From 532bf11a1cd9cd253f30055a4f4c4afe658b506c Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Thu, 19 Jan 2023 19:40:11 +0100 Subject: [PATCH] Enable `vpc` selector for Route53 Zone Follow the instuctions at https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association ``` Unless explicit association ordering is required (e.g., a separate cross-account association authorization), usage of this resource is not recommended. Use the vpc configuration blocks available within the aws_route53_zone resource instead. ``` and rely on the Zone resource for VPC association * Enable `vpc` section of `Zone` resource * It makes it compliant with community provider-aws HostedZone resource so ease the migration * Document disablement of `route53_vpc_association` resource * Remove `route53_vpc_association` related configuration Signed-off-by: Yury Tsarev --- apis/route53/v1beta1/zz_generated.deepcopy.go | 44 ++++--- .../route53/v1beta1/zz_generated.resolvers.go | 20 ++++ apis/route53/v1beta1/zz_zone_types.go | 25 +++- config/externalname.go | 3 +- config/route53/config.go | 9 -- .../route53/vpcassociationauthorization.yaml | 4 + .../crds/route53.aws.upbound.io_zones.yaml | 108 +++++++++++++++--- 7 files changed, 164 insertions(+), 49 deletions(-) diff --git a/apis/route53/v1beta1/zz_generated.deepcopy.go b/apis/route53/v1beta1/zz_generated.deepcopy.go index e5b313ff27..064613037a 100644 --- a/apis/route53/v1beta1/zz_generated.deepcopy.go +++ b/apis/route53/v1beta1/zz_generated.deepcopy.go @@ -1522,16 +1522,6 @@ func (in *VPCAssociationAuthorizationStatus) DeepCopy() *VPCAssociationAuthoriza // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCObservation) DeepCopyInto(out *VPCObservation) { *out = *in - if in.VPCID != nil { - in, out := &in.VPCID, &out.VPCID - *out = new(string) - **out = **in - } - if in.VPCRegion != nil { - in, out := &in.VPCRegion, &out.VPCRegion - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCObservation. @@ -1547,6 +1537,26 @@ func (in *VPCObservation) DeepCopy() *VPCObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCParameters) DeepCopyInto(out *VPCParameters) { *out = *in + if in.VPCID != nil { + in, out := &in.VPCID, &out.VPCID + *out = new(string) + **out = **in + } + if in.VPCIDRef != nil { + in, out := &in.VPCIDRef, &out.VPCIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.VPCIDSelector != nil { + in, out := &in.VPCIDSelector, &out.VPCIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.VPCRegion != nil { + in, out := &in.VPCRegion, &out.VPCRegion + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCParameters. @@ -1692,13 +1702,6 @@ func (in *ZoneObservation) DeepCopyInto(out *ZoneObservation) { (*out)[key] = outVal } } - if in.VPC != nil { - in, out := &in.VPC, &out.VPC - *out = make([]VPCObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } if in.ZoneID != nil { in, out := &in.ZoneID, &out.ZoneID *out = new(string) @@ -1769,6 +1772,13 @@ func (in *ZoneParameters) DeepCopyInto(out *ZoneParameters) { (*out)[key] = outVal } } + if in.VPC != nil { + in, out := &in.VPC, &out.VPC + *out = make([]VPCParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZoneParameters. diff --git a/apis/route53/v1beta1/zz_generated.resolvers.go b/apis/route53/v1beta1/zz_generated.resolvers.go index d9a33fe605..d523e5b72c 100644 --- a/apis/route53/v1beta1/zz_generated.resolvers.go +++ b/apis/route53/v1beta1/zz_generated.resolvers.go @@ -11,6 +11,7 @@ import ( errors "github.com/pkg/errors" v1beta1 "github.com/upbound/provider-aws/apis/cloudwatch/v1beta1" v1beta11 "github.com/upbound/provider-aws/apis/ec2/v1beta1" + resource "github.com/upbound/upjet/pkg/resource" client "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -215,5 +216,24 @@ func (mg *Zone) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.ForProvider.DelegationSetID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.DelegationSetIDRef = rsp.ResolvedReference + for i3 := 0; i3 < len(mg.Spec.ForProvider.VPC); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.VPC[i3].VPCID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.VPC[i3].VPCIDRef, + Selector: mg.Spec.ForProvider.VPC[i3].VPCIDSelector, + To: reference.To{ + List: &v1beta11.VPCList{}, + Managed: &v1beta11.VPC{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.VPC[i3].VPCID") + } + mg.Spec.ForProvider.VPC[i3].VPCID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.VPC[i3].VPCIDRef = rsp.ResolvedReference + + } + return nil } diff --git a/apis/route53/v1beta1/zz_zone_types.go b/apis/route53/v1beta1/zz_zone_types.go index e790257660..56c11d3681 100755 --- a/apis/route53/v1beta1/zz_zone_types.go +++ b/apis/route53/v1beta1/zz_zone_types.go @@ -14,17 +14,29 @@ import ( ) type VPCObservation struct { +} + +type VPCParameters struct { // ID of the VPC to associate. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ec2/v1beta1.VPC + // +crossplane:generate:reference:extractor=github.com/upbound/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional VPCID *string `json:"vpcId,omitempty" tf:"vpc_id,omitempty"` + // Reference to a VPC in ec2 to populate vpcId. + // +kubebuilder:validation:Optional + VPCIDRef *v1.Reference `json:"vpcIdRef,omitempty" tf:"-"` + + // Selector for a VPC in ec2 to populate vpcId. + // +kubebuilder:validation:Optional + VPCIDSelector *v1.Selector `json:"vpcIdSelector,omitempty" tf:"-"` + // Region of the VPC to associate. Defaults to AWS provider region. + // +kubebuilder:validation:Optional VPCRegion *string `json:"vpcRegion,omitempty" tf:"vpc_region,omitempty"` } -type VPCParameters struct { -} - type ZoneObservation struct { // The Amazon Resource Name (ARN) of the Hosted Zone. @@ -39,9 +51,6 @@ type ZoneObservation struct { // A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` - // Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the delegation_set_id argument in this resource and any aws_route53_zone_association resource specifying the same zone ID. Detailed below. - VPC []VPCObservation `json:"vpc,omitempty" tf:"vpc,omitempty"` - // The Hosted Zone ID. This can be referenced by zone records. ZoneID *string `json:"zoneId,omitempty" tf:"zone_id,omitempty"` } @@ -80,6 +89,10 @@ type ZoneParameters struct { // Key-value map of resource tags. // +kubebuilder:validation:Optional Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the delegation_set_id argument in this resource and any aws_route53_zone_association resource specifying the same zone ID. Detailed below. + // +kubebuilder:validation:Optional + VPC []VPCParameters `json:"vpc,omitempty" tf:"vpc,omitempty"` } // ZoneSpec defines the desired state of Zone diff --git a/config/externalname.go b/config/externalname.go index 305ae9fd6a..0260ac8976 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -599,7 +599,8 @@ var ExternalNameConfigs = map[string]config.ExternalName{ // Z1D633PJN98FT9 "aws_route53_zone": config.IdentifierFromProvider, // Z123456ABCDEFG:vpc-12345678 - // disabled until it's successfully tested + // aws_route53_zone_association is disabled as it is not recommended for usage by terraform, + // see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association // "aws_route53_zone_association": FormattedIdentifierFromProvider(":", "zone_id", "vpc_id"), // Imported using the id and version, e.g., // 01a52019-d16f-422a-ae72-c306d2b6df7e/1 diff --git a/config/route53/config.go b/config/route53/config.go index 52417f7094..28ec6cb3d4 100644 --- a/config/route53/config.go +++ b/config/route53/config.go @@ -53,17 +53,8 @@ func Configure(p *config.Provider) { } }) p.AddResourceConfigurator("aws_route53_zone", func(r *config.Resource) { - // Mutually exclusive with aws_route53_zone_association - config.MoveToStatus(r.TerraformResource, "vpc") r.References["delegation_set_id"] = config.Reference{ Type: "DelegationSet", } }) - p.AddResourceConfigurator("aws_route53_zone_association", func(r *config.Resource) { - // Mutually exclusive with existing region field. - config.MoveToStatus(r.TerraformResource, "vpc_region") - r.References["zone_id"] = config.Reference{ - Type: "Zone", - } - }) } diff --git a/examples-generated/route53/vpcassociationauthorization.yaml b/examples-generated/route53/vpcassociationauthorization.yaml index eee2d54c48..55408b4b52 100644 --- a/examples-generated/route53/vpcassociationauthorization.yaml +++ b/examples-generated/route53/vpcassociationauthorization.yaml @@ -30,6 +30,10 @@ spec: forProvider: name: example.com region: us-west-1 + vpc: + - vpcIdSelector: + matchLabels: + testing.upbound.io/example-name: example --- diff --git a/package/crds/route53.aws.upbound.io_zones.yaml b/package/crds/route53.aws.upbound.io_zones.yaml index 95c9f9f7f4..d874850fb5 100644 --- a/package/crds/route53.aws.upbound.io_zones.yaml +++ b/package/crds/route53.aws.upbound.io_zones.yaml @@ -159,6 +159,98 @@ spec: type: string description: Key-value map of resource tags. type: object + vpc: + description: Configuration block(s) specifying VPC(s) to associate + with a private hosted zone. Conflicts with the delegation_set_id + argument in this resource and any aws_route53_zone_association + resource specifying the same zone ID. Detailed below. + items: + properties: + vpcId: + description: ID of the VPC to associate. + type: string + vpcIdRef: + description: Reference to a VPC in ec2 to populate vpcId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is + 'Required', which means the reconcile will fail + if the reference cannot be resolved. 'Optional' + means this reference will be a no-op if it cannot + be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference only + when the corresponding field is not present. Use + 'Always' to resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + vpcIdSelector: + description: Selector for a VPC in ec2 to populate vpcId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with + the same controller reference as the selecting object + is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is + 'Required', which means the reconcile will fail + if the reference cannot be resolved. 'Optional' + means this reference will be a no-op if it cannot + be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference only + when the corresponding field is not present. Use + 'Always' to resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + vpcRegion: + description: Region of the VPC to associate. Defaults to + AWS provider region. + type: string + type: object + type: array required: - name - region @@ -357,22 +449,6 @@ spec: those inherited from the provider default_tags configuration block. type: object - vpc: - description: Configuration block(s) specifying VPC(s) to associate - with a private hosted zone. Conflicts with the delegation_set_id - argument in this resource and any aws_route53_zone_association - resource specifying the same zone ID. Detailed below. - items: - properties: - vpcId: - description: ID of the VPC to associate. - type: string - vpcRegion: - description: Region of the VPC to associate. Defaults to - AWS provider region. - type: string - type: object - type: array zoneId: description: The Hosted Zone ID. This can be referenced by zone records.