Adding aws_msk_scram_secret_association to v1beta1

[mbbush]

Description of your changes

Added MSK scram secret association, generated from the terraform provider.

Note: the terraform provider has some open bugs related to this resource, but most significantly it seems to assume that there is at most one of these per MSK cluster. Creating more than one aws_msk_scram_secret_association using provider-terraform results in the two resources each attempting to make their secret the only one associated with the cluster. I'd love it if there was a way for me to make this more visible to the user. Can I just customize the description field(s) in config/kafka/config.go?

Fixes #43

I have:

• Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

NAME                         READY   SYNCED   EXTERNAL-NAME           AGE
vpc.ec2.aws.upbound.io/vpc   True    True     vpc-007c5ee139c94e7c1   16h

NAME                                   READY   SYNCED   EXTERNAL-NAME              AGE
subnet.ec2.aws.upbound.io/subnet-az1   True    True     subnet-080f8fe5b4e83d7d1   16h
subnet.ec2.aws.upbound.io/subnet-az2   True    True     subnet-086f2896978d377b2   16h

NAME                                  READY   SYNCED   EXTERNAL-NAME          AGE
securitygroup.ec2.aws.upbound.io/sg   True    True     sg-07ac2fe4a3d3e7a43   16h

NAME                                                  READY   SYNCED   EXTERNAL-NAME                                                                                 AGE
scramsecretassociation.kafka.aws.upbound.io/example   True    True     arn:aws:kafka:us-east-2:REDACTED:cluster/example/459fcc82-84f7-47ea-b3d5-b04626872fe0-2   16h

NAME                                   READY   SYNCED   EXTERNAL-NAME                                                                                 AGE
cluster.kafka.aws.upbound.io/example   True    True     arn:aws:kafka:us-east-2:REDACTED:cluster/example/459fcc82-84f7-47ea-b3d5-b04626872fe0-2   16h

NAME                                         READY   SYNCED   EXTERNAL-NAME                                                                                       AGE
configuration.kafka.aws.upbound.io/example   True    True     arn:aws:kafka:us-east-2:REDACTED:configuration/example/2cb17c03-8a01-4595-8239-13c1f74bbaea-2   15h

NAME                             READY   SYNCED   EXTERNAL-NAME                          AGE
key.kms.aws.upbound.io/example   True    True     a6dfae8c-6e9b-4137-bd0c-f6181a2a780a   16h

NAME                                            READY   SYNCED   EXTERNAL-NAME                                                                    AGE
secret.secretsmanager.aws.upbound.io/example1   True    True     arn:aws:secretsmanager:us-east-2:REDACTED:secret:AmazonMSK_example1-NDtz9u   16h
secret.secretsmanager.aws.upbound.io/example2   True    True     arn:aws:secretsmanager:us-east-2:REDACTED:secret:AmazonMSK_example2-DeXdak   16h

NAME                                                   READY   SYNCED   EXTERNAL-NAME                                                                                                         AGE
secretversion.secretsmanager.aws.upbound.io/example1   True    True     arn:aws:secretsmanager:us-east-2:REDACTED:secret:AmazonMSK_example1-NDtz9u|090287EE-3B4A-43E4-B8BD-7B135B1736EA   16h
secretversion.secretsmanager.aws.upbound.io/example2   True    True     arn:aws:secretsmanager:us-east-2:REDACTED:secret:AmazonMSK_example2-DeXdak|18D028A4-CAF3-46D5-BBCE-EA8F1BC4B2C1   16h

With these managed resources in this state (applied from examples/scramsecretassociation.yaml,) I can see both secrets listed as associated with the MSK cluster in the aws console.

make e2e UPTEST_EXAMPLE_LIST='examples/kafka/scramsecretassociation.yaml'
After a lot of babysitting, some manual intervention around the kafka cluster's configuration and a whole lot of waiting, the tests passed:

--- PASS: kuttl (4267.27s)
    --- PASS: kuttl/harness (0.00s)
        --- PASS: kuttl/harness/case (4243.12s)
PASS
17:54:28 [ OK ] running automated tests

Uptest: https://github.com/upbound/provider-aws/actions/runs/6297489952

[Upbound-CLA]

All committers have signed the CLA.

[mbbush]

/test-examples="examples/kafka/scramsecretassociation.yaml"

EDIT: I don't know what this is supposed to trigger or where I can see the results.

[jeanduplessis]

@mbbush the test command can only be triggered by Upbound org members.

[jeanduplessis]

/test-examples="examples/kafka/scramsecretassociation.yaml"

[mbbush]

@jeanduplessis Unfortunately I didn't get a chance to look at the logs for the test failure, and now they're expired. Could you run it again? Or even better, is there an easy way I can run the same thing locally?

[jeanduplessis]

/test-examples="examples/kafka/scramsecretassociation.yaml"

[mbbush]

If we can get #877 merged I can update the example to pass without manual intervention.

[mbbush]

@turkenf this should be ready to merge.

[turkenf]

/test-examples="examples/kafka/scramsecretassociation.yaml"

[turkenf]

Thank you for your effort in this PR @mbbush, LGTM.

Before merging, can you please make sure we have removed from nottested?

[turkenf]

@mbbush we have the plan to cut the release on Thursday this week. If you want to include this PR in the release, could you please remove the lines about the resource from provideraws/config/externalnamenottested.go?

[mbbush]

Done, thanks!

[mbbush]

I also added a more verbose description to the secretArnList to clarify that you can really only have one ScramSecretAssociation per MSK cluster.