Move all IAM resources to iam group and bump all of them to v1beta1
#996
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
muvaf
force-pushed
the
iam-surgery-who-are-you
branch
3 times, most recently
from
d3524b6 to
94ef0d7
Compare
|
It's ready to review now. I've tested it with instructions in |
|
Tested the composition part of the guide with the following artifacts: apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xpostgresqlinstances.database.example.org
spec:
group: database.example.org
names:
kind: XPostgreSQLInstance
plural: xpostgresqlinstances
claimNames:
kind: PostgreSQLInstance
plural: postgresqlinstances
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
storageGB:
type: integer
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: xpostgresqlinstances.aws.database.example.org
labels:
provider: aws
guide: quickstart
vpc: default
spec:
writeConnectionSecretsToNamespace: crossplane-system
compositeTypeRef:
apiVersion: database.example.org/v1alpha1
kind: XPostgreSQLInstance
resources:
- name: user
base:
apiVersion: identity.aws.crossplane.io/v1alpha1
kind: IAMUser
spec:
forProvider:
tags:
- key: k1
value: v1
providerConfigRef:
name: example
- name: key
base:
apiVersion: identity.aws.crossplane.io/v1alpha1
kind: IAMAccessKey
spec:
forProvider:
userNameSelector:
matchControllerRef: true
providerConfigRef:
name: example
writeConnectionSecretToRef:
name: access-key-secret
namespace: crossplane-system
- name: role
base:
apiVersion: identity.aws.crossplane.io/v1beta1
kind: IAMRole
spec:
forProvider:
assumeRolePolicyDocument: |-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com",
"eks.amazonaws.com",
"eks-fargate-pods.amazonaws.com",
"lambda.amazonaws.com",
"s3.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
tags:
- key: k1
value: v1
providerConfigRef:
name: exampleClaim: apiVersion: database.example.org/v1alpha1
kind: PostgreSQLInstance
metadata:
name: muvafclaim
namespace: default
spec: {}Once all all got ready, I followed the guide and successfully migrated to the new APIs. |
…e users time to migrate Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
…licyAttachment Signed-off-by: Muvaffak Onus <[email protected]>
…mbership Signed-off-by: Muvaffak Onus <[email protected]>
…yAttachment Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
…yAttachment Signed-off-by: Muvaffak Onus <[email protected]>
…d their controllers similar to v1alpha1 ones to reduce the risk of something going wrong during migration Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
Signed-off-by: Muvaffak Onus <[email protected]>
muvaf
force-pushed
the
iam-surgery-who-are-you
branch
from
d16a0e1 to
999eddd
Compare
2 tasks
haarchri
approved these changes
Dec 13, 2021
|
Thanks a lot @haarchri !! |
tektondeploy
pushed a commit
to gtn3010/provider-aws
that referenced
this pull request
Mar 12, 2024
…e-3.x Update alpine Docker tag to v3.18.5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of your changes
The ones already on
v1beta1are kept as is with deprecation notice to not break users. Allv1alpha1ones are moved toiamgroup fromidentityandIAMprefix is dropped from their kind name.User impact of this change will be that users will still have the old CRs in their clusters but there won't be a controller reconciling them. Re-creating the exact same resource with new group and kind will be the migration path.
This PR involves a lot of surgery, I tried my best to keep commits contained to one action for easier review.
Fixes #989
I have:
make reviewable testto ensure this PR is ready for review.How has this code been tested
By following
cluster/UPGRADE.mdinstructions that are added by this PR.