder:validation:Optional
AuthTokenSecretRef *v1.SecretKeySelector `json:"authTokenSecretRef,omitempty" tf:"-"`

// Strategy to use when updating the auth_token. Valid values are SET, ROTATE, and DELETE. Defaults to ROTATE.
// +kubebuilder:validation:Optional
AuthTokenUpdateStrategy *string `json:"authTokenUpdateStrategy,omitempty" tf:"auth_token_update_strategy,omitempty"`

// Password used to access a password protected server. Can be specified only if transit_encryption_enabled = true.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
// Password used to access a password protected server. Can be specified only if transit_encryption_enabled = true.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same for similar field for RDS Instance, at the moment I don't know where the code that prepends this string is 🤔

config/elasticache/config.go Outdated Show resolved Hide resolved
apis/elasticache/v1beta2/zz_replicationgroup_types.go
// If true, the auth token will be auto-generated and stored in the Secret referenced by the authTokenSecretRef field.
// +upjet:crd:field:TFTag=-
// +kubebuilder:validation:Optional
AutoGenerateAuthToken *bool `json:"autoGenerateAuthToken,omitempty" tf:"-"`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: In theory, we could also support auto token generation for the spec.initProvider API for completeness. But we do not need to do this in this PR as I don't expect it to be a real use case.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I think we should do the same every place common.PasswordGenerator is used then (in another PR)

@ulucinar
Copy link
Collaborator

ulucinar commented Jun 4, 2024

/test-examples="examples/elasticache/v1beta2/replicationgroup.yaml"

@turkenf
Copy link
Collaborator

turkenf commented Jun 5, 2024

Hi @chlunde, thank you for your effort in this PR.

The v1.6.0 release is planned for tomorrow, June 6, we want to include this PR in tomorrow's release. If you do not have time to address review comments, please let us know.

@chlunde
ElastiCache ReplicationGroup - Fix annotations, selectors in example,…
2f905a6 
… error handling

From code review

Signed-off-by: Carl Henrik Lunde <[email protected]>
@chlunde
Copy link
Contributor Author

chlunde commented Jun 6, 2024

@turkenf @ulucinar Thanks for the review! I think the two remaining comments apply to common.PasswordGenerator in general?

@turkenf
Copy link
Collaborator

turkenf commented Jun 6, 2024

/test-examples="examples/elasticache/v1beta2/replicationgroup.yaml"

turkenf
turkenf approved these changes Jun 6, 2024
View reviewed changes
Copy link
Collaborator

@turkenf turkenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @chlunde, LGTM.

@turkenf turkenf merged commit 21d4916 into crossplane-contrib:main Jun 6, 2024
12 checks passed
@turkenf turkenf mentioned this pull request Jun 7, 2024
Closed
@haarchri haarchri mentioned this pull request Jul 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ulucinar ulucinar ulucinar left review comments

@turkenf turkenf turkenf approved these changes

@sergenyalcin sergenyalcin Awaiting requested review from sergenyalcin sergenyalcin is a code owner

@mbbush mbbush Awaiting requested review from mbbush mbbush is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Elasticache] - Allow option to autogenerate password for auth
4 participants
@chlunde @haarchri @ulucinar @turkenf