From 5bb4816957340b4f5a17ca2d3b8b12efd946273a Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Wed, 26 Apr 2023 10:38:11 +0300 Subject: [PATCH] Generate per-service providers Signed-off-by: Alper Rifat Ulucinar --- apis/generate.go | 2 + cmd/provider/accessanalyzer/zz_main.go | 147 ++++++++++++ cmd/provider/account/zz_main.go | 147 ++++++++++++ cmd/provider/acm/zz_main.go | 147 ++++++++++++ cmd/provider/acmpca/zz_main.go | 147 ++++++++++++ cmd/provider/amp/zz_main.go | 147 ++++++++++++ cmd/provider/amplify/zz_main.go | 147 ++++++++++++ cmd/provider/apigateway/zz_main.go | 147 ++++++++++++ cmd/provider/apigatewayv2/zz_main.go | 147 ++++++++++++ cmd/provider/appautoscaling/zz_main.go | 147 ++++++++++++ cmd/provider/appconfig/zz_main.go | 147 ++++++++++++ cmd/provider/appflow/zz_main.go | 147 ++++++++++++ cmd/provider/appintegrations/zz_main.go | 147 ++++++++++++ cmd/provider/applicationinsights/zz_main.go | 147 ++++++++++++ cmd/provider/appmesh/zz_main.go | 147 ++++++++++++ cmd/provider/apprunner/zz_main.go | 147 ++++++++++++ cmd/provider/appstream/zz_main.go | 147 ++++++++++++ cmd/provider/appsync/zz_main.go | 147 ++++++++++++ cmd/provider/athena/zz_main.go | 147 ++++++++++++ cmd/provider/autoscaling/zz_main.go | 147 ++++++++++++ cmd/provider/autoscalingplans/zz_main.go | 147 ++++++++++++ cmd/provider/backup/zz_main.go | 147 ++++++++++++ cmd/provider/batch/zz_main.go | 147 ++++++++++++ cmd/provider/budgets/zz_main.go | 147 ++++++++++++ cmd/provider/{main.go => ce/zz_main.go} | 2 +- cmd/provider/chime/zz_main.go | 147 ++++++++++++ cmd/provider/cloud9/zz_main.go | 147 ++++++++++++ cmd/provider/cloudcontrol/zz_main.go | 147 ++++++++++++ cmd/provider/cloudformation/zz_main.go | 147 ++++++++++++ cmd/provider/cloudfront/zz_main.go | 147 ++++++++++++ cmd/provider/cloudsearch/zz_main.go | 147 ++++++++++++ cmd/provider/cloudtrail/zz_main.go | 147 ++++++++++++ cmd/provider/cloudwatch/zz_main.go | 147 ++++++++++++ cmd/provider/cloudwatchevents/zz_main.go | 147 ++++++++++++ cmd/provider/cloudwatchlogs/zz_main.go | 147 ++++++++++++ cmd/provider/codecommit/zz_main.go | 147 ++++++++++++ cmd/provider/codepipeline/zz_main.go | 147 ++++++++++++ cmd/provider/codestarconnections/zz_main.go | 147 ++++++++++++ cmd/provider/codestarnotifications/zz_main.go | 147 ++++++++++++ cmd/provider/cognitoidentity/zz_main.go | 147 ++++++++++++ cmd/provider/cognitoidp/zz_main.go | 147 ++++++++++++ cmd/provider/config/zz_main.go | 147 ++++++++++++ cmd/provider/configservice/zz_main.go | 147 ++++++++++++ cmd/provider/connect/zz_main.go | 147 ++++++++++++ cmd/provider/cur/zz_main.go | 147 ++++++++++++ cmd/provider/dataexchange/zz_main.go | 147 ++++++++++++ cmd/provider/datapipeline/zz_main.go | 147 ++++++++++++ cmd/provider/dax/zz_main.go | 147 ++++++++++++ cmd/provider/deploy/zz_main.go | 147 ++++++++++++ cmd/provider/detective/zz_main.go | 147 ++++++++++++ cmd/provider/devicefarm/zz_main.go | 147 ++++++++++++ cmd/provider/directconnect/zz_main.go | 147 ++++++++++++ cmd/provider/dlm/zz_main.go | 147 ++++++++++++ cmd/provider/dms/zz_main.go | 147 ++++++++++++ cmd/provider/docdb/zz_main.go | 147 ++++++++++++ cmd/provider/ds/zz_main.go | 147 ++++++++++++ cmd/provider/dynamodb/zz_main.go | 147 ++++++++++++ cmd/provider/ec2/zz_main.go | 147 ++++++++++++ cmd/provider/ecr/zz_main.go | 147 ++++++++++++ cmd/provider/ecrpublic/zz_main.go | 147 ++++++++++++ cmd/provider/ecs/zz_main.go | 147 ++++++++++++ cmd/provider/efs/zz_main.go | 147 ++++++++++++ cmd/provider/eks/zz_main.go | 147 ++++++++++++ cmd/provider/elasticache/zz_main.go | 147 ++++++++++++ cmd/provider/elasticbeanstalk/zz_main.go | 147 ++++++++++++ cmd/provider/elasticsearch/zz_main.go | 147 ++++++++++++ cmd/provider/elastictranscoder/zz_main.go | 147 ++++++++++++ cmd/provider/elb/zz_main.go | 147 ++++++++++++ cmd/provider/elbv2/zz_main.go | 147 ++++++++++++ cmd/provider/emr/zz_main.go | 147 ++++++++++++ cmd/provider/emrserverless/zz_main.go | 147 ++++++++++++ cmd/provider/evidently/zz_main.go | 147 ++++++++++++ cmd/provider/firehose/zz_main.go | 147 ++++++++++++ cmd/provider/fis/zz_main.go | 147 ++++++++++++ cmd/provider/fsx/zz_main.go | 147 ++++++++++++ cmd/provider/gamelift/zz_main.go | 147 ++++++++++++ cmd/provider/glacier/zz_main.go | 147 ++++++++++++ cmd/provider/globalaccelerator/zz_main.go | 147 ++++++++++++ cmd/provider/glue/zz_main.go | 147 ++++++++++++ cmd/provider/grafana/zz_main.go | 147 ++++++++++++ cmd/provider/guardduty/zz_main.go | 147 ++++++++++++ cmd/provider/iam/zz_main.go | 147 ++++++++++++ cmd/provider/imagebuilder/zz_main.go | 147 ++++++++++++ cmd/provider/inspector/zz_main.go | 147 ++++++++++++ cmd/provider/inspector2/zz_main.go | 147 ++++++++++++ cmd/provider/iot/zz_main.go | 147 ++++++++++++ cmd/provider/ivs/zz_main.go | 147 ++++++++++++ cmd/provider/kafka/zz_main.go | 147 ++++++++++++ cmd/provider/kendra/zz_main.go | 147 ++++++++++++ cmd/provider/keyspaces/zz_main.go | 147 ++++++++++++ cmd/provider/kinesis/zz_main.go | 147 ++++++++++++ cmd/provider/kinesisanalytics/zz_main.go | 147 ++++++++++++ cmd/provider/kinesisanalyticsv2/zz_main.go | 147 ++++++++++++ cmd/provider/kinesisvideo/zz_main.go | 147 ++++++++++++ cmd/provider/kms/zz_main.go | 147 ++++++++++++ cmd/provider/lakeformation/zz_main.go | 147 ++++++++++++ cmd/provider/lambda/zz_main.go | 147 ++++++++++++ cmd/provider/lexmodels/zz_main.go | 147 ++++++++++++ cmd/provider/licensemanager/zz_main.go | 147 ++++++++++++ cmd/provider/lightsail/zz_main.go | 147 ++++++++++++ cmd/provider/location/zz_main.go | 147 ++++++++++++ cmd/provider/macie2/zz_main.go | 147 ++++++++++++ cmd/provider/mediaconvert/zz_main.go | 147 ++++++++++++ cmd/provider/medialive/zz_main.go | 147 ++++++++++++ cmd/provider/mediapackage/zz_main.go | 147 ++++++++++++ cmd/provider/mediastore/zz_main.go | 147 ++++++++++++ cmd/provider/memorydb/zz_main.go | 147 ++++++++++++ cmd/provider/monolith/zz_main.go | 147 ++++++++++++ cmd/provider/mq/zz_main.go | 147 ++++++++++++ cmd/provider/neptune/zz_main.go | 147 ++++++++++++ cmd/provider/networkfirewall/zz_main.go | 147 ++++++++++++ cmd/provider/networkmanager/zz_main.go | 147 ++++++++++++ cmd/provider/opensearch/zz_main.go | 147 ++++++++++++ cmd/provider/opsworks/zz_main.go | 147 ++++++++++++ cmd/provider/organizations/zz_main.go | 147 ++++++++++++ cmd/provider/pinpoint/zz_main.go | 147 ++++++++++++ cmd/provider/qldb/zz_main.go | 147 ++++++++++++ cmd/provider/quicksight/zz_main.go | 147 ++++++++++++ cmd/provider/ram/zz_main.go | 147 ++++++++++++ cmd/provider/rds/zz_main.go | 147 ++++++++++++ cmd/provider/redshift/zz_main.go | 147 ++++++++++++ cmd/provider/resourcegroups/zz_main.go | 147 ++++++++++++ cmd/provider/rolesanywhere/zz_main.go | 147 ++++++++++++ cmd/provider/route53/zz_main.go | 147 ++++++++++++ .../route53recoverycontrolconfig/zz_main.go | 147 ++++++++++++ .../route53recoveryreadiness/zz_main.go | 147 ++++++++++++ cmd/provider/route53resolver/zz_main.go | 147 ++++++++++++ cmd/provider/rum/zz_main.go | 147 ++++++++++++ cmd/provider/s3/zz_main.go | 147 ++++++++++++ cmd/provider/s3control/zz_main.go | 147 ++++++++++++ cmd/provider/sagemaker/zz_main.go | 147 ++++++++++++ cmd/provider/scheduler/zz_main.go | 147 ++++++++++++ cmd/provider/schemas/zz_main.go | 147 ++++++++++++ cmd/provider/secretsmanager/zz_main.go | 147 ++++++++++++ cmd/provider/securityhub/zz_main.go | 147 ++++++++++++ cmd/provider/serverlessrepo/zz_main.go | 147 ++++++++++++ cmd/provider/servicecatalog/zz_main.go | 147 ++++++++++++ cmd/provider/servicediscovery/zz_main.go | 147 ++++++++++++ cmd/provider/servicequotas/zz_main.go | 147 ++++++++++++ cmd/provider/ses/zz_main.go | 147 ++++++++++++ cmd/provider/sesv2/zz_main.go | 147 ++++++++++++ cmd/provider/sfn/zz_main.go | 147 ++++++++++++ cmd/provider/signer/zz_main.go | 147 ++++++++++++ cmd/provider/simpledb/zz_main.go | 147 ++++++++++++ cmd/provider/sns/zz_main.go | 147 ++++++++++++ cmd/provider/sqs/zz_main.go | 147 ++++++++++++ cmd/provider/ssm/zz_main.go | 147 ++++++++++++ cmd/provider/ssoadmin/zz_main.go | 147 ++++++++++++ cmd/provider/swf/zz_main.go | 147 ++++++++++++ cmd/provider/timestreamwrite/zz_main.go | 147 ++++++++++++ cmd/provider/transcribe/zz_main.go | 147 ++++++++++++ cmd/provider/transfer/zz_main.go | 147 ++++++++++++ cmd/provider/vpc/zz_main.go | 147 ++++++++++++ cmd/provider/waf/zz_main.go | 147 ++++++++++++ cmd/provider/wafregional/zz_main.go | 147 ++++++++++++ cmd/provider/wafv2/zz_main.go | 147 ++++++++++++ cmd/provider/workspaces/zz_main.go | 147 ++++++++++++ cmd/provider/xray/zz_main.go | 147 ++++++++++++ config/provider.go | 2 + go.mod | 2 + go.sum | 2 - hack/embed.go | 8 + hack/main.go.tmpl | 147 ++++++++++++ .../controller/zz_accessanalyzer_setup.go | 28 +++ internal/controller/zz_account_setup.go | 26 +++ internal/controller/zz_acm_setup.go | 28 +++ internal/controller/zz_acmpca_setup.go | 34 +++ internal/controller/zz_amp_setup.go | 30 +++ internal/controller/zz_amplify_setup.go | 32 +++ internal/controller/zz_apigateway_setup.go | 72 ++++++ internal/controller/zz_apigatewayv2_setup.go | 48 ++++ .../controller/zz_appautoscaling_setup.go | 30 +++ internal/controller/zz_appconfig_setup.go | 40 ++++ internal/controller/zz_appflow_setup.go | 26 +++ .../controller/zz_appintegrations_setup.go | 26 +++ .../zz_applicationinsights_setup.go | 26 +++ internal/controller/zz_appmesh_setup.go | 38 +++ internal/controller/zz_apprunner_setup.go | 34 +++ internal/controller/zz_appstream_setup.go | 38 +++ internal/controller/zz_appsync_setup.go | 36 +++ internal/controller/zz_athena_setup.go | 32 +++ internal/controller/zz_autoscaling_setup.go | 40 ++++ .../controller/zz_autoscalingplans_setup.go | 26 +++ internal/controller/zz_backup_setup.go | 44 ++++ internal/controller/zz_batch_setup.go | 26 +++ internal/controller/zz_budgets_setup.go | 28 +++ internal/controller/zz_ce_setup.go | 26 +++ internal/controller/zz_chime_setup.go | 38 +++ internal/controller/zz_cloud9_setup.go | 28 +++ internal/controller/zz_cloudcontrol_setup.go | 26 +++ .../controller/zz_cloudformation_setup.go | 28 +++ internal/controller/zz_cloudfront_setup.go | 50 ++++ internal/controller/zz_cloudsearch_setup.go | 28 +++ internal/controller/zz_cloudtrail_setup.go | 28 +++ internal/controller/zz_cloudwatch_setup.go | 32 +++ .../controller/zz_cloudwatchevents_setup.go | 40 ++++ .../controller/zz_cloudwatchlogs_setup.go | 40 ++++ internal/controller/zz_codecommit_setup.go | 32 +++ internal/controller/zz_codepipeline_setup.go | 30 +++ .../zz_codestarconnections_setup.go | 28 +++ .../zz_codestarnotifications_setup.go | 26 +++ .../controller/zz_cognitoidentity_setup.go | 30 +++ internal/controller/zz_cognitoidp_setup.go | 44 ++++ internal/controller/zz_config_setup.go | 28 +++ internal/controller/zz_configservice_setup.go | 38 +++ internal/controller/zz_connect_setup.go | 54 +++++ internal/controller/zz_cur_setup.go | 26 +++ internal/controller/zz_dataexchange_setup.go | 28 +++ internal/controller/zz_datapipeline_setup.go | 26 +++ internal/controller/zz_dax_setup.go | 30 +++ internal/controller/zz_deploy_setup.go | 30 +++ internal/controller/zz_detective_setup.go | 30 +++ internal/controller/zz_devicefarm_setup.go | 36 +++ internal/controller/zz_directconnect_setup.go | 56 +++++ internal/controller/zz_dlm_setup.go | 26 +++ internal/controller/zz_dms_setup.go | 38 +++ internal/controller/zz_docdb_setup.go | 38 +++ internal/controller/zz_ds_setup.go | 30 +++ internal/controller/zz_dynamodb_setup.go | 38 +++ internal/controller/zz_ec2_setup.go | 220 ++++++++++++++++++ internal/controller/zz_ecr_setup.go | 38 +++ internal/controller/zz_ecrpublic_setup.go | 28 +++ internal/controller/zz_ecs_setup.go | 36 +++ internal/controller/zz_efs_setup.go | 36 +++ internal/controller/zz_eks_setup.go | 34 +++ internal/controller/zz_elasticache_setup.go | 36 +++ .../controller/zz_elasticbeanstalk_setup.go | 30 +++ internal/controller/zz_elasticsearch_setup.go | 30 +++ .../controller/zz_elastictranscoder_setup.go | 28 +++ internal/controller/zz_elb_setup.go | 42 ++++ internal/controller/zz_elbv2_setup.go | 34 +++ internal/controller/zz_emr_setup.go | 26 +++ internal/controller/zz_emrserverless_setup.go | 26 +++ internal/controller/zz_evidently_setup.go | 30 +++ internal/controller/zz_firehose_setup.go | 26 +++ internal/controller/zz_fis_setup.go | 26 +++ internal/controller/zz_fsx_setup.go | 36 +++ internal/controller/zz_gamelift_setup.go | 34 +++ internal/controller/zz_glacier_setup.go | 28 +++ .../controller/zz_globalaccelerator_setup.go | 30 +++ internal/controller/zz_glue_setup.go | 52 +++++ internal/controller/zz_grafana_setup.go | 34 +++ internal/controller/zz_guardduty_setup.go | 30 +++ internal/controller/zz_iam_setup.go | 68 ++++++ internal/controller/zz_imagebuilder_setup.go | 38 +++ internal/controller/zz_inspector2_setup.go | 26 +++ internal/controller/zz_inspector_setup.go | 30 +++ internal/controller/zz_iot_setup.go | 50 ++++ internal/controller/zz_ivs_setup.go | 28 +++ internal/controller/zz_kafka_setup.go | 28 +++ internal/controller/zz_kendra_setup.go | 34 +++ internal/controller/zz_keyspaces_setup.go | 28 +++ internal/controller/zz_kinesis_setup.go | 28 +++ .../controller/zz_kinesisanalytics_setup.go | 26 +++ .../controller/zz_kinesisanalyticsv2_setup.go | 28 +++ internal/controller/zz_kinesisvideo_setup.go | 26 +++ internal/controller/zz_kms_setup.go | 38 +++ internal/controller/zz_lakeformation_setup.go | 30 +++ internal/controller/zz_lambda_setup.go | 46 ++++ internal/controller/zz_lexmodels_setup.go | 32 +++ .../controller/zz_licensemanager_setup.go | 28 +++ internal/controller/zz_lightsail_setup.go | 56 +++++ internal/controller/zz_location_setup.go | 34 +++ internal/controller/zz_macie2_setup.go | 36 +++ internal/controller/zz_mediaconvert_setup.go | 26 +++ internal/controller/zz_medialive_setup.go | 32 +++ internal/controller/zz_mediapackage_setup.go | 26 +++ internal/controller/zz_mediastore_setup.go | 28 +++ internal/controller/zz_memorydb_setup.go | 34 +++ .../{zz_setup.go => zz_monolith_setup.go} | 4 +- internal/controller/zz_mq_setup.go | 28 +++ internal/controller/zz_neptune_setup.go | 42 ++++ .../controller/zz_networkfirewall_setup.go | 32 +++ .../controller/zz_networkmanager_setup.go | 50 ++++ internal/controller/zz_opensearch_setup.go | 30 +++ internal/controller/zz_opsworks_setup.go | 58 +++++ internal/controller/zz_organizations_setup.go | 36 +++ internal/controller/zz_pinpoint_setup.go | 28 +++ internal/controller/zz_qldb_setup.go | 28 +++ internal/controller/zz_quicksight_setup.go | 28 +++ internal/controller/zz_ram_setup.go | 28 +++ internal/controller/zz_rds_setup.go | 68 ++++++ internal/controller/zz_redshift_setup.go | 48 ++++ .../controller/zz_resourcegroups_setup.go | 26 +++ internal/controller/zz_rolesanywhere_setup.go | 26 +++ internal/controller/zz_route53_setup.go | 42 ++++ .../zz_route53recoverycontrolconfig_setup.go | 32 +++ .../zz_route53recoveryreadiness_setup.go | 32 +++ .../controller/zz_route53resolver_setup.go | 30 +++ internal/controller/zz_rum_setup.go | 28 +++ internal/controller/zz_s3_setup.go | 70 ++++++ internal/controller/zz_s3control_setup.go | 40 ++++ internal/controller/zz_sagemaker_setup.go | 66 ++++++ internal/controller/zz_scheduler_setup.go | 28 +++ internal/controller/zz_schemas_setup.go | 30 +++ .../controller/zz_secretsmanager_setup.go | 32 +++ internal/controller/zz_securityhub_setup.go | 40 ++++ .../controller/zz_serverlessrepo_setup.go | 26 +++ .../controller/zz_servicecatalog_setup.go | 46 ++++ .../controller/zz_servicediscovery_setup.go | 32 +++ internal/controller/zz_servicequotas_setup.go | 26 +++ internal/controller/zz_ses_setup.go | 50 ++++ internal/controller/zz_sesv2_setup.go | 36 +++ internal/controller/zz_sfn_setup.go | 28 +++ internal/controller/zz_signer_setup.go | 30 +++ internal/controller/zz_simpledb_setup.go | 26 +++ internal/controller/zz_sns_setup.go | 34 +++ internal/controller/zz_sqs_setup.go | 32 +++ internal/controller/zz_ssm_setup.go | 48 ++++ internal/controller/zz_ssoadmin_setup.go | 32 +++ internal/controller/zz_swf_setup.go | 26 +++ .../controller/zz_timestreamwrite_setup.go | 28 +++ internal/controller/zz_transcribe_setup.go | 30 +++ internal/controller/zz_transfer_setup.go | 34 +++ internal/controller/zz_vpc_setup.go | 26 +++ internal/controller/zz_waf_setup.go | 46 ++++ internal/controller/zz_wafregional_setup.go | 46 ++++ internal/controller/zz_wafv2_setup.go | 28 +++ internal/controller/zz_workspaces_setup.go | 28 +++ internal/controller/zz_xray_setup.go | 30 +++ 320 files changed, 28638 insertions(+), 5 deletions(-) create mode 100644 cmd/provider/accessanalyzer/zz_main.go create mode 100644 cmd/provider/account/zz_main.go create mode 100644 cmd/provider/acm/zz_main.go create mode 100644 cmd/provider/acmpca/zz_main.go create mode 100644 cmd/provider/amp/zz_main.go create mode 100644 cmd/provider/amplify/zz_main.go create mode 100644 cmd/provider/apigateway/zz_main.go create mode 100644 cmd/provider/apigatewayv2/zz_main.go create mode 100644 cmd/provider/appautoscaling/zz_main.go create mode 100644 cmd/provider/appconfig/zz_main.go create mode 100644 cmd/provider/appflow/zz_main.go create mode 100644 cmd/provider/appintegrations/zz_main.go create mode 100644 cmd/provider/applicationinsights/zz_main.go create mode 100644 cmd/provider/appmesh/zz_main.go create mode 100644 cmd/provider/apprunner/zz_main.go create mode 100644 cmd/provider/appstream/zz_main.go create mode 100644 cmd/provider/appsync/zz_main.go create mode 100644 cmd/provider/athena/zz_main.go create mode 100644 cmd/provider/autoscaling/zz_main.go create mode 100644 cmd/provider/autoscalingplans/zz_main.go create mode 100644 cmd/provider/backup/zz_main.go create mode 100644 cmd/provider/batch/zz_main.go create mode 100644 cmd/provider/budgets/zz_main.go rename cmd/provider/{main.go => ce/zz_main.go} (98%) create mode 100644 cmd/provider/chime/zz_main.go create mode 100644 cmd/provider/cloud9/zz_main.go create mode 100644 cmd/provider/cloudcontrol/zz_main.go create mode 100644 cmd/provider/cloudformation/zz_main.go create mode 100644 cmd/provider/cloudfront/zz_main.go create mode 100644 cmd/provider/cloudsearch/zz_main.go create mode 100644 cmd/provider/cloudtrail/zz_main.go create mode 100644 cmd/provider/cloudwatch/zz_main.go create mode 100644 cmd/provider/cloudwatchevents/zz_main.go create mode 100644 cmd/provider/cloudwatchlogs/zz_main.go create mode 100644 cmd/provider/codecommit/zz_main.go create mode 100644 cmd/provider/codepipeline/zz_main.go create mode 100644 cmd/provider/codestarconnections/zz_main.go create mode 100644 cmd/provider/codestarnotifications/zz_main.go create mode 100644 cmd/provider/cognitoidentity/zz_main.go create mode 100644 cmd/provider/cognitoidp/zz_main.go create mode 100644 cmd/provider/config/zz_main.go create mode 100644 cmd/provider/configservice/zz_main.go create mode 100644 cmd/provider/connect/zz_main.go create mode 100644 cmd/provider/cur/zz_main.go create mode 100644 cmd/provider/dataexchange/zz_main.go create mode 100644 cmd/provider/datapipeline/zz_main.go create mode 100644 cmd/provider/dax/zz_main.go create mode 100644 cmd/provider/deploy/zz_main.go create mode 100644 cmd/provider/detective/zz_main.go create mode 100644 cmd/provider/devicefarm/zz_main.go create mode 100644 cmd/provider/directconnect/zz_main.go create mode 100644 cmd/provider/dlm/zz_main.go create mode 100644 cmd/provider/dms/zz_main.go create mode 100644 cmd/provider/docdb/zz_main.go create mode 100644 cmd/provider/ds/zz_main.go create mode 100644 cmd/provider/dynamodb/zz_main.go create mode 100644 cmd/provider/ec2/zz_main.go create mode 100644 cmd/provider/ecr/zz_main.go create mode 100644 cmd/provider/ecrpublic/zz_main.go create mode 100644 cmd/provider/ecs/zz_main.go create mode 100644 cmd/provider/efs/zz_main.go create mode 100644 cmd/provider/eks/zz_main.go create mode 100644 cmd/provider/elasticache/zz_main.go create mode 100644 cmd/provider/elasticbeanstalk/zz_main.go create mode 100644 cmd/provider/elasticsearch/zz_main.go create mode 100644 cmd/provider/elastictranscoder/zz_main.go create mode 100644 cmd/provider/elb/zz_main.go create mode 100644 cmd/provider/elbv2/zz_main.go create mode 100644 cmd/provider/emr/zz_main.go create mode 100644 cmd/provider/emrserverless/zz_main.go create mode 100644 cmd/provider/evidently/zz_main.go create mode 100644 cmd/provider/firehose/zz_main.go create mode 100644 cmd/provider/fis/zz_main.go create mode 100644 cmd/provider/fsx/zz_main.go create mode 100644 cmd/provider/gamelift/zz_main.go create mode 100644 cmd/provider/glacier/zz_main.go create mode 100644 cmd/provider/globalaccelerator/zz_main.go create mode 100644 cmd/provider/glue/zz_main.go create mode 100644 cmd/provider/grafana/zz_main.go create mode 100644 cmd/provider/guardduty/zz_main.go create mode 100644 cmd/provider/iam/zz_main.go create mode 100644 cmd/provider/imagebuilder/zz_main.go create mode 100644 cmd/provider/inspector/zz_main.go create mode 100644 cmd/provider/inspector2/zz_main.go create mode 100644 cmd/provider/iot/zz_main.go create mode 100644 cmd/provider/ivs/zz_main.go create mode 100644 cmd/provider/kafka/zz_main.go create mode 100644 cmd/provider/kendra/zz_main.go create mode 100644 cmd/provider/keyspaces/zz_main.go create mode 100644 cmd/provider/kinesis/zz_main.go create mode 100644 cmd/provider/kinesisanalytics/zz_main.go create mode 100644 cmd/provider/kinesisanalyticsv2/zz_main.go create mode 100644 cmd/provider/kinesisvideo/zz_main.go create mode 100644 cmd/provider/kms/zz_main.go create mode 100644 cmd/provider/lakeformation/zz_main.go create mode 100644 cmd/provider/lambda/zz_main.go create mode 100644 cmd/provider/lexmodels/zz_main.go create mode 100644 cmd/provider/licensemanager/zz_main.go create mode 100644 cmd/provider/lightsail/zz_main.go create mode 100644 cmd/provider/location/zz_main.go create mode 100644 cmd/provider/macie2/zz_main.go create mode 100644 cmd/provider/mediaconvert/zz_main.go create mode 100644 cmd/provider/medialive/zz_main.go create mode 100644 cmd/provider/mediapackage/zz_main.go create mode 100644 cmd/provider/mediastore/zz_main.go create mode 100644 cmd/provider/memorydb/zz_main.go create mode 100644 cmd/provider/monolith/zz_main.go create mode 100644 cmd/provider/mq/zz_main.go create mode 100644 cmd/provider/neptune/zz_main.go create mode 100644 cmd/provider/networkfirewall/zz_main.go create mode 100644 cmd/provider/networkmanager/zz_main.go create mode 100644 cmd/provider/opensearch/zz_main.go create mode 100644 cmd/provider/opsworks/zz_main.go create mode 100644 cmd/provider/organizations/zz_main.go create mode 100644 cmd/provider/pinpoint/zz_main.go create mode 100644 cmd/provider/qldb/zz_main.go create mode 100644 cmd/provider/quicksight/zz_main.go create mode 100644 cmd/provider/ram/zz_main.go create mode 100644 cmd/provider/rds/zz_main.go create mode 100644 cmd/provider/redshift/zz_main.go create mode 100644 cmd/provider/resourcegroups/zz_main.go create mode 100644 cmd/provider/rolesanywhere/zz_main.go create mode 100644 cmd/provider/route53/zz_main.go create mode 100644 cmd/provider/route53recoverycontrolconfig/zz_main.go create mode 100644 cmd/provider/route53recoveryreadiness/zz_main.go create mode 100644 cmd/provider/route53resolver/zz_main.go create mode 100644 cmd/provider/rum/zz_main.go create mode 100644 cmd/provider/s3/zz_main.go create mode 100644 cmd/provider/s3control/zz_main.go create mode 100644 cmd/provider/sagemaker/zz_main.go create mode 100644 cmd/provider/scheduler/zz_main.go create mode 100644 cmd/provider/schemas/zz_main.go create mode 100644 cmd/provider/secretsmanager/zz_main.go create mode 100644 cmd/provider/securityhub/zz_main.go create mode 100644 cmd/provider/serverlessrepo/zz_main.go create mode 100644 cmd/provider/servicecatalog/zz_main.go create mode 100644 cmd/provider/servicediscovery/zz_main.go create mode 100644 cmd/provider/servicequotas/zz_main.go create mode 100644 cmd/provider/ses/zz_main.go create mode 100644 cmd/provider/sesv2/zz_main.go create mode 100644 cmd/provider/sfn/zz_main.go create mode 100644 cmd/provider/signer/zz_main.go create mode 100644 cmd/provider/simpledb/zz_main.go create mode 100644 cmd/provider/sns/zz_main.go create mode 100644 cmd/provider/sqs/zz_main.go create mode 100644 cmd/provider/ssm/zz_main.go create mode 100644 cmd/provider/ssoadmin/zz_main.go create mode 100644 cmd/provider/swf/zz_main.go create mode 100644 cmd/provider/timestreamwrite/zz_main.go create mode 100644 cmd/provider/transcribe/zz_main.go create mode 100644 cmd/provider/transfer/zz_main.go create mode 100644 cmd/provider/vpc/zz_main.go create mode 100644 cmd/provider/waf/zz_main.go create mode 100644 cmd/provider/wafregional/zz_main.go create mode 100644 cmd/provider/wafv2/zz_main.go create mode 100644 cmd/provider/workspaces/zz_main.go create mode 100644 cmd/provider/xray/zz_main.go create mode 100644 hack/embed.go create mode 100644 hack/main.go.tmpl create mode 100755 internal/controller/zz_accessanalyzer_setup.go create mode 100755 internal/controller/zz_account_setup.go create mode 100755 internal/controller/zz_acm_setup.go create mode 100755 internal/controller/zz_acmpca_setup.go create mode 100755 internal/controller/zz_amp_setup.go create mode 100755 internal/controller/zz_amplify_setup.go create mode 100755 internal/controller/zz_apigateway_setup.go create mode 100755 internal/controller/zz_apigatewayv2_setup.go create mode 100755 internal/controller/zz_appautoscaling_setup.go create mode 100755 internal/controller/zz_appconfig_setup.go create mode 100755 internal/controller/zz_appflow_setup.go create mode 100755 internal/controller/zz_appintegrations_setup.go create mode 100755 internal/controller/zz_applicationinsights_setup.go create mode 100755 internal/controller/zz_appmesh_setup.go create mode 100755 internal/controller/zz_apprunner_setup.go create mode 100755 internal/controller/zz_appstream_setup.go create mode 100755 internal/controller/zz_appsync_setup.go create mode 100755 internal/controller/zz_athena_setup.go create mode 100755 internal/controller/zz_autoscaling_setup.go create mode 100755 internal/controller/zz_autoscalingplans_setup.go create mode 100755 internal/controller/zz_backup_setup.go create mode 100755 internal/controller/zz_batch_setup.go create mode 100755 internal/controller/zz_budgets_setup.go create mode 100755 internal/controller/zz_ce_setup.go create mode 100755 internal/controller/zz_chime_setup.go create mode 100755 internal/controller/zz_cloud9_setup.go create mode 100755 internal/controller/zz_cloudcontrol_setup.go create mode 100755 internal/controller/zz_cloudformation_setup.go create mode 100755 internal/controller/zz_cloudfront_setup.go create mode 100755 internal/controller/zz_cloudsearch_setup.go create mode 100755 internal/controller/zz_cloudtrail_setup.go create mode 100755 internal/controller/zz_cloudwatch_setup.go create mode 100755 internal/controller/zz_cloudwatchevents_setup.go create mode 100755 internal/controller/zz_cloudwatchlogs_setup.go create mode 100755 internal/controller/zz_codecommit_setup.go create mode 100755 internal/controller/zz_codepipeline_setup.go create mode 100755 internal/controller/zz_codestarconnections_setup.go create mode 100755 internal/controller/zz_codestarnotifications_setup.go create mode 100755 internal/controller/zz_cognitoidentity_setup.go create mode 100755 internal/controller/zz_cognitoidp_setup.go create mode 100755 internal/controller/zz_config_setup.go create mode 100755 internal/controller/zz_configservice_setup.go create mode 100755 internal/controller/zz_connect_setup.go create mode 100755 internal/controller/zz_cur_setup.go create mode 100755 internal/controller/zz_dataexchange_setup.go create mode 100755 internal/controller/zz_datapipeline_setup.go create mode 100755 internal/controller/zz_dax_setup.go create mode 100755 internal/controller/zz_deploy_setup.go create mode 100755 internal/controller/zz_detective_setup.go create mode 100755 internal/controller/zz_devicefarm_setup.go create mode 100755 internal/controller/zz_directconnect_setup.go create mode 100755 internal/controller/zz_dlm_setup.go create mode 100755 internal/controller/zz_dms_setup.go create mode 100755 internal/controller/zz_docdb_setup.go create mode 100755 internal/controller/zz_ds_setup.go create mode 100755 internal/controller/zz_dynamodb_setup.go create mode 100755 internal/controller/zz_ec2_setup.go create mode 100755 internal/controller/zz_ecr_setup.go create mode 100755 internal/controller/zz_ecrpublic_setup.go create mode 100755 internal/controller/zz_ecs_setup.go create mode 100755 internal/controller/zz_efs_setup.go create mode 100755 internal/controller/zz_eks_setup.go create mode 100755 internal/controller/zz_elasticache_setup.go create mode 100755 internal/controller/zz_elasticbeanstalk_setup.go create mode 100755 internal/controller/zz_elasticsearch_setup.go create mode 100755 internal/controller/zz_elastictranscoder_setup.go create mode 100755 internal/controller/zz_elb_setup.go create mode 100755 internal/controller/zz_elbv2_setup.go create mode 100755 internal/controller/zz_emr_setup.go create mode 100755 internal/controller/zz_emrserverless_setup.go create mode 100755 internal/controller/zz_evidently_setup.go create mode 100755 internal/controller/zz_firehose_setup.go create mode 100755 internal/controller/zz_fis_setup.go create mode 100755 internal/controller/zz_fsx_setup.go create mode 100755 internal/controller/zz_gamelift_setup.go create mode 100755 internal/controller/zz_glacier_setup.go create mode 100755 internal/controller/zz_globalaccelerator_setup.go create mode 100755 internal/controller/zz_glue_setup.go create mode 100755 internal/controller/zz_grafana_setup.go create mode 100755 internal/controller/zz_guardduty_setup.go create mode 100755 internal/controller/zz_iam_setup.go create mode 100755 internal/controller/zz_imagebuilder_setup.go create mode 100755 internal/controller/zz_inspector2_setup.go create mode 100755 internal/controller/zz_inspector_setup.go create mode 100755 internal/controller/zz_iot_setup.go create mode 100755 internal/controller/zz_ivs_setup.go create mode 100755 internal/controller/zz_kafka_setup.go create mode 100755 internal/controller/zz_kendra_setup.go create mode 100755 internal/controller/zz_keyspaces_setup.go create mode 100755 internal/controller/zz_kinesis_setup.go create mode 100755 internal/controller/zz_kinesisanalytics_setup.go create mode 100755 internal/controller/zz_kinesisanalyticsv2_setup.go create mode 100755 internal/controller/zz_kinesisvideo_setup.go create mode 100755 internal/controller/zz_kms_setup.go create mode 100755 internal/controller/zz_lakeformation_setup.go create mode 100755 internal/controller/zz_lambda_setup.go create mode 100755 internal/controller/zz_lexmodels_setup.go create mode 100755 internal/controller/zz_licensemanager_setup.go create mode 100755 internal/controller/zz_lightsail_setup.go create mode 100755 internal/controller/zz_location_setup.go create mode 100755 internal/controller/zz_macie2_setup.go create mode 100755 internal/controller/zz_mediaconvert_setup.go create mode 100755 internal/controller/zz_medialive_setup.go create mode 100755 internal/controller/zz_mediapackage_setup.go create mode 100755 internal/controller/zz_mediastore_setup.go create mode 100755 internal/controller/zz_memorydb_setup.go rename internal/controller/{zz_setup.go => zz_monolith_setup.go} (99%) create mode 100755 internal/controller/zz_mq_setup.go create mode 100755 internal/controller/zz_neptune_setup.go create mode 100755 internal/controller/zz_networkfirewall_setup.go create mode 100755 internal/controller/zz_networkmanager_setup.go create mode 100755 internal/controller/zz_opensearch_setup.go create mode 100755 internal/controller/zz_opsworks_setup.go create mode 100755 internal/controller/zz_organizations_setup.go create mode 100755 internal/controller/zz_pinpoint_setup.go create mode 100755 internal/controller/zz_qldb_setup.go create mode 100755 internal/controller/zz_quicksight_setup.go create mode 100755 internal/controller/zz_ram_setup.go create mode 100755 internal/controller/zz_rds_setup.go create mode 100755 internal/controller/zz_redshift_setup.go create mode 100755 internal/controller/zz_resourcegroups_setup.go create mode 100755 internal/controller/zz_rolesanywhere_setup.go create mode 100755 internal/controller/zz_route53_setup.go create mode 100755 internal/controller/zz_route53recoverycontrolconfig_setup.go create mode 100755 internal/controller/zz_route53recoveryreadiness_setup.go create mode 100755 internal/controller/zz_route53resolver_setup.go create mode 100755 internal/controller/zz_rum_setup.go create mode 100755 internal/controller/zz_s3_setup.go create mode 100755 internal/controller/zz_s3control_setup.go create mode 100755 internal/controller/zz_sagemaker_setup.go create mode 100755 internal/controller/zz_scheduler_setup.go create mode 100755 internal/controller/zz_schemas_setup.go create mode 100755 internal/controller/zz_secretsmanager_setup.go create mode 100755 internal/controller/zz_securityhub_setup.go create mode 100755 internal/controller/zz_serverlessrepo_setup.go create mode 100755 internal/controller/zz_servicecatalog_setup.go create mode 100755 internal/controller/zz_servicediscovery_setup.go create mode 100755 internal/controller/zz_servicequotas_setup.go create mode 100755 internal/controller/zz_ses_setup.go create mode 100755 internal/controller/zz_sesv2_setup.go create mode 100755 internal/controller/zz_sfn_setup.go create mode 100755 internal/controller/zz_signer_setup.go create mode 100755 internal/controller/zz_simpledb_setup.go create mode 100755 internal/controller/zz_sns_setup.go create mode 100755 internal/controller/zz_sqs_setup.go create mode 100755 internal/controller/zz_ssm_setup.go create mode 100755 internal/controller/zz_ssoadmin_setup.go create mode 100755 internal/controller/zz_swf_setup.go create mode 100755 internal/controller/zz_timestreamwrite_setup.go create mode 100755 internal/controller/zz_transcribe_setup.go create mode 100755 internal/controller/zz_transfer_setup.go create mode 100755 internal/controller/zz_vpc_setup.go create mode 100755 internal/controller/zz_waf_setup.go create mode 100755 internal/controller/zz_wafregional_setup.go create mode 100755 internal/controller/zz_wafv2_setup.go create mode 100755 internal/controller/zz_workspaces_setup.go create mode 100755 internal/controller/zz_xray_setup.go diff --git a/apis/generate.go b/apis/generate.go index 480f9db4fd..95b807fa22 100644 --- a/apis/generate.go +++ b/apis/generate.go @@ -17,6 +17,8 @@ Copyright 2021 Upbound Inc. //go:generate bash -c "find ../internal/controller -iname 'zz_*' -delete" //go:generate bash -c "find ../internal/controller -type d -empty -delete" //go:generate rm -rf ../examples-generated +//go:generate bash -c "find ../cmd/provider -name 'zz_*' -type f -delete" +//go:generate bash -c "find ../cmd/provider -type d -depth 1 -empty -delete" // Scrape metadata from Terraform registry //go:generate go run github.com/upbound/upjet/cmd/scraper -n hashicorp/terraform-provider-aws -r ../.work/terraform-provider-aws/website/docs/r -o ../config/provider-metadata.yaml diff --git a/cmd/provider/accessanalyzer/zz_main.go b/cmd/provider/accessanalyzer/zz_main.go new file mode 100644 index 0000000000..652f31a137 --- /dev/null +++ b/cmd/provider/accessanalyzer/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_accessanalyzer(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/account/zz_main.go b/cmd/provider/account/zz_main.go new file mode 100644 index 0000000000..5e5e7bbebd --- /dev/null +++ b/cmd/provider/account/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_account(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/acm/zz_main.go b/cmd/provider/acm/zz_main.go new file mode 100644 index 0000000000..b0045545a3 --- /dev/null +++ b/cmd/provider/acm/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_acm(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/acmpca/zz_main.go b/cmd/provider/acmpca/zz_main.go new file mode 100644 index 0000000000..193eeeacf7 --- /dev/null +++ b/cmd/provider/acmpca/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_acmpca(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/amp/zz_main.go b/cmd/provider/amp/zz_main.go new file mode 100644 index 0000000000..c046b3e600 --- /dev/null +++ b/cmd/provider/amp/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_amp(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/amplify/zz_main.go b/cmd/provider/amplify/zz_main.go new file mode 100644 index 0000000000..59e8063ac0 --- /dev/null +++ b/cmd/provider/amplify/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_amplify(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/apigateway/zz_main.go b/cmd/provider/apigateway/zz_main.go new file mode 100644 index 0000000000..e940e9bacd --- /dev/null +++ b/cmd/provider/apigateway/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_apigateway(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/apigatewayv2/zz_main.go b/cmd/provider/apigatewayv2/zz_main.go new file mode 100644 index 0000000000..a44a5e6969 --- /dev/null +++ b/cmd/provider/apigatewayv2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_apigatewayv2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appautoscaling/zz_main.go b/cmd/provider/appautoscaling/zz_main.go new file mode 100644 index 0000000000..f647c6fda4 --- /dev/null +++ b/cmd/provider/appautoscaling/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appautoscaling(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appconfig/zz_main.go b/cmd/provider/appconfig/zz_main.go new file mode 100644 index 0000000000..d2ca28582f --- /dev/null +++ b/cmd/provider/appconfig/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appconfig(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appflow/zz_main.go b/cmd/provider/appflow/zz_main.go new file mode 100644 index 0000000000..2629a7b513 --- /dev/null +++ b/cmd/provider/appflow/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appflow(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appintegrations/zz_main.go b/cmd/provider/appintegrations/zz_main.go new file mode 100644 index 0000000000..59055b33bb --- /dev/null +++ b/cmd/provider/appintegrations/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appintegrations(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/applicationinsights/zz_main.go b/cmd/provider/applicationinsights/zz_main.go new file mode 100644 index 0000000000..6de7519290 --- /dev/null +++ b/cmd/provider/applicationinsights/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_applicationinsights(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appmesh/zz_main.go b/cmd/provider/appmesh/zz_main.go new file mode 100644 index 0000000000..786ef964b7 --- /dev/null +++ b/cmd/provider/appmesh/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appmesh(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/apprunner/zz_main.go b/cmd/provider/apprunner/zz_main.go new file mode 100644 index 0000000000..bb004e7d8e --- /dev/null +++ b/cmd/provider/apprunner/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_apprunner(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appstream/zz_main.go b/cmd/provider/appstream/zz_main.go new file mode 100644 index 0000000000..2951253cbf --- /dev/null +++ b/cmd/provider/appstream/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appstream(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/appsync/zz_main.go b/cmd/provider/appsync/zz_main.go new file mode 100644 index 0000000000..6ededadb5c --- /dev/null +++ b/cmd/provider/appsync/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_appsync(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/athena/zz_main.go b/cmd/provider/athena/zz_main.go new file mode 100644 index 0000000000..031ad4dbca --- /dev/null +++ b/cmd/provider/athena/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_athena(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/autoscaling/zz_main.go b/cmd/provider/autoscaling/zz_main.go new file mode 100644 index 0000000000..eedf5b3601 --- /dev/null +++ b/cmd/provider/autoscaling/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_autoscaling(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/autoscalingplans/zz_main.go b/cmd/provider/autoscalingplans/zz_main.go new file mode 100644 index 0000000000..9bf274a42b --- /dev/null +++ b/cmd/provider/autoscalingplans/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_autoscalingplans(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/backup/zz_main.go b/cmd/provider/backup/zz_main.go new file mode 100644 index 0000000000..be2aea6afe --- /dev/null +++ b/cmd/provider/backup/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_backup(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/batch/zz_main.go b/cmd/provider/batch/zz_main.go new file mode 100644 index 0000000000..c7212d9c16 --- /dev/null +++ b/cmd/provider/batch/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_batch(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/budgets/zz_main.go b/cmd/provider/budgets/zz_main.go new file mode 100644 index 0000000000..b48930ec46 --- /dev/null +++ b/cmd/provider/budgets/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_budgets(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/main.go b/cmd/provider/ce/zz_main.go similarity index 98% rename from cmd/provider/main.go rename to cmd/provider/ce/zz_main.go index 3d090ebb43..c08a354db7 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/ce/zz_main.go @@ -142,6 +142,6 @@ func main() { log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) } - kingpin.FatalIfError(controller.Setup(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(controller.Setup_ce(mgr, o), "Cannot setup AWS controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/chime/zz_main.go b/cmd/provider/chime/zz_main.go new file mode 100644 index 0000000000..9c64829345 --- /dev/null +++ b/cmd/provider/chime/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_chime(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloud9/zz_main.go b/cmd/provider/cloud9/zz_main.go new file mode 100644 index 0000000000..bab8660dc4 --- /dev/null +++ b/cmd/provider/cloud9/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloud9(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudcontrol/zz_main.go b/cmd/provider/cloudcontrol/zz_main.go new file mode 100644 index 0000000000..e9c7f3f9f6 --- /dev/null +++ b/cmd/provider/cloudcontrol/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudcontrol(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudformation/zz_main.go b/cmd/provider/cloudformation/zz_main.go new file mode 100644 index 0000000000..a46c330ba8 --- /dev/null +++ b/cmd/provider/cloudformation/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudformation(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudfront/zz_main.go b/cmd/provider/cloudfront/zz_main.go new file mode 100644 index 0000000000..0ab9df5d5f --- /dev/null +++ b/cmd/provider/cloudfront/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudfront(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudsearch/zz_main.go b/cmd/provider/cloudsearch/zz_main.go new file mode 100644 index 0000000000..4384f6c84d --- /dev/null +++ b/cmd/provider/cloudsearch/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudsearch(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudtrail/zz_main.go b/cmd/provider/cloudtrail/zz_main.go new file mode 100644 index 0000000000..d9109e8c06 --- /dev/null +++ b/cmd/provider/cloudtrail/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudtrail(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudwatch/zz_main.go b/cmd/provider/cloudwatch/zz_main.go new file mode 100644 index 0000000000..08fc2347e3 --- /dev/null +++ b/cmd/provider/cloudwatch/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudwatch(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudwatchevents/zz_main.go b/cmd/provider/cloudwatchevents/zz_main.go new file mode 100644 index 0000000000..1656e6bb8f --- /dev/null +++ b/cmd/provider/cloudwatchevents/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudwatchevents(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cloudwatchlogs/zz_main.go b/cmd/provider/cloudwatchlogs/zz_main.go new file mode 100644 index 0000000000..25c4513787 --- /dev/null +++ b/cmd/provider/cloudwatchlogs/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cloudwatchlogs(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/codecommit/zz_main.go b/cmd/provider/codecommit/zz_main.go new file mode 100644 index 0000000000..c0c689cfd2 --- /dev/null +++ b/cmd/provider/codecommit/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_codecommit(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/codepipeline/zz_main.go b/cmd/provider/codepipeline/zz_main.go new file mode 100644 index 0000000000..87b2829af9 --- /dev/null +++ b/cmd/provider/codepipeline/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_codepipeline(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/codestarconnections/zz_main.go b/cmd/provider/codestarconnections/zz_main.go new file mode 100644 index 0000000000..d949b7bdfc --- /dev/null +++ b/cmd/provider/codestarconnections/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_codestarconnections(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/codestarnotifications/zz_main.go b/cmd/provider/codestarnotifications/zz_main.go new file mode 100644 index 0000000000..7d803aa575 --- /dev/null +++ b/cmd/provider/codestarnotifications/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_codestarnotifications(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cognitoidentity/zz_main.go b/cmd/provider/cognitoidentity/zz_main.go new file mode 100644 index 0000000000..7562926e77 --- /dev/null +++ b/cmd/provider/cognitoidentity/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cognitoidentity(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cognitoidp/zz_main.go b/cmd/provider/cognitoidp/zz_main.go new file mode 100644 index 0000000000..aa1521ca8e --- /dev/null +++ b/cmd/provider/cognitoidp/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cognitoidp(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/config/zz_main.go b/cmd/provider/config/zz_main.go new file mode 100644 index 0000000000..a532db69a1 --- /dev/null +++ b/cmd/provider/config/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_config(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/configservice/zz_main.go b/cmd/provider/configservice/zz_main.go new file mode 100644 index 0000000000..a8e749c667 --- /dev/null +++ b/cmd/provider/configservice/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_configservice(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/connect/zz_main.go b/cmd/provider/connect/zz_main.go new file mode 100644 index 0000000000..3ab5a9cda8 --- /dev/null +++ b/cmd/provider/connect/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_connect(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/cur/zz_main.go b/cmd/provider/cur/zz_main.go new file mode 100644 index 0000000000..cb51db3f49 --- /dev/null +++ b/cmd/provider/cur/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_cur(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/dataexchange/zz_main.go b/cmd/provider/dataexchange/zz_main.go new file mode 100644 index 0000000000..91da3e6a91 --- /dev/null +++ b/cmd/provider/dataexchange/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_dataexchange(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/datapipeline/zz_main.go b/cmd/provider/datapipeline/zz_main.go new file mode 100644 index 0000000000..6067568769 --- /dev/null +++ b/cmd/provider/datapipeline/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_datapipeline(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/dax/zz_main.go b/cmd/provider/dax/zz_main.go new file mode 100644 index 0000000000..df3ffd534e --- /dev/null +++ b/cmd/provider/dax/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_dax(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/deploy/zz_main.go b/cmd/provider/deploy/zz_main.go new file mode 100644 index 0000000000..3eab2a2b66 --- /dev/null +++ b/cmd/provider/deploy/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_deploy(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/detective/zz_main.go b/cmd/provider/detective/zz_main.go new file mode 100644 index 0000000000..df38f27c29 --- /dev/null +++ b/cmd/provider/detective/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_detective(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/devicefarm/zz_main.go b/cmd/provider/devicefarm/zz_main.go new file mode 100644 index 0000000000..e3c2af5875 --- /dev/null +++ b/cmd/provider/devicefarm/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_devicefarm(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/directconnect/zz_main.go b/cmd/provider/directconnect/zz_main.go new file mode 100644 index 0000000000..d0e0dacab0 --- /dev/null +++ b/cmd/provider/directconnect/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_directconnect(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/dlm/zz_main.go b/cmd/provider/dlm/zz_main.go new file mode 100644 index 0000000000..74a629b0d0 --- /dev/null +++ b/cmd/provider/dlm/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_dlm(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/dms/zz_main.go b/cmd/provider/dms/zz_main.go new file mode 100644 index 0000000000..f654653a6a --- /dev/null +++ b/cmd/provider/dms/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_dms(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/docdb/zz_main.go b/cmd/provider/docdb/zz_main.go new file mode 100644 index 0000000000..b0e89b2874 --- /dev/null +++ b/cmd/provider/docdb/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_docdb(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ds/zz_main.go b/cmd/provider/ds/zz_main.go new file mode 100644 index 0000000000..0d1331d409 --- /dev/null +++ b/cmd/provider/ds/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ds(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/dynamodb/zz_main.go b/cmd/provider/dynamodb/zz_main.go new file mode 100644 index 0000000000..ad3fb96c8a --- /dev/null +++ b/cmd/provider/dynamodb/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_dynamodb(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ec2/zz_main.go b/cmd/provider/ec2/zz_main.go new file mode 100644 index 0000000000..0adc092d59 --- /dev/null +++ b/cmd/provider/ec2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ec2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ecr/zz_main.go b/cmd/provider/ecr/zz_main.go new file mode 100644 index 0000000000..ce48416c8f --- /dev/null +++ b/cmd/provider/ecr/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ecr(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ecrpublic/zz_main.go b/cmd/provider/ecrpublic/zz_main.go new file mode 100644 index 0000000000..6e990a122a --- /dev/null +++ b/cmd/provider/ecrpublic/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ecrpublic(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ecs/zz_main.go b/cmd/provider/ecs/zz_main.go new file mode 100644 index 0000000000..96d6941d4a --- /dev/null +++ b/cmd/provider/ecs/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ecs(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/efs/zz_main.go b/cmd/provider/efs/zz_main.go new file mode 100644 index 0000000000..ca233eb486 --- /dev/null +++ b/cmd/provider/efs/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_efs(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/eks/zz_main.go b/cmd/provider/eks/zz_main.go new file mode 100644 index 0000000000..4e1b0163fe --- /dev/null +++ b/cmd/provider/eks/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_eks(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/elasticache/zz_main.go b/cmd/provider/elasticache/zz_main.go new file mode 100644 index 0000000000..d4df2143f1 --- /dev/null +++ b/cmd/provider/elasticache/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_elasticache(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/elasticbeanstalk/zz_main.go b/cmd/provider/elasticbeanstalk/zz_main.go new file mode 100644 index 0000000000..35ccc2820f --- /dev/null +++ b/cmd/provider/elasticbeanstalk/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_elasticbeanstalk(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/elasticsearch/zz_main.go b/cmd/provider/elasticsearch/zz_main.go new file mode 100644 index 0000000000..2bfeb516c7 --- /dev/null +++ b/cmd/provider/elasticsearch/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_elasticsearch(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/elastictranscoder/zz_main.go b/cmd/provider/elastictranscoder/zz_main.go new file mode 100644 index 0000000000..1981649cc5 --- /dev/null +++ b/cmd/provider/elastictranscoder/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_elastictranscoder(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/elb/zz_main.go b/cmd/provider/elb/zz_main.go new file mode 100644 index 0000000000..f24106f969 --- /dev/null +++ b/cmd/provider/elb/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_elb(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/elbv2/zz_main.go b/cmd/provider/elbv2/zz_main.go new file mode 100644 index 0000000000..f9b461531e --- /dev/null +++ b/cmd/provider/elbv2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_elbv2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/emr/zz_main.go b/cmd/provider/emr/zz_main.go new file mode 100644 index 0000000000..f0d199be67 --- /dev/null +++ b/cmd/provider/emr/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_emr(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/emrserverless/zz_main.go b/cmd/provider/emrserverless/zz_main.go new file mode 100644 index 0000000000..60fc6c1102 --- /dev/null +++ b/cmd/provider/emrserverless/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_emrserverless(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/evidently/zz_main.go b/cmd/provider/evidently/zz_main.go new file mode 100644 index 0000000000..2ed12af537 --- /dev/null +++ b/cmd/provider/evidently/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_evidently(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/firehose/zz_main.go b/cmd/provider/firehose/zz_main.go new file mode 100644 index 0000000000..3d89a4a0df --- /dev/null +++ b/cmd/provider/firehose/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_firehose(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/fis/zz_main.go b/cmd/provider/fis/zz_main.go new file mode 100644 index 0000000000..8c78372d36 --- /dev/null +++ b/cmd/provider/fis/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_fis(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/fsx/zz_main.go b/cmd/provider/fsx/zz_main.go new file mode 100644 index 0000000000..4f4a7beebd --- /dev/null +++ b/cmd/provider/fsx/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_fsx(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/gamelift/zz_main.go b/cmd/provider/gamelift/zz_main.go new file mode 100644 index 0000000000..bcf98ca298 --- /dev/null +++ b/cmd/provider/gamelift/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_gamelift(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/glacier/zz_main.go b/cmd/provider/glacier/zz_main.go new file mode 100644 index 0000000000..0be7ee7171 --- /dev/null +++ b/cmd/provider/glacier/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_glacier(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/globalaccelerator/zz_main.go b/cmd/provider/globalaccelerator/zz_main.go new file mode 100644 index 0000000000..e1b5ef0808 --- /dev/null +++ b/cmd/provider/globalaccelerator/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_globalaccelerator(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/glue/zz_main.go b/cmd/provider/glue/zz_main.go new file mode 100644 index 0000000000..d35487717c --- /dev/null +++ b/cmd/provider/glue/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_glue(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/grafana/zz_main.go b/cmd/provider/grafana/zz_main.go new file mode 100644 index 0000000000..83d9e1d69c --- /dev/null +++ b/cmd/provider/grafana/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_grafana(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/guardduty/zz_main.go b/cmd/provider/guardduty/zz_main.go new file mode 100644 index 0000000000..0f7254049a --- /dev/null +++ b/cmd/provider/guardduty/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_guardduty(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/iam/zz_main.go b/cmd/provider/iam/zz_main.go new file mode 100644 index 0000000000..317b0b928f --- /dev/null +++ b/cmd/provider/iam/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_iam(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/imagebuilder/zz_main.go b/cmd/provider/imagebuilder/zz_main.go new file mode 100644 index 0000000000..02a63547ee --- /dev/null +++ b/cmd/provider/imagebuilder/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_imagebuilder(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/inspector/zz_main.go b/cmd/provider/inspector/zz_main.go new file mode 100644 index 0000000000..4a9a0a0cef --- /dev/null +++ b/cmd/provider/inspector/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_inspector(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/inspector2/zz_main.go b/cmd/provider/inspector2/zz_main.go new file mode 100644 index 0000000000..dc7d87d536 --- /dev/null +++ b/cmd/provider/inspector2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_inspector2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/iot/zz_main.go b/cmd/provider/iot/zz_main.go new file mode 100644 index 0000000000..a6e19d7647 --- /dev/null +++ b/cmd/provider/iot/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_iot(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ivs/zz_main.go b/cmd/provider/ivs/zz_main.go new file mode 100644 index 0000000000..e81ccf6a25 --- /dev/null +++ b/cmd/provider/ivs/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ivs(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kafka/zz_main.go b/cmd/provider/kafka/zz_main.go new file mode 100644 index 0000000000..59bd67bacc --- /dev/null +++ b/cmd/provider/kafka/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kafka(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kendra/zz_main.go b/cmd/provider/kendra/zz_main.go new file mode 100644 index 0000000000..7a34fd1f7f --- /dev/null +++ b/cmd/provider/kendra/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kendra(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/keyspaces/zz_main.go b/cmd/provider/keyspaces/zz_main.go new file mode 100644 index 0000000000..7a7c00e7d2 --- /dev/null +++ b/cmd/provider/keyspaces/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_keyspaces(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kinesis/zz_main.go b/cmd/provider/kinesis/zz_main.go new file mode 100644 index 0000000000..8ca245ae57 --- /dev/null +++ b/cmd/provider/kinesis/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kinesis(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kinesisanalytics/zz_main.go b/cmd/provider/kinesisanalytics/zz_main.go new file mode 100644 index 0000000000..f0b7b38074 --- /dev/null +++ b/cmd/provider/kinesisanalytics/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kinesisanalytics(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kinesisanalyticsv2/zz_main.go b/cmd/provider/kinesisanalyticsv2/zz_main.go new file mode 100644 index 0000000000..e019f0e65a --- /dev/null +++ b/cmd/provider/kinesisanalyticsv2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kinesisanalyticsv2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kinesisvideo/zz_main.go b/cmd/provider/kinesisvideo/zz_main.go new file mode 100644 index 0000000000..90abfbcc91 --- /dev/null +++ b/cmd/provider/kinesisvideo/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kinesisvideo(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/kms/zz_main.go b/cmd/provider/kms/zz_main.go new file mode 100644 index 0000000000..ef4595169f --- /dev/null +++ b/cmd/provider/kms/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_kms(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/lakeformation/zz_main.go b/cmd/provider/lakeformation/zz_main.go new file mode 100644 index 0000000000..afe20e6548 --- /dev/null +++ b/cmd/provider/lakeformation/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_lakeformation(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/lambda/zz_main.go b/cmd/provider/lambda/zz_main.go new file mode 100644 index 0000000000..af0c7ff7b8 --- /dev/null +++ b/cmd/provider/lambda/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_lambda(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/lexmodels/zz_main.go b/cmd/provider/lexmodels/zz_main.go new file mode 100644 index 0000000000..8ac623f21c --- /dev/null +++ b/cmd/provider/lexmodels/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_lexmodels(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/licensemanager/zz_main.go b/cmd/provider/licensemanager/zz_main.go new file mode 100644 index 0000000000..fb9d9e0c95 --- /dev/null +++ b/cmd/provider/licensemanager/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_licensemanager(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/lightsail/zz_main.go b/cmd/provider/lightsail/zz_main.go new file mode 100644 index 0000000000..98bd9cd3c6 --- /dev/null +++ b/cmd/provider/lightsail/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_lightsail(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/location/zz_main.go b/cmd/provider/location/zz_main.go new file mode 100644 index 0000000000..db4ee08401 --- /dev/null +++ b/cmd/provider/location/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_location(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/macie2/zz_main.go b/cmd/provider/macie2/zz_main.go new file mode 100644 index 0000000000..b3ff7a01a3 --- /dev/null +++ b/cmd/provider/macie2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_macie2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/mediaconvert/zz_main.go b/cmd/provider/mediaconvert/zz_main.go new file mode 100644 index 0000000000..58b08ef256 --- /dev/null +++ b/cmd/provider/mediaconvert/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_mediaconvert(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/medialive/zz_main.go b/cmd/provider/medialive/zz_main.go new file mode 100644 index 0000000000..aa4dad9157 --- /dev/null +++ b/cmd/provider/medialive/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_medialive(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/mediapackage/zz_main.go b/cmd/provider/mediapackage/zz_main.go new file mode 100644 index 0000000000..9f4dd8bb16 --- /dev/null +++ b/cmd/provider/mediapackage/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_mediapackage(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/mediastore/zz_main.go b/cmd/provider/mediastore/zz_main.go new file mode 100644 index 0000000000..471a37ff95 --- /dev/null +++ b/cmd/provider/mediastore/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_mediastore(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/memorydb/zz_main.go b/cmd/provider/memorydb/zz_main.go new file mode 100644 index 0000000000..85db6ca8df --- /dev/null +++ b/cmd/provider/memorydb/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_memorydb(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/monolith/zz_main.go b/cmd/provider/monolith/zz_main.go new file mode 100644 index 0000000000..cd19ce0802 --- /dev/null +++ b/cmd/provider/monolith/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_monolith(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/mq/zz_main.go b/cmd/provider/mq/zz_main.go new file mode 100644 index 0000000000..066940b1d2 --- /dev/null +++ b/cmd/provider/mq/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_mq(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/neptune/zz_main.go b/cmd/provider/neptune/zz_main.go new file mode 100644 index 0000000000..8e2a937791 --- /dev/null +++ b/cmd/provider/neptune/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_neptune(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/networkfirewall/zz_main.go b/cmd/provider/networkfirewall/zz_main.go new file mode 100644 index 0000000000..9cc95e104b --- /dev/null +++ b/cmd/provider/networkfirewall/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_networkfirewall(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/networkmanager/zz_main.go b/cmd/provider/networkmanager/zz_main.go new file mode 100644 index 0000000000..256e9e73b5 --- /dev/null +++ b/cmd/provider/networkmanager/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_networkmanager(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/opensearch/zz_main.go b/cmd/provider/opensearch/zz_main.go new file mode 100644 index 0000000000..2270f1d043 --- /dev/null +++ b/cmd/provider/opensearch/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_opensearch(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/opsworks/zz_main.go b/cmd/provider/opsworks/zz_main.go new file mode 100644 index 0000000000..68fcfdbc43 --- /dev/null +++ b/cmd/provider/opsworks/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_opsworks(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/organizations/zz_main.go b/cmd/provider/organizations/zz_main.go new file mode 100644 index 0000000000..a205b55d66 --- /dev/null +++ b/cmd/provider/organizations/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_organizations(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/pinpoint/zz_main.go b/cmd/provider/pinpoint/zz_main.go new file mode 100644 index 0000000000..38da44dacb --- /dev/null +++ b/cmd/provider/pinpoint/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_pinpoint(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/qldb/zz_main.go b/cmd/provider/qldb/zz_main.go new file mode 100644 index 0000000000..4ff82e334b --- /dev/null +++ b/cmd/provider/qldb/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_qldb(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/quicksight/zz_main.go b/cmd/provider/quicksight/zz_main.go new file mode 100644 index 0000000000..da2b5c831c --- /dev/null +++ b/cmd/provider/quicksight/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_quicksight(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ram/zz_main.go b/cmd/provider/ram/zz_main.go new file mode 100644 index 0000000000..ae25197ea6 --- /dev/null +++ b/cmd/provider/ram/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ram(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/rds/zz_main.go b/cmd/provider/rds/zz_main.go new file mode 100644 index 0000000000..76ebccbca0 --- /dev/null +++ b/cmd/provider/rds/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_rds(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/redshift/zz_main.go b/cmd/provider/redshift/zz_main.go new file mode 100644 index 0000000000..34d70da2a3 --- /dev/null +++ b/cmd/provider/redshift/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_redshift(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/resourcegroups/zz_main.go b/cmd/provider/resourcegroups/zz_main.go new file mode 100644 index 0000000000..68c3f77f92 --- /dev/null +++ b/cmd/provider/resourcegroups/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_resourcegroups(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/rolesanywhere/zz_main.go b/cmd/provider/rolesanywhere/zz_main.go new file mode 100644 index 0000000000..76d71513ae --- /dev/null +++ b/cmd/provider/rolesanywhere/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_rolesanywhere(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/route53/zz_main.go b/cmd/provider/route53/zz_main.go new file mode 100644 index 0000000000..cd0112f3dc --- /dev/null +++ b/cmd/provider/route53/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_route53(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/route53recoverycontrolconfig/zz_main.go b/cmd/provider/route53recoverycontrolconfig/zz_main.go new file mode 100644 index 0000000000..8d9ff13240 --- /dev/null +++ b/cmd/provider/route53recoverycontrolconfig/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_route53recoverycontrolconfig(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/route53recoveryreadiness/zz_main.go b/cmd/provider/route53recoveryreadiness/zz_main.go new file mode 100644 index 0000000000..ebba8e791e --- /dev/null +++ b/cmd/provider/route53recoveryreadiness/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_route53recoveryreadiness(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/route53resolver/zz_main.go b/cmd/provider/route53resolver/zz_main.go new file mode 100644 index 0000000000..417e97ade8 --- /dev/null +++ b/cmd/provider/route53resolver/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_route53resolver(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/rum/zz_main.go b/cmd/provider/rum/zz_main.go new file mode 100644 index 0000000000..fc776b5e6d --- /dev/null +++ b/cmd/provider/rum/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_rum(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/s3/zz_main.go b/cmd/provider/s3/zz_main.go new file mode 100644 index 0000000000..38ac0254f5 --- /dev/null +++ b/cmd/provider/s3/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_s3(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/s3control/zz_main.go b/cmd/provider/s3control/zz_main.go new file mode 100644 index 0000000000..4530b27061 --- /dev/null +++ b/cmd/provider/s3control/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_s3control(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/sagemaker/zz_main.go b/cmd/provider/sagemaker/zz_main.go new file mode 100644 index 0000000000..20ed52f38a --- /dev/null +++ b/cmd/provider/sagemaker/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_sagemaker(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/scheduler/zz_main.go b/cmd/provider/scheduler/zz_main.go new file mode 100644 index 0000000000..7bd96c76d9 --- /dev/null +++ b/cmd/provider/scheduler/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_scheduler(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/schemas/zz_main.go b/cmd/provider/schemas/zz_main.go new file mode 100644 index 0000000000..211ae6f1a3 --- /dev/null +++ b/cmd/provider/schemas/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_schemas(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/secretsmanager/zz_main.go b/cmd/provider/secretsmanager/zz_main.go new file mode 100644 index 0000000000..b161193e99 --- /dev/null +++ b/cmd/provider/secretsmanager/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_secretsmanager(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/securityhub/zz_main.go b/cmd/provider/securityhub/zz_main.go new file mode 100644 index 0000000000..b791104751 --- /dev/null +++ b/cmd/provider/securityhub/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_securityhub(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/serverlessrepo/zz_main.go b/cmd/provider/serverlessrepo/zz_main.go new file mode 100644 index 0000000000..4d5594611b --- /dev/null +++ b/cmd/provider/serverlessrepo/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_serverlessrepo(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/servicecatalog/zz_main.go b/cmd/provider/servicecatalog/zz_main.go new file mode 100644 index 0000000000..3afc3c87af --- /dev/null +++ b/cmd/provider/servicecatalog/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_servicecatalog(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/servicediscovery/zz_main.go b/cmd/provider/servicediscovery/zz_main.go new file mode 100644 index 0000000000..de26f638f6 --- /dev/null +++ b/cmd/provider/servicediscovery/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_servicediscovery(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/servicequotas/zz_main.go b/cmd/provider/servicequotas/zz_main.go new file mode 100644 index 0000000000..8574ac3b54 --- /dev/null +++ b/cmd/provider/servicequotas/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_servicequotas(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ses/zz_main.go b/cmd/provider/ses/zz_main.go new file mode 100644 index 0000000000..f19f0dc04c --- /dev/null +++ b/cmd/provider/ses/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ses(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/sesv2/zz_main.go b/cmd/provider/sesv2/zz_main.go new file mode 100644 index 0000000000..3f8b3cc094 --- /dev/null +++ b/cmd/provider/sesv2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_sesv2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/sfn/zz_main.go b/cmd/provider/sfn/zz_main.go new file mode 100644 index 0000000000..2bf315cbdf --- /dev/null +++ b/cmd/provider/sfn/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_sfn(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/signer/zz_main.go b/cmd/provider/signer/zz_main.go new file mode 100644 index 0000000000..8293c1c6e6 --- /dev/null +++ b/cmd/provider/signer/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_signer(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/simpledb/zz_main.go b/cmd/provider/simpledb/zz_main.go new file mode 100644 index 0000000000..1a912950ba --- /dev/null +++ b/cmd/provider/simpledb/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_simpledb(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/sns/zz_main.go b/cmd/provider/sns/zz_main.go new file mode 100644 index 0000000000..998442146f --- /dev/null +++ b/cmd/provider/sns/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_sns(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/sqs/zz_main.go b/cmd/provider/sqs/zz_main.go new file mode 100644 index 0000000000..1a95f6eff2 --- /dev/null +++ b/cmd/provider/sqs/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_sqs(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ssm/zz_main.go b/cmd/provider/ssm/zz_main.go new file mode 100644 index 0000000000..5c3837f614 --- /dev/null +++ b/cmd/provider/ssm/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ssm(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/ssoadmin/zz_main.go b/cmd/provider/ssoadmin/zz_main.go new file mode 100644 index 0000000000..cee643ea56 --- /dev/null +++ b/cmd/provider/ssoadmin/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_ssoadmin(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/swf/zz_main.go b/cmd/provider/swf/zz_main.go new file mode 100644 index 0000000000..9b354bc80c --- /dev/null +++ b/cmd/provider/swf/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_swf(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/timestreamwrite/zz_main.go b/cmd/provider/timestreamwrite/zz_main.go new file mode 100644 index 0000000000..b0c07fb1d6 --- /dev/null +++ b/cmd/provider/timestreamwrite/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_timestreamwrite(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/transcribe/zz_main.go b/cmd/provider/transcribe/zz_main.go new file mode 100644 index 0000000000..f46b4b612e --- /dev/null +++ b/cmd/provider/transcribe/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_transcribe(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/transfer/zz_main.go b/cmd/provider/transfer/zz_main.go new file mode 100644 index 0000000000..836daab870 --- /dev/null +++ b/cmd/provider/transfer/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_transfer(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/vpc/zz_main.go b/cmd/provider/vpc/zz_main.go new file mode 100644 index 0000000000..6517a7fc2d --- /dev/null +++ b/cmd/provider/vpc/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_vpc(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/waf/zz_main.go b/cmd/provider/waf/zz_main.go new file mode 100644 index 0000000000..dcf61bce25 --- /dev/null +++ b/cmd/provider/waf/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_waf(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/wafregional/zz_main.go b/cmd/provider/wafregional/zz_main.go new file mode 100644 index 0000000000..5a62f7d13a --- /dev/null +++ b/cmd/provider/wafregional/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_wafregional(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/wafv2/zz_main.go b/cmd/provider/wafv2/zz_main.go new file mode 100644 index 0000000000..3c30cabb04 --- /dev/null +++ b/cmd/provider/wafv2/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_wafv2(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/workspaces/zz_main.go b/cmd/provider/workspaces/zz_main.go new file mode 100644 index 0000000000..baafa2dd9a --- /dev/null +++ b/cmd/provider/workspaces/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_workspaces(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/cmd/provider/xray/zz_main.go b/cmd/provider/xray/zz_main.go new file mode 100644 index 0000000000..b25862c5f3 --- /dev/null +++ b/cmd/provider/xray/zz_main.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_xray(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/config/provider.go b/config/provider.go index cd0bb49ca7..e156ef1842 100644 --- a/config/provider.go +++ b/config/provider.go @@ -85,6 +85,7 @@ import ( "github.com/upbound/provider-aws/config/sns" "github.com/upbound/provider-aws/config/sqs" "github.com/upbound/provider-aws/config/transfer" + "github.com/upbound/provider-aws/hack" ) var ( @@ -154,6 +155,7 @@ func GetProvider() *config.Provider { NamePrefixRemoval(), DocumentationForTags(), ), + config.WithMainTemplate(hack.MainTemplate), ) for _, configure := range []func(provider *config.Provider){ diff --git a/go.mod b/go.mod index b974c5ef01..01cac996e4 100644 --- a/go.mod +++ b/go.mod @@ -157,3 +157,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) + +replace github.com/upbound/upjet => ../upjet diff --git a/go.sum b/go.sum index 5c6c849a02..3f61802971 100644 --- a/go.sum +++ b/go.sum @@ -551,8 +551,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/upbound/upjet v0.9.0-rc.0.0.20230424153921-549776a0179e h1:t6lU9CP8uqtlZkaj5KZ4qgwcK75X1fd7mccirqOj9HM= -github.com/upbound/upjet v0.9.0-rc.0.0.20230424153921-549776a0179e/go.mod h1:CWxJ9YTMy7q+bDc2W504ocL/ZzBmWabwwcRjIaP7CKc= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= diff --git a/hack/embed.go b/hack/embed.go new file mode 100644 index 0000000000..31633110bf --- /dev/null +++ b/hack/embed.go @@ -0,0 +1,8 @@ +package hack + +import _ "embed" + +// MainTemplate is populated with provider main program template. +// +//go:embed main.go.tmpl +var MainTemplate string diff --git a/hack/main.go.tmpl b/hack/main.go.tmpl new file mode 100644 index 0000000000..71ceeb4d35 --- /dev/null +++ b/hack/main.go.tmpl @@ -0,0 +1,147 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("10").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws", + SyncPeriod: syncInterval, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource)) + } + + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: config.GetProvider(), + WorkspaceStore: terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval)), + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableAlphaManagementPolicies) + log.Info("Alpha feature enabled", "flag", features.EnableAlphaManagementPolicies) + } + + kingpin.FatalIfError(controller.Setup_{{ .Group }}(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/internal/controller/zz_accessanalyzer_setup.go b/internal/controller/zz_accessanalyzer_setup.go new file mode 100755 index 0000000000..1ba0926064 --- /dev/null +++ b/internal/controller/zz_accessanalyzer_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + analyzer "github.com/upbound/provider-aws/internal/controller/accessanalyzer/analyzer" + archiverule "github.com/upbound/provider-aws/internal/controller/accessanalyzer/archiverule" +) + +// Setup_accessanalyzer creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_accessanalyzer(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + analyzer.Setup, + archiverule.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_account_setup.go b/internal/controller/zz_account_setup.go new file mode 100755 index 0000000000..8b6a0a0225 --- /dev/null +++ b/internal/controller/zz_account_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + alternatecontact "github.com/upbound/provider-aws/internal/controller/account/alternatecontact" +) + +// Setup_account creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_account(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + alternatecontact.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_acm_setup.go b/internal/controller/zz_acm_setup.go new file mode 100755 index 0000000000..2a09d82c87 --- /dev/null +++ b/internal/controller/zz_acm_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + certificate "github.com/upbound/provider-aws/internal/controller/acm/certificate" + certificatevalidation "github.com/upbound/provider-aws/internal/controller/acm/certificatevalidation" +) + +// Setup_acm creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_acm(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + certificate.Setup, + certificatevalidation.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_acmpca_setup.go b/internal/controller/zz_acmpca_setup.go new file mode 100755 index 0000000000..e4ce2a6d90 --- /dev/null +++ b/internal/controller/zz_acmpca_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + certificate "github.com/upbound/provider-aws/internal/controller/acmpca/certificate" + certificateauthority "github.com/upbound/provider-aws/internal/controller/acmpca/certificateauthority" + certificateauthoritycertificate "github.com/upbound/provider-aws/internal/controller/acmpca/certificateauthoritycertificate" + permission "github.com/upbound/provider-aws/internal/controller/acmpca/permission" + policy "github.com/upbound/provider-aws/internal/controller/acmpca/policy" +) + +// Setup_acmpca creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_acmpca(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + certificate.Setup, + certificateauthority.Setup, + certificateauthoritycertificate.Setup, + permission.Setup, + policy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_amp_setup.go b/internal/controller/zz_amp_setup.go new file mode 100755 index 0000000000..7b5c4a81d1 --- /dev/null +++ b/internal/controller/zz_amp_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + alertmanagerdefinition "github.com/upbound/provider-aws/internal/controller/amp/alertmanagerdefinition" + rulegroupnamespace "github.com/upbound/provider-aws/internal/controller/amp/rulegroupnamespace" + workspace "github.com/upbound/provider-aws/internal/controller/amp/workspace" +) + +// Setup_amp creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_amp(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + alertmanagerdefinition.Setup, + rulegroupnamespace.Setup, + workspace.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_amplify_setup.go b/internal/controller/zz_amplify_setup.go new file mode 100755 index 0000000000..9fe61e8257 --- /dev/null +++ b/internal/controller/zz_amplify_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + app "github.com/upbound/provider-aws/internal/controller/amplify/app" + backendenvironment "github.com/upbound/provider-aws/internal/controller/amplify/backendenvironment" + branch "github.com/upbound/provider-aws/internal/controller/amplify/branch" + webhook "github.com/upbound/provider-aws/internal/controller/amplify/webhook" +) + +// Setup_amplify creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_amplify(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + app.Setup, + backendenvironment.Setup, + branch.Setup, + webhook.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_apigateway_setup.go b/internal/controller/zz_apigateway_setup.go new file mode 100755 index 0000000000..c18944b085 --- /dev/null +++ b/internal/controller/zz_apigateway_setup.go @@ -0,0 +1,72 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + account "github.com/upbound/provider-aws/internal/controller/apigateway/account" + apikey "github.com/upbound/provider-aws/internal/controller/apigateway/apikey" + authorizer "github.com/upbound/provider-aws/internal/controller/apigateway/authorizer" + basepathmapping "github.com/upbound/provider-aws/internal/controller/apigateway/basepathmapping" + clientcertificate "github.com/upbound/provider-aws/internal/controller/apigateway/clientcertificate" + deployment "github.com/upbound/provider-aws/internal/controller/apigateway/deployment" + documentationpart "github.com/upbound/provider-aws/internal/controller/apigateway/documentationpart" + documentationversion "github.com/upbound/provider-aws/internal/controller/apigateway/documentationversion" + domainname "github.com/upbound/provider-aws/internal/controller/apigateway/domainname" + gatewayresponse "github.com/upbound/provider-aws/internal/controller/apigateway/gatewayresponse" + integration "github.com/upbound/provider-aws/internal/controller/apigateway/integration" + integrationresponse "github.com/upbound/provider-aws/internal/controller/apigateway/integrationresponse" + method "github.com/upbound/provider-aws/internal/controller/apigateway/method" + methodresponse "github.com/upbound/provider-aws/internal/controller/apigateway/methodresponse" + methodsettings "github.com/upbound/provider-aws/internal/controller/apigateway/methodsettings" + model "github.com/upbound/provider-aws/internal/controller/apigateway/model" + requestvalidator "github.com/upbound/provider-aws/internal/controller/apigateway/requestvalidator" + resource "github.com/upbound/provider-aws/internal/controller/apigateway/resource" + restapi "github.com/upbound/provider-aws/internal/controller/apigateway/restapi" + restapipolicy "github.com/upbound/provider-aws/internal/controller/apigateway/restapipolicy" + stage "github.com/upbound/provider-aws/internal/controller/apigateway/stage" + usageplan "github.com/upbound/provider-aws/internal/controller/apigateway/usageplan" + usageplankey "github.com/upbound/provider-aws/internal/controller/apigateway/usageplankey" + vpclink "github.com/upbound/provider-aws/internal/controller/apigateway/vpclink" +) + +// Setup_apigateway creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_apigateway(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + account.Setup, + apikey.Setup, + authorizer.Setup, + basepathmapping.Setup, + clientcertificate.Setup, + deployment.Setup, + documentationpart.Setup, + documentationversion.Setup, + domainname.Setup, + gatewayresponse.Setup, + integration.Setup, + integrationresponse.Setup, + method.Setup, + methodresponse.Setup, + methodsettings.Setup, + model.Setup, + requestvalidator.Setup, + resource.Setup, + restapi.Setup, + restapipolicy.Setup, + stage.Setup, + usageplan.Setup, + usageplankey.Setup, + vpclink.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_apigatewayv2_setup.go b/internal/controller/zz_apigatewayv2_setup.go new file mode 100755 index 0000000000..be18ccb52a --- /dev/null +++ b/internal/controller/zz_apigatewayv2_setup.go @@ -0,0 +1,48 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + api "github.com/upbound/provider-aws/internal/controller/apigatewayv2/api" + apimapping "github.com/upbound/provider-aws/internal/controller/apigatewayv2/apimapping" + authorizer "github.com/upbound/provider-aws/internal/controller/apigatewayv2/authorizer" + deployment "github.com/upbound/provider-aws/internal/controller/apigatewayv2/deployment" + domainname "github.com/upbound/provider-aws/internal/controller/apigatewayv2/domainname" + integration "github.com/upbound/provider-aws/internal/controller/apigatewayv2/integration" + integrationresponse "github.com/upbound/provider-aws/internal/controller/apigatewayv2/integrationresponse" + model "github.com/upbound/provider-aws/internal/controller/apigatewayv2/model" + route "github.com/upbound/provider-aws/internal/controller/apigatewayv2/route" + routeresponse "github.com/upbound/provider-aws/internal/controller/apigatewayv2/routeresponse" + stage "github.com/upbound/provider-aws/internal/controller/apigatewayv2/stage" + vpclink "github.com/upbound/provider-aws/internal/controller/apigatewayv2/vpclink" +) + +// Setup_apigatewayv2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_apigatewayv2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + api.Setup, + apimapping.Setup, + authorizer.Setup, + deployment.Setup, + domainname.Setup, + integration.Setup, + integrationresponse.Setup, + model.Setup, + route.Setup, + routeresponse.Setup, + stage.Setup, + vpclink.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appautoscaling_setup.go b/internal/controller/zz_appautoscaling_setup.go new file mode 100755 index 0000000000..e7f49a6e61 --- /dev/null +++ b/internal/controller/zz_appautoscaling_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + policy "github.com/upbound/provider-aws/internal/controller/appautoscaling/policy" + scheduledaction "github.com/upbound/provider-aws/internal/controller/appautoscaling/scheduledaction" + target "github.com/upbound/provider-aws/internal/controller/appautoscaling/target" +) + +// Setup_appautoscaling creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appautoscaling(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + policy.Setup, + scheduledaction.Setup, + target.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appconfig_setup.go b/internal/controller/zz_appconfig_setup.go new file mode 100755 index 0000000000..b6afa525ab --- /dev/null +++ b/internal/controller/zz_appconfig_setup.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/appconfig/application" + configurationprofile "github.com/upbound/provider-aws/internal/controller/appconfig/configurationprofile" + deployment "github.com/upbound/provider-aws/internal/controller/appconfig/deployment" + deploymentstrategy "github.com/upbound/provider-aws/internal/controller/appconfig/deploymentstrategy" + environment "github.com/upbound/provider-aws/internal/controller/appconfig/environment" + extension "github.com/upbound/provider-aws/internal/controller/appconfig/extension" + extensionassociation "github.com/upbound/provider-aws/internal/controller/appconfig/extensionassociation" + hostedconfigurationversion "github.com/upbound/provider-aws/internal/controller/appconfig/hostedconfigurationversion" +) + +// Setup_appconfig creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appconfig(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + configurationprofile.Setup, + deployment.Setup, + deploymentstrategy.Setup, + environment.Setup, + extension.Setup, + extensionassociation.Setup, + hostedconfigurationversion.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appflow_setup.go b/internal/controller/zz_appflow_setup.go new file mode 100755 index 0000000000..bdd29fa433 --- /dev/null +++ b/internal/controller/zz_appflow_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + flow "github.com/upbound/provider-aws/internal/controller/appflow/flow" +) + +// Setup_appflow creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appflow(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + flow.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appintegrations_setup.go b/internal/controller/zz_appintegrations_setup.go new file mode 100755 index 0000000000..9244a0b9b7 --- /dev/null +++ b/internal/controller/zz_appintegrations_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + eventintegration "github.com/upbound/provider-aws/internal/controller/appintegrations/eventintegration" +) + +// Setup_appintegrations creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appintegrations(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + eventintegration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_applicationinsights_setup.go b/internal/controller/zz_applicationinsights_setup.go new file mode 100755 index 0000000000..4247df85a5 --- /dev/null +++ b/internal/controller/zz_applicationinsights_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/applicationinsights/application" +) + +// Setup_applicationinsights creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_applicationinsights(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appmesh_setup.go b/internal/controller/zz_appmesh_setup.go new file mode 100755 index 0000000000..be0b2293e5 --- /dev/null +++ b/internal/controller/zz_appmesh_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + gatewayroute "github.com/upbound/provider-aws/internal/controller/appmesh/gatewayroute" + mesh "github.com/upbound/provider-aws/internal/controller/appmesh/mesh" + route "github.com/upbound/provider-aws/internal/controller/appmesh/route" + virtualgateway "github.com/upbound/provider-aws/internal/controller/appmesh/virtualgateway" + virtualnode "github.com/upbound/provider-aws/internal/controller/appmesh/virtualnode" + virtualrouter "github.com/upbound/provider-aws/internal/controller/appmesh/virtualrouter" + virtualservice "github.com/upbound/provider-aws/internal/controller/appmesh/virtualservice" +) + +// Setup_appmesh creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appmesh(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + gatewayroute.Setup, + mesh.Setup, + route.Setup, + virtualgateway.Setup, + virtualnode.Setup, + virtualrouter.Setup, + virtualservice.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_apprunner_setup.go b/internal/controller/zz_apprunner_setup.go new file mode 100755 index 0000000000..554440c960 --- /dev/null +++ b/internal/controller/zz_apprunner_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + autoscalingconfigurationversion "github.com/upbound/provider-aws/internal/controller/apprunner/autoscalingconfigurationversion" + connection "github.com/upbound/provider-aws/internal/controller/apprunner/connection" + observabilityconfiguration "github.com/upbound/provider-aws/internal/controller/apprunner/observabilityconfiguration" + service "github.com/upbound/provider-aws/internal/controller/apprunner/service" + vpcconnector "github.com/upbound/provider-aws/internal/controller/apprunner/vpcconnector" +) + +// Setup_apprunner creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_apprunner(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + autoscalingconfigurationversion.Setup, + connection.Setup, + observabilityconfiguration.Setup, + service.Setup, + vpcconnector.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appstream_setup.go b/internal/controller/zz_appstream_setup.go new file mode 100755 index 0000000000..dd52d1fa90 --- /dev/null +++ b/internal/controller/zz_appstream_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + directoryconfig "github.com/upbound/provider-aws/internal/controller/appstream/directoryconfig" + fleet "github.com/upbound/provider-aws/internal/controller/appstream/fleet" + fleetstackassociation "github.com/upbound/provider-aws/internal/controller/appstream/fleetstackassociation" + imagebuilder "github.com/upbound/provider-aws/internal/controller/appstream/imagebuilder" + stack "github.com/upbound/provider-aws/internal/controller/appstream/stack" + user "github.com/upbound/provider-aws/internal/controller/appstream/user" + userstackassociation "github.com/upbound/provider-aws/internal/controller/appstream/userstackassociation" +) + +// Setup_appstream creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appstream(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + directoryconfig.Setup, + fleet.Setup, + fleetstackassociation.Setup, + imagebuilder.Setup, + stack.Setup, + user.Setup, + userstackassociation.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_appsync_setup.go b/internal/controller/zz_appsync_setup.go new file mode 100755 index 0000000000..88f60b4820 --- /dev/null +++ b/internal/controller/zz_appsync_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + apicache "github.com/upbound/provider-aws/internal/controller/appsync/apicache" + apikey "github.com/upbound/provider-aws/internal/controller/appsync/apikey" + datasource "github.com/upbound/provider-aws/internal/controller/appsync/datasource" + function "github.com/upbound/provider-aws/internal/controller/appsync/function" + graphqlapi "github.com/upbound/provider-aws/internal/controller/appsync/graphqlapi" + resolver "github.com/upbound/provider-aws/internal/controller/appsync/resolver" +) + +// Setup_appsync creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_appsync(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + apicache.Setup, + apikey.Setup, + datasource.Setup, + function.Setup, + graphqlapi.Setup, + resolver.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_athena_setup.go b/internal/controller/zz_athena_setup.go new file mode 100755 index 0000000000..2e63817857 --- /dev/null +++ b/internal/controller/zz_athena_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + database "github.com/upbound/provider-aws/internal/controller/athena/database" + datacatalog "github.com/upbound/provider-aws/internal/controller/athena/datacatalog" + namedquery "github.com/upbound/provider-aws/internal/controller/athena/namedquery" + workgroup "github.com/upbound/provider-aws/internal/controller/athena/workgroup" +) + +// Setup_athena creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_athena(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + database.Setup, + datacatalog.Setup, + namedquery.Setup, + workgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_autoscaling_setup.go b/internal/controller/zz_autoscaling_setup.go new file mode 100755 index 0000000000..a10750b663 --- /dev/null +++ b/internal/controller/zz_autoscaling_setup.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + attachment "github.com/upbound/provider-aws/internal/controller/autoscaling/attachment" + autoscalinggroup "github.com/upbound/provider-aws/internal/controller/autoscaling/autoscalinggroup" + grouptag "github.com/upbound/provider-aws/internal/controller/autoscaling/grouptag" + launchconfiguration "github.com/upbound/provider-aws/internal/controller/autoscaling/launchconfiguration" + lifecyclehook "github.com/upbound/provider-aws/internal/controller/autoscaling/lifecyclehook" + notification "github.com/upbound/provider-aws/internal/controller/autoscaling/notification" + policy "github.com/upbound/provider-aws/internal/controller/autoscaling/policy" + schedule "github.com/upbound/provider-aws/internal/controller/autoscaling/schedule" +) + +// Setup_autoscaling creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_autoscaling(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + attachment.Setup, + autoscalinggroup.Setup, + grouptag.Setup, + launchconfiguration.Setup, + lifecyclehook.Setup, + notification.Setup, + policy.Setup, + schedule.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_autoscalingplans_setup.go b/internal/controller/zz_autoscalingplans_setup.go new file mode 100755 index 0000000000..9c6e6bc2fe --- /dev/null +++ b/internal/controller/zz_autoscalingplans_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + scalingplan "github.com/upbound/provider-aws/internal/controller/autoscalingplans/scalingplan" +) + +// Setup_autoscalingplans creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_autoscalingplans(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + scalingplan.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_backup_setup.go b/internal/controller/zz_backup_setup.go new file mode 100755 index 0000000000..e5c7a2f1a9 --- /dev/null +++ b/internal/controller/zz_backup_setup.go @@ -0,0 +1,44 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + framework "github.com/upbound/provider-aws/internal/controller/backup/framework" + globalsettings "github.com/upbound/provider-aws/internal/controller/backup/globalsettings" + plan "github.com/upbound/provider-aws/internal/controller/backup/plan" + regionsettings "github.com/upbound/provider-aws/internal/controller/backup/regionsettings" + reportplan "github.com/upbound/provider-aws/internal/controller/backup/reportplan" + selection "github.com/upbound/provider-aws/internal/controller/backup/selection" + vault "github.com/upbound/provider-aws/internal/controller/backup/vault" + vaultlockconfiguration "github.com/upbound/provider-aws/internal/controller/backup/vaultlockconfiguration" + vaultnotifications "github.com/upbound/provider-aws/internal/controller/backup/vaultnotifications" + vaultpolicy "github.com/upbound/provider-aws/internal/controller/backup/vaultpolicy" +) + +// Setup_backup creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_backup(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + framework.Setup, + globalsettings.Setup, + plan.Setup, + regionsettings.Setup, + reportplan.Setup, + selection.Setup, + vault.Setup, + vaultlockconfiguration.Setup, + vaultnotifications.Setup, + vaultpolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_batch_setup.go b/internal/controller/zz_batch_setup.go new file mode 100755 index 0000000000..6d8381f625 --- /dev/null +++ b/internal/controller/zz_batch_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + schedulingpolicy "github.com/upbound/provider-aws/internal/controller/batch/schedulingpolicy" +) + +// Setup_batch creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_batch(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + schedulingpolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_budgets_setup.go b/internal/controller/zz_budgets_setup.go new file mode 100755 index 0000000000..5a65435b13 --- /dev/null +++ b/internal/controller/zz_budgets_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + budget "github.com/upbound/provider-aws/internal/controller/budgets/budget" + budgetaction "github.com/upbound/provider-aws/internal/controller/budgets/budgetaction" +) + +// Setup_budgets creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_budgets(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + budget.Setup, + budgetaction.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ce_setup.go b/internal/controller/zz_ce_setup.go new file mode 100755 index 0000000000..8bdca0340b --- /dev/null +++ b/internal/controller/zz_ce_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + anomalymonitor "github.com/upbound/provider-aws/internal/controller/ce/anomalymonitor" +) + +// Setup_ce creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ce(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + anomalymonitor.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_chime_setup.go b/internal/controller/zz_chime_setup.go new file mode 100755 index 0000000000..232d5b5997 --- /dev/null +++ b/internal/controller/zz_chime_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + voiceconnector "github.com/upbound/provider-aws/internal/controller/chime/voiceconnector" + voiceconnectorgroup "github.com/upbound/provider-aws/internal/controller/chime/voiceconnectorgroup" + voiceconnectorlogging "github.com/upbound/provider-aws/internal/controller/chime/voiceconnectorlogging" + voiceconnectororigination "github.com/upbound/provider-aws/internal/controller/chime/voiceconnectororigination" + voiceconnectorstreaming "github.com/upbound/provider-aws/internal/controller/chime/voiceconnectorstreaming" + voiceconnectortermination "github.com/upbound/provider-aws/internal/controller/chime/voiceconnectortermination" + voiceconnectorterminationcredentials "github.com/upbound/provider-aws/internal/controller/chime/voiceconnectorterminationcredentials" +) + +// Setup_chime creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_chime(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + voiceconnector.Setup, + voiceconnectorgroup.Setup, + voiceconnectorlogging.Setup, + voiceconnectororigination.Setup, + voiceconnectorstreaming.Setup, + voiceconnectortermination.Setup, + voiceconnectorterminationcredentials.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloud9_setup.go b/internal/controller/zz_cloud9_setup.go new file mode 100755 index 0000000000..81ef937187 --- /dev/null +++ b/internal/controller/zz_cloud9_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + environmentec2 "github.com/upbound/provider-aws/internal/controller/cloud9/environmentec2" + environmentmembership "github.com/upbound/provider-aws/internal/controller/cloud9/environmentmembership" +) + +// Setup_cloud9 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloud9(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + environmentec2.Setup, + environmentmembership.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudcontrol_setup.go b/internal/controller/zz_cloudcontrol_setup.go new file mode 100755 index 0000000000..2dc0cf5818 --- /dev/null +++ b/internal/controller/zz_cloudcontrol_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + resource "github.com/upbound/provider-aws/internal/controller/cloudcontrol/resource" +) + +// Setup_cloudcontrol creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudcontrol(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + resource.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudformation_setup.go b/internal/controller/zz_cloudformation_setup.go new file mode 100755 index 0000000000..981d58884d --- /dev/null +++ b/internal/controller/zz_cloudformation_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + stack "github.com/upbound/provider-aws/internal/controller/cloudformation/stack" + stackset "github.com/upbound/provider-aws/internal/controller/cloudformation/stackset" +) + +// Setup_cloudformation creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudformation(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + stack.Setup, + stackset.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudfront_setup.go b/internal/controller/zz_cloudfront_setup.go new file mode 100755 index 0000000000..cc33c02c03 --- /dev/null +++ b/internal/controller/zz_cloudfront_setup.go @@ -0,0 +1,50 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cachepolicy "github.com/upbound/provider-aws/internal/controller/cloudfront/cachepolicy" + distribution "github.com/upbound/provider-aws/internal/controller/cloudfront/distribution" + fieldlevelencryptionconfig "github.com/upbound/provider-aws/internal/controller/cloudfront/fieldlevelencryptionconfig" + fieldlevelencryptionprofile "github.com/upbound/provider-aws/internal/controller/cloudfront/fieldlevelencryptionprofile" + function "github.com/upbound/provider-aws/internal/controller/cloudfront/function" + keygroup "github.com/upbound/provider-aws/internal/controller/cloudfront/keygroup" + monitoringsubscription "github.com/upbound/provider-aws/internal/controller/cloudfront/monitoringsubscription" + originaccesscontrol "github.com/upbound/provider-aws/internal/controller/cloudfront/originaccesscontrol" + originaccessidentity "github.com/upbound/provider-aws/internal/controller/cloudfront/originaccessidentity" + originrequestpolicy "github.com/upbound/provider-aws/internal/controller/cloudfront/originrequestpolicy" + publickey "github.com/upbound/provider-aws/internal/controller/cloudfront/publickey" + realtimelogconfig "github.com/upbound/provider-aws/internal/controller/cloudfront/realtimelogconfig" + responseheaderspolicy "github.com/upbound/provider-aws/internal/controller/cloudfront/responseheaderspolicy" +) + +// Setup_cloudfront creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudfront(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cachepolicy.Setup, + distribution.Setup, + fieldlevelencryptionconfig.Setup, + fieldlevelencryptionprofile.Setup, + function.Setup, + keygroup.Setup, + monitoringsubscription.Setup, + originaccesscontrol.Setup, + originaccessidentity.Setup, + originrequestpolicy.Setup, + publickey.Setup, + realtimelogconfig.Setup, + responseheaderspolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudsearch_setup.go b/internal/controller/zz_cloudsearch_setup.go new file mode 100755 index 0000000000..c053cc7b5e --- /dev/null +++ b/internal/controller/zz_cloudsearch_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + domain "github.com/upbound/provider-aws/internal/controller/cloudsearch/domain" + domainserviceaccesspolicy "github.com/upbound/provider-aws/internal/controller/cloudsearch/domainserviceaccesspolicy" +) + +// Setup_cloudsearch creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudsearch(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + domain.Setup, + domainserviceaccesspolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudtrail_setup.go b/internal/controller/zz_cloudtrail_setup.go new file mode 100755 index 0000000000..736baa14cc --- /dev/null +++ b/internal/controller/zz_cloudtrail_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + eventdatastore "github.com/upbound/provider-aws/internal/controller/cloudtrail/eventdatastore" + trail "github.com/upbound/provider-aws/internal/controller/cloudtrail/trail" +) + +// Setup_cloudtrail creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudtrail(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + eventdatastore.Setup, + trail.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudwatch_setup.go b/internal/controller/zz_cloudwatch_setup.go new file mode 100755 index 0000000000..683e91f7c0 --- /dev/null +++ b/internal/controller/zz_cloudwatch_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + compositealarm "github.com/upbound/provider-aws/internal/controller/cloudwatch/compositealarm" + dashboard "github.com/upbound/provider-aws/internal/controller/cloudwatch/dashboard" + metricalarm "github.com/upbound/provider-aws/internal/controller/cloudwatch/metricalarm" + metricstream "github.com/upbound/provider-aws/internal/controller/cloudwatch/metricstream" +) + +// Setup_cloudwatch creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudwatch(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + compositealarm.Setup, + dashboard.Setup, + metricalarm.Setup, + metricstream.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudwatchevents_setup.go b/internal/controller/zz_cloudwatchevents_setup.go new file mode 100755 index 0000000000..4e549485b6 --- /dev/null +++ b/internal/controller/zz_cloudwatchevents_setup.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + apidestination "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/apidestination" + archive "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/archive" + bus "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/bus" + buspolicy "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/buspolicy" + connection "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/connection" + permission "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/permission" + rule "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/rule" + target "github.com/upbound/provider-aws/internal/controller/cloudwatchevents/target" +) + +// Setup_cloudwatchevents creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudwatchevents(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + apidestination.Setup, + archive.Setup, + bus.Setup, + buspolicy.Setup, + connection.Setup, + permission.Setup, + rule.Setup, + target.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cloudwatchlogs_setup.go b/internal/controller/zz_cloudwatchlogs_setup.go new file mode 100755 index 0000000000..8060e035bc --- /dev/null +++ b/internal/controller/zz_cloudwatchlogs_setup.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + definition "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/definition" + destination "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/destination" + destinationpolicy "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/destinationpolicy" + group "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/group" + metricfilter "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/metricfilter" + resourcepolicy "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/resourcepolicy" + stream "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/stream" + subscriptionfilter "github.com/upbound/provider-aws/internal/controller/cloudwatchlogs/subscriptionfilter" +) + +// Setup_cloudwatchlogs creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cloudwatchlogs(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + definition.Setup, + destination.Setup, + destinationpolicy.Setup, + group.Setup, + metricfilter.Setup, + resourcepolicy.Setup, + stream.Setup, + subscriptionfilter.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_codecommit_setup.go b/internal/controller/zz_codecommit_setup.go new file mode 100755 index 0000000000..f2df1502e7 --- /dev/null +++ b/internal/controller/zz_codecommit_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + approvalruletemplate "github.com/upbound/provider-aws/internal/controller/codecommit/approvalruletemplate" + approvalruletemplateassociation "github.com/upbound/provider-aws/internal/controller/codecommit/approvalruletemplateassociation" + repository "github.com/upbound/provider-aws/internal/controller/codecommit/repository" + trigger "github.com/upbound/provider-aws/internal/controller/codecommit/trigger" +) + +// Setup_codecommit creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_codecommit(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + approvalruletemplate.Setup, + approvalruletemplateassociation.Setup, + repository.Setup, + trigger.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_codepipeline_setup.go b/internal/controller/zz_codepipeline_setup.go new file mode 100755 index 0000000000..3013a9f64b --- /dev/null +++ b/internal/controller/zz_codepipeline_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + codepipeline "github.com/upbound/provider-aws/internal/controller/codepipeline/codepipeline" + customactiontype "github.com/upbound/provider-aws/internal/controller/codepipeline/customactiontype" + webhook "github.com/upbound/provider-aws/internal/controller/codepipeline/webhook" +) + +// Setup_codepipeline creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_codepipeline(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + codepipeline.Setup, + customactiontype.Setup, + webhook.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_codestarconnections_setup.go b/internal/controller/zz_codestarconnections_setup.go new file mode 100755 index 0000000000..721b1e4dcc --- /dev/null +++ b/internal/controller/zz_codestarconnections_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + connection "github.com/upbound/provider-aws/internal/controller/codestarconnections/connection" + host "github.com/upbound/provider-aws/internal/controller/codestarconnections/host" +) + +// Setup_codestarconnections creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_codestarconnections(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + connection.Setup, + host.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_codestarnotifications_setup.go b/internal/controller/zz_codestarnotifications_setup.go new file mode 100755 index 0000000000..a244b5bb80 --- /dev/null +++ b/internal/controller/zz_codestarnotifications_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + notificationrule "github.com/upbound/provider-aws/internal/controller/codestarnotifications/notificationrule" +) + +// Setup_codestarnotifications creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_codestarnotifications(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + notificationrule.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cognitoidentity_setup.go b/internal/controller/zz_cognitoidentity_setup.go new file mode 100755 index 0000000000..9440ad6d2a --- /dev/null +++ b/internal/controller/zz_cognitoidentity_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cognitoidentitypoolproviderprincipaltag "github.com/upbound/provider-aws/internal/controller/cognitoidentity/cognitoidentitypoolproviderprincipaltag" + pool "github.com/upbound/provider-aws/internal/controller/cognitoidentity/pool" + poolrolesattachment "github.com/upbound/provider-aws/internal/controller/cognitoidentity/poolrolesattachment" +) + +// Setup_cognitoidentity creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cognitoidentity(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cognitoidentitypoolproviderprincipaltag.Setup, + pool.Setup, + poolrolesattachment.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cognitoidp_setup.go b/internal/controller/zz_cognitoidp_setup.go new file mode 100755 index 0000000000..31f0c7cf5b --- /dev/null +++ b/internal/controller/zz_cognitoidp_setup.go @@ -0,0 +1,44 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + identityprovider "github.com/upbound/provider-aws/internal/controller/cognitoidp/identityprovider" + resourceserver "github.com/upbound/provider-aws/internal/controller/cognitoidp/resourceserver" + riskconfiguration "github.com/upbound/provider-aws/internal/controller/cognitoidp/riskconfiguration" + user "github.com/upbound/provider-aws/internal/controller/cognitoidp/user" + usergroup "github.com/upbound/provider-aws/internal/controller/cognitoidp/usergroup" + useringroup "github.com/upbound/provider-aws/internal/controller/cognitoidp/useringroup" + userpool "github.com/upbound/provider-aws/internal/controller/cognitoidp/userpool" + userpoolclient "github.com/upbound/provider-aws/internal/controller/cognitoidp/userpoolclient" + userpooldomain "github.com/upbound/provider-aws/internal/controller/cognitoidp/userpooldomain" + userpooluicustomization "github.com/upbound/provider-aws/internal/controller/cognitoidp/userpooluicustomization" +) + +// Setup_cognitoidp creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cognitoidp(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + identityprovider.Setup, + resourceserver.Setup, + riskconfiguration.Setup, + user.Setup, + usergroup.Setup, + useringroup.Setup, + userpool.Setup, + userpoolclient.Setup, + userpooldomain.Setup, + userpooluicustomization.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_config_setup.go b/internal/controller/zz_config_setup.go new file mode 100755 index 0000000000..6383e8f93c --- /dev/null +++ b/internal/controller/zz_config_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + clusterauth "github.com/upbound/provider-aws/internal/controller/eks/clusterauth" + providerconfig "github.com/upbound/provider-aws/internal/controller/providerconfig" +) + +// Setup_config creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_config(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + clusterauth.Setup, + providerconfig.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_configservice_setup.go b/internal/controller/zz_configservice_setup.go new file mode 100755 index 0000000000..1761cce501 --- /dev/null +++ b/internal/controller/zz_configservice_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + awsconfigurationrecorderstatus "github.com/upbound/provider-aws/internal/controller/configservice/awsconfigurationrecorderstatus" + configrule "github.com/upbound/provider-aws/internal/controller/configservice/configrule" + configurationaggregator "github.com/upbound/provider-aws/internal/controller/configservice/configurationaggregator" + configurationrecorder "github.com/upbound/provider-aws/internal/controller/configservice/configurationrecorder" + conformancepack "github.com/upbound/provider-aws/internal/controller/configservice/conformancepack" + deliverychannel "github.com/upbound/provider-aws/internal/controller/configservice/deliverychannel" + remediationconfiguration "github.com/upbound/provider-aws/internal/controller/configservice/remediationconfiguration" +) + +// Setup_configservice creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_configservice(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + awsconfigurationrecorderstatus.Setup, + configrule.Setup, + configurationaggregator.Setup, + configurationrecorder.Setup, + conformancepack.Setup, + deliverychannel.Setup, + remediationconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_connect_setup.go b/internal/controller/zz_connect_setup.go new file mode 100755 index 0000000000..71c1c9fe4b --- /dev/null +++ b/internal/controller/zz_connect_setup.go @@ -0,0 +1,54 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + botassociation "github.com/upbound/provider-aws/internal/controller/connect/botassociation" + contactflow "github.com/upbound/provider-aws/internal/controller/connect/contactflow" + contactflowmodule "github.com/upbound/provider-aws/internal/controller/connect/contactflowmodule" + hoursofoperation "github.com/upbound/provider-aws/internal/controller/connect/hoursofoperation" + instance "github.com/upbound/provider-aws/internal/controller/connect/instance" + instancestorageconfig "github.com/upbound/provider-aws/internal/controller/connect/instancestorageconfig" + lambdafunctionassociation "github.com/upbound/provider-aws/internal/controller/connect/lambdafunctionassociation" + phonenumber "github.com/upbound/provider-aws/internal/controller/connect/phonenumber" + queue "github.com/upbound/provider-aws/internal/controller/connect/queue" + quickconnect "github.com/upbound/provider-aws/internal/controller/connect/quickconnect" + routingprofile "github.com/upbound/provider-aws/internal/controller/connect/routingprofile" + securityprofile "github.com/upbound/provider-aws/internal/controller/connect/securityprofile" + user "github.com/upbound/provider-aws/internal/controller/connect/user" + userhierarchystructure "github.com/upbound/provider-aws/internal/controller/connect/userhierarchystructure" + vocabulary "github.com/upbound/provider-aws/internal/controller/connect/vocabulary" +) + +// Setup_connect creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_connect(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + botassociation.Setup, + contactflow.Setup, + contactflowmodule.Setup, + hoursofoperation.Setup, + instance.Setup, + instancestorageconfig.Setup, + lambdafunctionassociation.Setup, + phonenumber.Setup, + queue.Setup, + quickconnect.Setup, + routingprofile.Setup, + securityprofile.Setup, + user.Setup, + userhierarchystructure.Setup, + vocabulary.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_cur_setup.go b/internal/controller/zz_cur_setup.go new file mode 100755 index 0000000000..a959ae8eb5 --- /dev/null +++ b/internal/controller/zz_cur_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + reportdefinition "github.com/upbound/provider-aws/internal/controller/cur/reportdefinition" +) + +// Setup_cur creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_cur(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + reportdefinition.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_dataexchange_setup.go b/internal/controller/zz_dataexchange_setup.go new file mode 100755 index 0000000000..bde86eec19 --- /dev/null +++ b/internal/controller/zz_dataexchange_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + dataset "github.com/upbound/provider-aws/internal/controller/dataexchange/dataset" + revision "github.com/upbound/provider-aws/internal/controller/dataexchange/revision" +) + +// Setup_dataexchange creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_dataexchange(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + dataset.Setup, + revision.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_datapipeline_setup.go b/internal/controller/zz_datapipeline_setup.go new file mode 100755 index 0000000000..50608063a7 --- /dev/null +++ b/internal/controller/zz_datapipeline_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + pipeline "github.com/upbound/provider-aws/internal/controller/datapipeline/pipeline" +) + +// Setup_datapipeline creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_datapipeline(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + pipeline.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_dax_setup.go b/internal/controller/zz_dax_setup.go new file mode 100755 index 0000000000..7a6dcf443d --- /dev/null +++ b/internal/controller/zz_dax_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/dax/cluster" + parametergroup "github.com/upbound/provider-aws/internal/controller/dax/parametergroup" + subnetgroup "github.com/upbound/provider-aws/internal/controller/dax/subnetgroup" +) + +// Setup_dax creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_dax(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + parametergroup.Setup, + subnetgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_deploy_setup.go b/internal/controller/zz_deploy_setup.go new file mode 100755 index 0000000000..8df8ef8c9d --- /dev/null +++ b/internal/controller/zz_deploy_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + app "github.com/upbound/provider-aws/internal/controller/deploy/app" + deploymentconfig "github.com/upbound/provider-aws/internal/controller/deploy/deploymentconfig" + deploymentgroup "github.com/upbound/provider-aws/internal/controller/deploy/deploymentgroup" +) + +// Setup_deploy creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_deploy(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + app.Setup, + deploymentconfig.Setup, + deploymentgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_detective_setup.go b/internal/controller/zz_detective_setup.go new file mode 100755 index 0000000000..0ebbc72b93 --- /dev/null +++ b/internal/controller/zz_detective_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + graph "github.com/upbound/provider-aws/internal/controller/detective/graph" + invitationaccepter "github.com/upbound/provider-aws/internal/controller/detective/invitationaccepter" + member "github.com/upbound/provider-aws/internal/controller/detective/member" +) + +// Setup_detective creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_detective(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + graph.Setup, + invitationaccepter.Setup, + member.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_devicefarm_setup.go b/internal/controller/zz_devicefarm_setup.go new file mode 100755 index 0000000000..7d0bc256a1 --- /dev/null +++ b/internal/controller/zz_devicefarm_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + devicepool "github.com/upbound/provider-aws/internal/controller/devicefarm/devicepool" + instanceprofile "github.com/upbound/provider-aws/internal/controller/devicefarm/instanceprofile" + networkprofile "github.com/upbound/provider-aws/internal/controller/devicefarm/networkprofile" + project "github.com/upbound/provider-aws/internal/controller/devicefarm/project" + testgridproject "github.com/upbound/provider-aws/internal/controller/devicefarm/testgridproject" + upload "github.com/upbound/provider-aws/internal/controller/devicefarm/upload" +) + +// Setup_devicefarm creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_devicefarm(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + devicepool.Setup, + instanceprofile.Setup, + networkprofile.Setup, + project.Setup, + testgridproject.Setup, + upload.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_directconnect_setup.go b/internal/controller/zz_directconnect_setup.go new file mode 100755 index 0000000000..28a092b3f7 --- /dev/null +++ b/internal/controller/zz_directconnect_setup.go @@ -0,0 +1,56 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + bgppeer "github.com/upbound/provider-aws/internal/controller/directconnect/bgppeer" + connection "github.com/upbound/provider-aws/internal/controller/directconnect/connection" + connectionassociation "github.com/upbound/provider-aws/internal/controller/directconnect/connectionassociation" + gateway "github.com/upbound/provider-aws/internal/controller/directconnect/gateway" + gatewayassociation "github.com/upbound/provider-aws/internal/controller/directconnect/gatewayassociation" + gatewayassociationproposal "github.com/upbound/provider-aws/internal/controller/directconnect/gatewayassociationproposal" + hostedprivatevirtualinterface "github.com/upbound/provider-aws/internal/controller/directconnect/hostedprivatevirtualinterface" + hostedprivatevirtualinterfaceaccepter "github.com/upbound/provider-aws/internal/controller/directconnect/hostedprivatevirtualinterfaceaccepter" + hostedpublicvirtualinterface "github.com/upbound/provider-aws/internal/controller/directconnect/hostedpublicvirtualinterface" + hostedpublicvirtualinterfaceaccepter "github.com/upbound/provider-aws/internal/controller/directconnect/hostedpublicvirtualinterfaceaccepter" + hostedtransitvirtualinterface "github.com/upbound/provider-aws/internal/controller/directconnect/hostedtransitvirtualinterface" + hostedtransitvirtualinterfaceaccepter "github.com/upbound/provider-aws/internal/controller/directconnect/hostedtransitvirtualinterfaceaccepter" + lag "github.com/upbound/provider-aws/internal/controller/directconnect/lag" + privatevirtualinterface "github.com/upbound/provider-aws/internal/controller/directconnect/privatevirtualinterface" + publicvirtualinterface "github.com/upbound/provider-aws/internal/controller/directconnect/publicvirtualinterface" + transitvirtualinterface "github.com/upbound/provider-aws/internal/controller/directconnect/transitvirtualinterface" +) + +// Setup_directconnect creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_directconnect(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + bgppeer.Setup, + connection.Setup, + connectionassociation.Setup, + gateway.Setup, + gatewayassociation.Setup, + gatewayassociationproposal.Setup, + hostedprivatevirtualinterface.Setup, + hostedprivatevirtualinterfaceaccepter.Setup, + hostedpublicvirtualinterface.Setup, + hostedpublicvirtualinterfaceaccepter.Setup, + hostedtransitvirtualinterface.Setup, + hostedtransitvirtualinterfaceaccepter.Setup, + lag.Setup, + privatevirtualinterface.Setup, + publicvirtualinterface.Setup, + transitvirtualinterface.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_dlm_setup.go b/internal/controller/zz_dlm_setup.go new file mode 100755 index 0000000000..70ab3280cb --- /dev/null +++ b/internal/controller/zz_dlm_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + lifecyclepolicy "github.com/upbound/provider-aws/internal/controller/dlm/lifecyclepolicy" +) + +// Setup_dlm creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_dlm(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + lifecyclepolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_dms_setup.go b/internal/controller/zz_dms_setup.go new file mode 100755 index 0000000000..5c12ddbdac --- /dev/null +++ b/internal/controller/zz_dms_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + certificate "github.com/upbound/provider-aws/internal/controller/dms/certificate" + endpoint "github.com/upbound/provider-aws/internal/controller/dms/endpoint" + eventsubscription "github.com/upbound/provider-aws/internal/controller/dms/eventsubscription" + replicationinstance "github.com/upbound/provider-aws/internal/controller/dms/replicationinstance" + replicationsubnetgroup "github.com/upbound/provider-aws/internal/controller/dms/replicationsubnetgroup" + replicationtask "github.com/upbound/provider-aws/internal/controller/dms/replicationtask" + s3endpoint "github.com/upbound/provider-aws/internal/controller/dms/s3endpoint" +) + +// Setup_dms creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_dms(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + certificate.Setup, + endpoint.Setup, + eventsubscription.Setup, + replicationinstance.Setup, + replicationsubnetgroup.Setup, + replicationtask.Setup, + s3endpoint.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_docdb_setup.go b/internal/controller/zz_docdb_setup.go new file mode 100755 index 0000000000..e3484a8e57 --- /dev/null +++ b/internal/controller/zz_docdb_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/docdb/cluster" + clusterinstance "github.com/upbound/provider-aws/internal/controller/docdb/clusterinstance" + clusterparametergroup "github.com/upbound/provider-aws/internal/controller/docdb/clusterparametergroup" + clustersnapshot "github.com/upbound/provider-aws/internal/controller/docdb/clustersnapshot" + eventsubscription "github.com/upbound/provider-aws/internal/controller/docdb/eventsubscription" + globalcluster "github.com/upbound/provider-aws/internal/controller/docdb/globalcluster" + subnetgroup "github.com/upbound/provider-aws/internal/controller/docdb/subnetgroup" +) + +// Setup_docdb creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_docdb(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + clusterinstance.Setup, + clusterparametergroup.Setup, + clustersnapshot.Setup, + eventsubscription.Setup, + globalcluster.Setup, + subnetgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ds_setup.go b/internal/controller/zz_ds_setup.go new file mode 100755 index 0000000000..03f2b08732 --- /dev/null +++ b/internal/controller/zz_ds_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + conditionalforwarder "github.com/upbound/provider-aws/internal/controller/ds/conditionalforwarder" + directory "github.com/upbound/provider-aws/internal/controller/ds/directory" + shareddirectory "github.com/upbound/provider-aws/internal/controller/ds/shareddirectory" +) + +// Setup_ds creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ds(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + conditionalforwarder.Setup, + directory.Setup, + shareddirectory.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_dynamodb_setup.go b/internal/controller/zz_dynamodb_setup.go new file mode 100755 index 0000000000..5fd62fcc5b --- /dev/null +++ b/internal/controller/zz_dynamodb_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + contributorinsights "github.com/upbound/provider-aws/internal/controller/dynamodb/contributorinsights" + globaltable "github.com/upbound/provider-aws/internal/controller/dynamodb/globaltable" + kinesisstreamingdestination "github.com/upbound/provider-aws/internal/controller/dynamodb/kinesisstreamingdestination" + table "github.com/upbound/provider-aws/internal/controller/dynamodb/table" + tableitem "github.com/upbound/provider-aws/internal/controller/dynamodb/tableitem" + tablereplica "github.com/upbound/provider-aws/internal/controller/dynamodb/tablereplica" + tag "github.com/upbound/provider-aws/internal/controller/dynamodb/tag" +) + +// Setup_dynamodb creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_dynamodb(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + contributorinsights.Setup, + globaltable.Setup, + kinesisstreamingdestination.Setup, + table.Setup, + tableitem.Setup, + tablereplica.Setup, + tag.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ec2_setup.go b/internal/controller/zz_ec2_setup.go new file mode 100755 index 0000000000..f662193b41 --- /dev/null +++ b/internal/controller/zz_ec2_setup.go @@ -0,0 +1,220 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + ami "github.com/upbound/provider-aws/internal/controller/ec2/ami" + amicopy "github.com/upbound/provider-aws/internal/controller/ec2/amicopy" + amilaunchpermission "github.com/upbound/provider-aws/internal/controller/ec2/amilaunchpermission" + availabilityzonegroup "github.com/upbound/provider-aws/internal/controller/ec2/availabilityzonegroup" + capacityreservation "github.com/upbound/provider-aws/internal/controller/ec2/capacityreservation" + carriergateway "github.com/upbound/provider-aws/internal/controller/ec2/carriergateway" + customergateway "github.com/upbound/provider-aws/internal/controller/ec2/customergateway" + defaultnetworkacl "github.com/upbound/provider-aws/internal/controller/ec2/defaultnetworkacl" + defaultroutetable "github.com/upbound/provider-aws/internal/controller/ec2/defaultroutetable" + defaultsecuritygroup "github.com/upbound/provider-aws/internal/controller/ec2/defaultsecuritygroup" + defaultsubnet "github.com/upbound/provider-aws/internal/controller/ec2/defaultsubnet" + defaultvpc "github.com/upbound/provider-aws/internal/controller/ec2/defaultvpc" + defaultvpcdhcpoptions "github.com/upbound/provider-aws/internal/controller/ec2/defaultvpcdhcpoptions" + ebsdefaultkmskey "github.com/upbound/provider-aws/internal/controller/ec2/ebsdefaultkmskey" + ebsencryptionbydefault "github.com/upbound/provider-aws/internal/controller/ec2/ebsencryptionbydefault" + ebssnapshot "github.com/upbound/provider-aws/internal/controller/ec2/ebssnapshot" + ebssnapshotcopy "github.com/upbound/provider-aws/internal/controller/ec2/ebssnapshotcopy" + ebssnapshotimport "github.com/upbound/provider-aws/internal/controller/ec2/ebssnapshotimport" + ebsvolume "github.com/upbound/provider-aws/internal/controller/ec2/ebsvolume" + egressonlyinternetgateway "github.com/upbound/provider-aws/internal/controller/ec2/egressonlyinternetgateway" + eip "github.com/upbound/provider-aws/internal/controller/ec2/eip" + eipassociation "github.com/upbound/provider-aws/internal/controller/ec2/eipassociation" + flowlog "github.com/upbound/provider-aws/internal/controller/ec2/flowlog" + host "github.com/upbound/provider-aws/internal/controller/ec2/host" + instance "github.com/upbound/provider-aws/internal/controller/ec2/instance" + instancestate "github.com/upbound/provider-aws/internal/controller/ec2/instancestate" + internetgateway "github.com/upbound/provider-aws/internal/controller/ec2/internetgateway" + keypair "github.com/upbound/provider-aws/internal/controller/ec2/keypair" + launchtemplate "github.com/upbound/provider-aws/internal/controller/ec2/launchtemplate" + mainroutetableassociation "github.com/upbound/provider-aws/internal/controller/ec2/mainroutetableassociation" + managedprefixlist "github.com/upbound/provider-aws/internal/controller/ec2/managedprefixlist" + managedprefixlistentry "github.com/upbound/provider-aws/internal/controller/ec2/managedprefixlistentry" + natgateway "github.com/upbound/provider-aws/internal/controller/ec2/natgateway" + networkacl "github.com/upbound/provider-aws/internal/controller/ec2/networkacl" + networkaclrule "github.com/upbound/provider-aws/internal/controller/ec2/networkaclrule" + networkinsightsanalysis "github.com/upbound/provider-aws/internal/controller/ec2/networkinsightsanalysis" + networkinsightspath "github.com/upbound/provider-aws/internal/controller/ec2/networkinsightspath" + networkinterface "github.com/upbound/provider-aws/internal/controller/ec2/networkinterface" + networkinterfaceattachment "github.com/upbound/provider-aws/internal/controller/ec2/networkinterfaceattachment" + networkinterfacesgattachment "github.com/upbound/provider-aws/internal/controller/ec2/networkinterfacesgattachment" + placementgroup "github.com/upbound/provider-aws/internal/controller/ec2/placementgroup" + route "github.com/upbound/provider-aws/internal/controller/ec2/route" + routetable "github.com/upbound/provider-aws/internal/controller/ec2/routetable" + routetableassociation "github.com/upbound/provider-aws/internal/controller/ec2/routetableassociation" + securitygroup "github.com/upbound/provider-aws/internal/controller/ec2/securitygroup" + securitygrouprule "github.com/upbound/provider-aws/internal/controller/ec2/securitygrouprule" + serialconsoleaccess "github.com/upbound/provider-aws/internal/controller/ec2/serialconsoleaccess" + snapshotcreatevolumepermission "github.com/upbound/provider-aws/internal/controller/ec2/snapshotcreatevolumepermission" + spotdatafeedsubscription "github.com/upbound/provider-aws/internal/controller/ec2/spotdatafeedsubscription" + spotfleetrequest "github.com/upbound/provider-aws/internal/controller/ec2/spotfleetrequest" + spotinstancerequest "github.com/upbound/provider-aws/internal/controller/ec2/spotinstancerequest" + subnet "github.com/upbound/provider-aws/internal/controller/ec2/subnet" + subnetcidrreservation "github.com/upbound/provider-aws/internal/controller/ec2/subnetcidrreservation" + tag "github.com/upbound/provider-aws/internal/controller/ec2/tag" + trafficmirrorfilter "github.com/upbound/provider-aws/internal/controller/ec2/trafficmirrorfilter" + trafficmirrorfilterrule "github.com/upbound/provider-aws/internal/controller/ec2/trafficmirrorfilterrule" + transitgateway "github.com/upbound/provider-aws/internal/controller/ec2/transitgateway" + transitgatewayconnect "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayconnect" + transitgatewayconnectpeer "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayconnectpeer" + transitgatewaymulticastdomain "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaymulticastdomain" + transitgatewaymulticastdomainassociation "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaymulticastdomainassociation" + transitgatewaymulticastgroupmember "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaymulticastgroupmember" + transitgatewaymulticastgroupsource "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaymulticastgroupsource" + transitgatewaypeeringattachment "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaypeeringattachment" + transitgatewaypeeringattachmentaccepter "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaypeeringattachmentaccepter" + transitgatewaypolicytable "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewaypolicytable" + transitgatewayprefixlistreference "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayprefixlistreference" + transitgatewayroute "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayroute" + transitgatewayroutetable "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayroutetable" + transitgatewayroutetableassociation "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayroutetableassociation" + transitgatewayroutetablepropagation "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayroutetablepropagation" + transitgatewayvpcattachment "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayvpcattachment" + transitgatewayvpcattachmentaccepter "github.com/upbound/provider-aws/internal/controller/ec2/transitgatewayvpcattachmentaccepter" + volumeattachment "github.com/upbound/provider-aws/internal/controller/ec2/volumeattachment" + vpc "github.com/upbound/provider-aws/internal/controller/ec2/vpc" + vpcdhcpoptions "github.com/upbound/provider-aws/internal/controller/ec2/vpcdhcpoptions" + vpcdhcpoptionsassociation "github.com/upbound/provider-aws/internal/controller/ec2/vpcdhcpoptionsassociation" + vpcendpoint "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpoint" + vpcendpointconnectionnotification "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpointconnectionnotification" + vpcendpointroutetableassociation "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpointroutetableassociation" + vpcendpointsecuritygroupassociation "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpointsecuritygroupassociation" + vpcendpointservice "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpointservice" + vpcendpointserviceallowedprincipal "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpointserviceallowedprincipal" + vpcendpointsubnetassociation "github.com/upbound/provider-aws/internal/controller/ec2/vpcendpointsubnetassociation" + vpcipam "github.com/upbound/provider-aws/internal/controller/ec2/vpcipam" + vpcipampool "github.com/upbound/provider-aws/internal/controller/ec2/vpcipampool" + vpcipampoolcidr "github.com/upbound/provider-aws/internal/controller/ec2/vpcipampoolcidr" + vpcipampoolcidrallocation "github.com/upbound/provider-aws/internal/controller/ec2/vpcipampoolcidrallocation" + vpcipamscope "github.com/upbound/provider-aws/internal/controller/ec2/vpcipamscope" + vpcipv4cidrblockassociation "github.com/upbound/provider-aws/internal/controller/ec2/vpcipv4cidrblockassociation" + vpcpeeringconnection "github.com/upbound/provider-aws/internal/controller/ec2/vpcpeeringconnection" + vpcpeeringconnectionaccepter "github.com/upbound/provider-aws/internal/controller/ec2/vpcpeeringconnectionaccepter" + vpcpeeringconnectionoptions "github.com/upbound/provider-aws/internal/controller/ec2/vpcpeeringconnectionoptions" + vpnconnection "github.com/upbound/provider-aws/internal/controller/ec2/vpnconnection" + vpnconnectionroute "github.com/upbound/provider-aws/internal/controller/ec2/vpnconnectionroute" + vpngateway "github.com/upbound/provider-aws/internal/controller/ec2/vpngateway" + vpngatewayattachment "github.com/upbound/provider-aws/internal/controller/ec2/vpngatewayattachment" + vpngatewayroutepropagation "github.com/upbound/provider-aws/internal/controller/ec2/vpngatewayroutepropagation" +) + +// Setup_ec2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ec2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + ami.Setup, + amicopy.Setup, + amilaunchpermission.Setup, + availabilityzonegroup.Setup, + capacityreservation.Setup, + carriergateway.Setup, + customergateway.Setup, + defaultnetworkacl.Setup, + defaultroutetable.Setup, + defaultsecuritygroup.Setup, + defaultsubnet.Setup, + defaultvpc.Setup, + defaultvpcdhcpoptions.Setup, + ebsdefaultkmskey.Setup, + ebsencryptionbydefault.Setup, + ebssnapshot.Setup, + ebssnapshotcopy.Setup, + ebssnapshotimport.Setup, + ebsvolume.Setup, + egressonlyinternetgateway.Setup, + eip.Setup, + eipassociation.Setup, + flowlog.Setup, + host.Setup, + instance.Setup, + instancestate.Setup, + internetgateway.Setup, + keypair.Setup, + launchtemplate.Setup, + mainroutetableassociation.Setup, + managedprefixlist.Setup, + managedprefixlistentry.Setup, + natgateway.Setup, + networkacl.Setup, + networkaclrule.Setup, + networkinsightsanalysis.Setup, + networkinsightspath.Setup, + networkinterface.Setup, + networkinterfaceattachment.Setup, + networkinterfacesgattachment.Setup, + placementgroup.Setup, + route.Setup, + routetable.Setup, + routetableassociation.Setup, + securitygroup.Setup, + securitygrouprule.Setup, + serialconsoleaccess.Setup, + snapshotcreatevolumepermission.Setup, + spotdatafeedsubscription.Setup, + spotfleetrequest.Setup, + spotinstancerequest.Setup, + subnet.Setup, + subnetcidrreservation.Setup, + tag.Setup, + trafficmirrorfilter.Setup, + trafficmirrorfilterrule.Setup, + transitgateway.Setup, + transitgatewayconnect.Setup, + transitgatewayconnectpeer.Setup, + transitgatewaymulticastdomain.Setup, + transitgatewaymulticastdomainassociation.Setup, + transitgatewaymulticastgroupmember.Setup, + transitgatewaymulticastgroupsource.Setup, + transitgatewaypeeringattachment.Setup, + transitgatewaypeeringattachmentaccepter.Setup, + transitgatewaypolicytable.Setup, + transitgatewayprefixlistreference.Setup, + transitgatewayroute.Setup, + transitgatewayroutetable.Setup, + transitgatewayroutetableassociation.Setup, + transitgatewayroutetablepropagation.Setup, + transitgatewayvpcattachment.Setup, + transitgatewayvpcattachmentaccepter.Setup, + volumeattachment.Setup, + vpc.Setup, + vpcdhcpoptions.Setup, + vpcdhcpoptionsassociation.Setup, + vpcendpoint.Setup, + vpcendpointconnectionnotification.Setup, + vpcendpointroutetableassociation.Setup, + vpcendpointsecuritygroupassociation.Setup, + vpcendpointservice.Setup, + vpcendpointserviceallowedprincipal.Setup, + vpcendpointsubnetassociation.Setup, + vpcipam.Setup, + vpcipampool.Setup, + vpcipampoolcidr.Setup, + vpcipampoolcidrallocation.Setup, + vpcipamscope.Setup, + vpcipv4cidrblockassociation.Setup, + vpcpeeringconnection.Setup, + vpcpeeringconnectionaccepter.Setup, + vpcpeeringconnectionoptions.Setup, + vpnconnection.Setup, + vpnconnectionroute.Setup, + vpngateway.Setup, + vpngatewayattachment.Setup, + vpngatewayroutepropagation.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ecr_setup.go b/internal/controller/zz_ecr_setup.go new file mode 100755 index 0000000000..6bd827823a --- /dev/null +++ b/internal/controller/zz_ecr_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + lifecyclepolicy "github.com/upbound/provider-aws/internal/controller/ecr/lifecyclepolicy" + pullthroughcacherule "github.com/upbound/provider-aws/internal/controller/ecr/pullthroughcacherule" + registrypolicy "github.com/upbound/provider-aws/internal/controller/ecr/registrypolicy" + registryscanningconfiguration "github.com/upbound/provider-aws/internal/controller/ecr/registryscanningconfiguration" + replicationconfiguration "github.com/upbound/provider-aws/internal/controller/ecr/replicationconfiguration" + repository "github.com/upbound/provider-aws/internal/controller/ecr/repository" + repositorypolicy "github.com/upbound/provider-aws/internal/controller/ecr/repositorypolicy" +) + +// Setup_ecr creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ecr(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + lifecyclepolicy.Setup, + pullthroughcacherule.Setup, + registrypolicy.Setup, + registryscanningconfiguration.Setup, + replicationconfiguration.Setup, + repository.Setup, + repositorypolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ecrpublic_setup.go b/internal/controller/zz_ecrpublic_setup.go new file mode 100755 index 0000000000..2b4ccb3384 --- /dev/null +++ b/internal/controller/zz_ecrpublic_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + repository "github.com/upbound/provider-aws/internal/controller/ecrpublic/repository" + repositorypolicy "github.com/upbound/provider-aws/internal/controller/ecrpublic/repositorypolicy" +) + +// Setup_ecrpublic creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ecrpublic(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + repository.Setup, + repositorypolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ecs_setup.go b/internal/controller/zz_ecs_setup.go new file mode 100755 index 0000000000..c5f5017cab --- /dev/null +++ b/internal/controller/zz_ecs_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + accountsettingdefault "github.com/upbound/provider-aws/internal/controller/ecs/accountsettingdefault" + capacityprovider "github.com/upbound/provider-aws/internal/controller/ecs/capacityprovider" + cluster "github.com/upbound/provider-aws/internal/controller/ecs/cluster" + clustercapacityproviders "github.com/upbound/provider-aws/internal/controller/ecs/clustercapacityproviders" + service "github.com/upbound/provider-aws/internal/controller/ecs/service" + taskdefinition "github.com/upbound/provider-aws/internal/controller/ecs/taskdefinition" +) + +// Setup_ecs creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ecs(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accountsettingdefault.Setup, + capacityprovider.Setup, + cluster.Setup, + clustercapacityproviders.Setup, + service.Setup, + taskdefinition.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_efs_setup.go b/internal/controller/zz_efs_setup.go new file mode 100755 index 0000000000..c235db4c5e --- /dev/null +++ b/internal/controller/zz_efs_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + accesspoint "github.com/upbound/provider-aws/internal/controller/efs/accesspoint" + backuppolicy "github.com/upbound/provider-aws/internal/controller/efs/backuppolicy" + filesystem "github.com/upbound/provider-aws/internal/controller/efs/filesystem" + filesystempolicy "github.com/upbound/provider-aws/internal/controller/efs/filesystempolicy" + mounttarget "github.com/upbound/provider-aws/internal/controller/efs/mounttarget" + replicationconfiguration "github.com/upbound/provider-aws/internal/controller/efs/replicationconfiguration" +) + +// Setup_efs creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_efs(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accesspoint.Setup, + backuppolicy.Setup, + filesystem.Setup, + filesystempolicy.Setup, + mounttarget.Setup, + replicationconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_eks_setup.go b/internal/controller/zz_eks_setup.go new file mode 100755 index 0000000000..8965543dfd --- /dev/null +++ b/internal/controller/zz_eks_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + addon "github.com/upbound/provider-aws/internal/controller/eks/addon" + cluster "github.com/upbound/provider-aws/internal/controller/eks/cluster" + fargateprofile "github.com/upbound/provider-aws/internal/controller/eks/fargateprofile" + identityproviderconfig "github.com/upbound/provider-aws/internal/controller/eks/identityproviderconfig" + nodegroup "github.com/upbound/provider-aws/internal/controller/eks/nodegroup" +) + +// Setup_eks creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_eks(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + addon.Setup, + cluster.Setup, + fargateprofile.Setup, + identityproviderconfig.Setup, + nodegroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_elasticache_setup.go b/internal/controller/zz_elasticache_setup.go new file mode 100755 index 0000000000..aed2cc4f16 --- /dev/null +++ b/internal/controller/zz_elasticache_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/elasticache/cluster" + parametergroup "github.com/upbound/provider-aws/internal/controller/elasticache/parametergroup" + replicationgroup "github.com/upbound/provider-aws/internal/controller/elasticache/replicationgroup" + subnetgroup "github.com/upbound/provider-aws/internal/controller/elasticache/subnetgroup" + user "github.com/upbound/provider-aws/internal/controller/elasticache/user" + usergroup "github.com/upbound/provider-aws/internal/controller/elasticache/usergroup" +) + +// Setup_elasticache creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_elasticache(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + parametergroup.Setup, + replicationgroup.Setup, + subnetgroup.Setup, + user.Setup, + usergroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_elasticbeanstalk_setup.go b/internal/controller/zz_elasticbeanstalk_setup.go new file mode 100755 index 0000000000..7aae75b6b4 --- /dev/null +++ b/internal/controller/zz_elasticbeanstalk_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/elasticbeanstalk/application" + applicationversion "github.com/upbound/provider-aws/internal/controller/elasticbeanstalk/applicationversion" + configurationtemplate "github.com/upbound/provider-aws/internal/controller/elasticbeanstalk/configurationtemplate" +) + +// Setup_elasticbeanstalk creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_elasticbeanstalk(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + applicationversion.Setup, + configurationtemplate.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_elasticsearch_setup.go b/internal/controller/zz_elasticsearch_setup.go new file mode 100755 index 0000000000..8c7ce1b3ae --- /dev/null +++ b/internal/controller/zz_elasticsearch_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + domain "github.com/upbound/provider-aws/internal/controller/elasticsearch/domain" + domainpolicy "github.com/upbound/provider-aws/internal/controller/elasticsearch/domainpolicy" + domainsamloptions "github.com/upbound/provider-aws/internal/controller/elasticsearch/domainsamloptions" +) + +// Setup_elasticsearch creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_elasticsearch(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + domain.Setup, + domainpolicy.Setup, + domainsamloptions.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_elastictranscoder_setup.go b/internal/controller/zz_elastictranscoder_setup.go new file mode 100755 index 0000000000..fb749d1509 --- /dev/null +++ b/internal/controller/zz_elastictranscoder_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + pipeline "github.com/upbound/provider-aws/internal/controller/elastictranscoder/pipeline" + preset "github.com/upbound/provider-aws/internal/controller/elastictranscoder/preset" +) + +// Setup_elastictranscoder creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_elastictranscoder(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + pipeline.Setup, + preset.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_elb_setup.go b/internal/controller/zz_elb_setup.go new file mode 100755 index 0000000000..f7b06e85fa --- /dev/null +++ b/internal/controller/zz_elb_setup.go @@ -0,0 +1,42 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + appcookiestickinesspolicy "github.com/upbound/provider-aws/internal/controller/elb/appcookiestickinesspolicy" + attachment "github.com/upbound/provider-aws/internal/controller/elb/attachment" + backendserverpolicy "github.com/upbound/provider-aws/internal/controller/elb/backendserverpolicy" + elb "github.com/upbound/provider-aws/internal/controller/elb/elb" + lbcookiestickinesspolicy "github.com/upbound/provider-aws/internal/controller/elb/lbcookiestickinesspolicy" + lbsslnegotiationpolicy "github.com/upbound/provider-aws/internal/controller/elb/lbsslnegotiationpolicy" + listenerpolicy "github.com/upbound/provider-aws/internal/controller/elb/listenerpolicy" + policy "github.com/upbound/provider-aws/internal/controller/elb/policy" + proxyprotocolpolicy "github.com/upbound/provider-aws/internal/controller/elb/proxyprotocolpolicy" +) + +// Setup_elb creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_elb(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + appcookiestickinesspolicy.Setup, + attachment.Setup, + backendserverpolicy.Setup, + elb.Setup, + lbcookiestickinesspolicy.Setup, + lbsslnegotiationpolicy.Setup, + listenerpolicy.Setup, + policy.Setup, + proxyprotocolpolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_elbv2_setup.go b/internal/controller/zz_elbv2_setup.go new file mode 100755 index 0000000000..bdbedfb869 --- /dev/null +++ b/internal/controller/zz_elbv2_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + lb "github.com/upbound/provider-aws/internal/controller/elbv2/lb" + lblistener "github.com/upbound/provider-aws/internal/controller/elbv2/lblistener" + lblistenerrule "github.com/upbound/provider-aws/internal/controller/elbv2/lblistenerrule" + lbtargetgroup "github.com/upbound/provider-aws/internal/controller/elbv2/lbtargetgroup" + lbtargetgroupattachment "github.com/upbound/provider-aws/internal/controller/elbv2/lbtargetgroupattachment" +) + +// Setup_elbv2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_elbv2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + lb.Setup, + lblistener.Setup, + lblistenerrule.Setup, + lbtargetgroup.Setup, + lbtargetgroupattachment.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_emr_setup.go b/internal/controller/zz_emr_setup.go new file mode 100755 index 0000000000..1c9a00fef4 --- /dev/null +++ b/internal/controller/zz_emr_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + securityconfiguration "github.com/upbound/provider-aws/internal/controller/emr/securityconfiguration" +) + +// Setup_emr creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_emr(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + securityconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_emrserverless_setup.go b/internal/controller/zz_emrserverless_setup.go new file mode 100755 index 0000000000..7ee09c893a --- /dev/null +++ b/internal/controller/zz_emrserverless_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/emrserverless/application" +) + +// Setup_emrserverless creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_emrserverless(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_evidently_setup.go b/internal/controller/zz_evidently_setup.go new file mode 100755 index 0000000000..ff60c79946 --- /dev/null +++ b/internal/controller/zz_evidently_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + feature "github.com/upbound/provider-aws/internal/controller/evidently/feature" + project "github.com/upbound/provider-aws/internal/controller/evidently/project" + segment "github.com/upbound/provider-aws/internal/controller/evidently/segment" +) + +// Setup_evidently creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_evidently(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + feature.Setup, + project.Setup, + segment.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_firehose_setup.go b/internal/controller/zz_firehose_setup.go new file mode 100755 index 0000000000..f4fd3a2c4a --- /dev/null +++ b/internal/controller/zz_firehose_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + deliverystream "github.com/upbound/provider-aws/internal/controller/firehose/deliverystream" +) + +// Setup_firehose creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_firehose(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + deliverystream.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_fis_setup.go b/internal/controller/zz_fis_setup.go new file mode 100755 index 0000000000..11f210e31c --- /dev/null +++ b/internal/controller/zz_fis_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + experimenttemplate "github.com/upbound/provider-aws/internal/controller/fis/experimenttemplate" +) + +// Setup_fis creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_fis(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + experimenttemplate.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_fsx_setup.go b/internal/controller/zz_fsx_setup.go new file mode 100755 index 0000000000..4d7260dae5 --- /dev/null +++ b/internal/controller/zz_fsx_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + backup "github.com/upbound/provider-aws/internal/controller/fsx/backup" + datarepositoryassociation "github.com/upbound/provider-aws/internal/controller/fsx/datarepositoryassociation" + lustrefilesystem "github.com/upbound/provider-aws/internal/controller/fsx/lustrefilesystem" + ontapfilesystem "github.com/upbound/provider-aws/internal/controller/fsx/ontapfilesystem" + ontapstoragevirtualmachine "github.com/upbound/provider-aws/internal/controller/fsx/ontapstoragevirtualmachine" + windowsfilesystem "github.com/upbound/provider-aws/internal/controller/fsx/windowsfilesystem" +) + +// Setup_fsx creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_fsx(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + backup.Setup, + datarepositoryassociation.Setup, + lustrefilesystem.Setup, + ontapfilesystem.Setup, + ontapstoragevirtualmachine.Setup, + windowsfilesystem.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_gamelift_setup.go b/internal/controller/zz_gamelift_setup.go new file mode 100755 index 0000000000..361a321359 --- /dev/null +++ b/internal/controller/zz_gamelift_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + alias "github.com/upbound/provider-aws/internal/controller/gamelift/alias" + build "github.com/upbound/provider-aws/internal/controller/gamelift/build" + fleet "github.com/upbound/provider-aws/internal/controller/gamelift/fleet" + gamesessionqueue "github.com/upbound/provider-aws/internal/controller/gamelift/gamesessionqueue" + script "github.com/upbound/provider-aws/internal/controller/gamelift/script" +) + +// Setup_gamelift creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_gamelift(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + alias.Setup, + build.Setup, + fleet.Setup, + gamesessionqueue.Setup, + script.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_glacier_setup.go b/internal/controller/zz_glacier_setup.go new file mode 100755 index 0000000000..80341cb60d --- /dev/null +++ b/internal/controller/zz_glacier_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + vault "github.com/upbound/provider-aws/internal/controller/glacier/vault" + vaultlock "github.com/upbound/provider-aws/internal/controller/glacier/vaultlock" +) + +// Setup_glacier creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_glacier(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + vault.Setup, + vaultlock.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_globalaccelerator_setup.go b/internal/controller/zz_globalaccelerator_setup.go new file mode 100755 index 0000000000..96c955cc44 --- /dev/null +++ b/internal/controller/zz_globalaccelerator_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + accelerator "github.com/upbound/provider-aws/internal/controller/globalaccelerator/accelerator" + endpointgroup "github.com/upbound/provider-aws/internal/controller/globalaccelerator/endpointgroup" + listener "github.com/upbound/provider-aws/internal/controller/globalaccelerator/listener" +) + +// Setup_globalaccelerator creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_globalaccelerator(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accelerator.Setup, + endpointgroup.Setup, + listener.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_glue_setup.go b/internal/controller/zz_glue_setup.go new file mode 100755 index 0000000000..5fa166a427 --- /dev/null +++ b/internal/controller/zz_glue_setup.go @@ -0,0 +1,52 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + catalogdatabase "github.com/upbound/provider-aws/internal/controller/glue/catalogdatabase" + catalogtable "github.com/upbound/provider-aws/internal/controller/glue/catalogtable" + classifier "github.com/upbound/provider-aws/internal/controller/glue/classifier" + connection "github.com/upbound/provider-aws/internal/controller/glue/connection" + crawler "github.com/upbound/provider-aws/internal/controller/glue/crawler" + datacatalogencryptionsettings "github.com/upbound/provider-aws/internal/controller/glue/datacatalogencryptionsettings" + job "github.com/upbound/provider-aws/internal/controller/glue/job" + registry "github.com/upbound/provider-aws/internal/controller/glue/registry" + resourcepolicy "github.com/upbound/provider-aws/internal/controller/glue/resourcepolicy" + schema "github.com/upbound/provider-aws/internal/controller/glue/schema" + securityconfiguration "github.com/upbound/provider-aws/internal/controller/glue/securityconfiguration" + trigger "github.com/upbound/provider-aws/internal/controller/glue/trigger" + userdefinedfunction "github.com/upbound/provider-aws/internal/controller/glue/userdefinedfunction" + workflow "github.com/upbound/provider-aws/internal/controller/glue/workflow" +) + +// Setup_glue creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_glue(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + catalogdatabase.Setup, + catalogtable.Setup, + classifier.Setup, + connection.Setup, + crawler.Setup, + datacatalogencryptionsettings.Setup, + job.Setup, + registry.Setup, + resourcepolicy.Setup, + schema.Setup, + securityconfiguration.Setup, + trigger.Setup, + userdefinedfunction.Setup, + workflow.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_grafana_setup.go b/internal/controller/zz_grafana_setup.go new file mode 100755 index 0000000000..dfc14700b1 --- /dev/null +++ b/internal/controller/zz_grafana_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + licenseassociation "github.com/upbound/provider-aws/internal/controller/grafana/licenseassociation" + roleassociation "github.com/upbound/provider-aws/internal/controller/grafana/roleassociation" + workspace "github.com/upbound/provider-aws/internal/controller/grafana/workspace" + workspaceapikey "github.com/upbound/provider-aws/internal/controller/grafana/workspaceapikey" + workspacesamlconfiguration "github.com/upbound/provider-aws/internal/controller/grafana/workspacesamlconfiguration" +) + +// Setup_grafana creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_grafana(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + licenseassociation.Setup, + roleassociation.Setup, + workspace.Setup, + workspaceapikey.Setup, + workspacesamlconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_guardduty_setup.go b/internal/controller/zz_guardduty_setup.go new file mode 100755 index 0000000000..933b6ce629 --- /dev/null +++ b/internal/controller/zz_guardduty_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + detector "github.com/upbound/provider-aws/internal/controller/guardduty/detector" + filter "github.com/upbound/provider-aws/internal/controller/guardduty/filter" + member "github.com/upbound/provider-aws/internal/controller/guardduty/member" +) + +// Setup_guardduty creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_guardduty(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + detector.Setup, + filter.Setup, + member.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_iam_setup.go b/internal/controller/zz_iam_setup.go new file mode 100755 index 0000000000..7d4478f7af --- /dev/null +++ b/internal/controller/zz_iam_setup.go @@ -0,0 +1,68 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + accesskey "github.com/upbound/provider-aws/internal/controller/iam/accesskey" + accountalias "github.com/upbound/provider-aws/internal/controller/iam/accountalias" + accountpasswordpolicy "github.com/upbound/provider-aws/internal/controller/iam/accountpasswordpolicy" + group "github.com/upbound/provider-aws/internal/controller/iam/group" + groupmembership "github.com/upbound/provider-aws/internal/controller/iam/groupmembership" + grouppolicyattachment "github.com/upbound/provider-aws/internal/controller/iam/grouppolicyattachment" + instanceprofile "github.com/upbound/provider-aws/internal/controller/iam/instanceprofile" + openidconnectprovider "github.com/upbound/provider-aws/internal/controller/iam/openidconnectprovider" + policy "github.com/upbound/provider-aws/internal/controller/iam/policy" + role "github.com/upbound/provider-aws/internal/controller/iam/role" + rolepolicyattachment "github.com/upbound/provider-aws/internal/controller/iam/rolepolicyattachment" + samlprovider "github.com/upbound/provider-aws/internal/controller/iam/samlprovider" + servercertificate "github.com/upbound/provider-aws/internal/controller/iam/servercertificate" + servicelinkedrole "github.com/upbound/provider-aws/internal/controller/iam/servicelinkedrole" + servicespecificcredential "github.com/upbound/provider-aws/internal/controller/iam/servicespecificcredential" + signingcertificate "github.com/upbound/provider-aws/internal/controller/iam/signingcertificate" + user "github.com/upbound/provider-aws/internal/controller/iam/user" + usergroupmembership "github.com/upbound/provider-aws/internal/controller/iam/usergroupmembership" + userloginprofile "github.com/upbound/provider-aws/internal/controller/iam/userloginprofile" + userpolicyattachment "github.com/upbound/provider-aws/internal/controller/iam/userpolicyattachment" + usersshkey "github.com/upbound/provider-aws/internal/controller/iam/usersshkey" + virtualmfadevice "github.com/upbound/provider-aws/internal/controller/iam/virtualmfadevice" +) + +// Setup_iam creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_iam(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accesskey.Setup, + accountalias.Setup, + accountpasswordpolicy.Setup, + group.Setup, + groupmembership.Setup, + grouppolicyattachment.Setup, + instanceprofile.Setup, + openidconnectprovider.Setup, + policy.Setup, + role.Setup, + rolepolicyattachment.Setup, + samlprovider.Setup, + servercertificate.Setup, + servicelinkedrole.Setup, + servicespecificcredential.Setup, + signingcertificate.Setup, + user.Setup, + usergroupmembership.Setup, + userloginprofile.Setup, + userpolicyattachment.Setup, + usersshkey.Setup, + virtualmfadevice.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_imagebuilder_setup.go b/internal/controller/zz_imagebuilder_setup.go new file mode 100755 index 0000000000..5cb629bd81 --- /dev/null +++ b/internal/controller/zz_imagebuilder_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + component "github.com/upbound/provider-aws/internal/controller/imagebuilder/component" + containerrecipe "github.com/upbound/provider-aws/internal/controller/imagebuilder/containerrecipe" + distributionconfiguration "github.com/upbound/provider-aws/internal/controller/imagebuilder/distributionconfiguration" + image "github.com/upbound/provider-aws/internal/controller/imagebuilder/image" + imagepipeline "github.com/upbound/provider-aws/internal/controller/imagebuilder/imagepipeline" + imagerecipe "github.com/upbound/provider-aws/internal/controller/imagebuilder/imagerecipe" + infrastructureconfiguration "github.com/upbound/provider-aws/internal/controller/imagebuilder/infrastructureconfiguration" +) + +// Setup_imagebuilder creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_imagebuilder(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + component.Setup, + containerrecipe.Setup, + distributionconfiguration.Setup, + image.Setup, + imagepipeline.Setup, + imagerecipe.Setup, + infrastructureconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_inspector2_setup.go b/internal/controller/zz_inspector2_setup.go new file mode 100755 index 0000000000..abeda03baf --- /dev/null +++ b/internal/controller/zz_inspector2_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + enabler "github.com/upbound/provider-aws/internal/controller/inspector2/enabler" +) + +// Setup_inspector2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_inspector2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + enabler.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_inspector_setup.go b/internal/controller/zz_inspector_setup.go new file mode 100755 index 0000000000..e3ac5add04 --- /dev/null +++ b/internal/controller/zz_inspector_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + assessmenttarget "github.com/upbound/provider-aws/internal/controller/inspector/assessmenttarget" + assessmenttemplate "github.com/upbound/provider-aws/internal/controller/inspector/assessmenttemplate" + resourcegroup "github.com/upbound/provider-aws/internal/controller/inspector/resourcegroup" +) + +// Setup_inspector creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_inspector(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + assessmenttarget.Setup, + assessmenttemplate.Setup, + resourcegroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_iot_setup.go b/internal/controller/zz_iot_setup.go new file mode 100755 index 0000000000..f827c70848 --- /dev/null +++ b/internal/controller/zz_iot_setup.go @@ -0,0 +1,50 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + certificate "github.com/upbound/provider-aws/internal/controller/iot/certificate" + indexingconfiguration "github.com/upbound/provider-aws/internal/controller/iot/indexingconfiguration" + loggingoptions "github.com/upbound/provider-aws/internal/controller/iot/loggingoptions" + policy "github.com/upbound/provider-aws/internal/controller/iot/policy" + policyattachment "github.com/upbound/provider-aws/internal/controller/iot/policyattachment" + provisioningtemplate "github.com/upbound/provider-aws/internal/controller/iot/provisioningtemplate" + rolealias "github.com/upbound/provider-aws/internal/controller/iot/rolealias" + thing "github.com/upbound/provider-aws/internal/controller/iot/thing" + thinggroup "github.com/upbound/provider-aws/internal/controller/iot/thinggroup" + thinggroupmembership "github.com/upbound/provider-aws/internal/controller/iot/thinggroupmembership" + thingprincipalattachment "github.com/upbound/provider-aws/internal/controller/iot/thingprincipalattachment" + thingtype "github.com/upbound/provider-aws/internal/controller/iot/thingtype" + topicrule "github.com/upbound/provider-aws/internal/controller/iot/topicrule" +) + +// Setup_iot creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_iot(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + certificate.Setup, + indexingconfiguration.Setup, + loggingoptions.Setup, + policy.Setup, + policyattachment.Setup, + provisioningtemplate.Setup, + rolealias.Setup, + thing.Setup, + thinggroup.Setup, + thinggroupmembership.Setup, + thingprincipalattachment.Setup, + thingtype.Setup, + topicrule.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ivs_setup.go b/internal/controller/zz_ivs_setup.go new file mode 100755 index 0000000000..f3f284e67d --- /dev/null +++ b/internal/controller/zz_ivs_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + channel "github.com/upbound/provider-aws/internal/controller/ivs/channel" + recordingconfiguration "github.com/upbound/provider-aws/internal/controller/ivs/recordingconfiguration" +) + +// Setup_ivs creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ivs(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + channel.Setup, + recordingconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kafka_setup.go b/internal/controller/zz_kafka_setup.go new file mode 100755 index 0000000000..fe9aa4c0c9 --- /dev/null +++ b/internal/controller/zz_kafka_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/kafka/cluster" + configuration "github.com/upbound/provider-aws/internal/controller/kafka/configuration" +) + +// Setup_kafka creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kafka(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + configuration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kendra_setup.go b/internal/controller/zz_kendra_setup.go new file mode 100755 index 0000000000..e373afb70f --- /dev/null +++ b/internal/controller/zz_kendra_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + datasource "github.com/upbound/provider-aws/internal/controller/kendra/datasource" + experience "github.com/upbound/provider-aws/internal/controller/kendra/experience" + index "github.com/upbound/provider-aws/internal/controller/kendra/index" + querysuggestionsblocklist "github.com/upbound/provider-aws/internal/controller/kendra/querysuggestionsblocklist" + thesaurus "github.com/upbound/provider-aws/internal/controller/kendra/thesaurus" +) + +// Setup_kendra creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kendra(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + datasource.Setup, + experience.Setup, + index.Setup, + querysuggestionsblocklist.Setup, + thesaurus.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_keyspaces_setup.go b/internal/controller/zz_keyspaces_setup.go new file mode 100755 index 0000000000..8e0a800ab4 --- /dev/null +++ b/internal/controller/zz_keyspaces_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + keyspace "github.com/upbound/provider-aws/internal/controller/keyspaces/keyspace" + table "github.com/upbound/provider-aws/internal/controller/keyspaces/table" +) + +// Setup_keyspaces creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_keyspaces(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + keyspace.Setup, + table.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kinesis_setup.go b/internal/controller/zz_kinesis_setup.go new file mode 100755 index 0000000000..6b502db0e8 --- /dev/null +++ b/internal/controller/zz_kinesis_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + stream "github.com/upbound/provider-aws/internal/controller/kinesis/stream" + streamconsumer "github.com/upbound/provider-aws/internal/controller/kinesis/streamconsumer" +) + +// Setup_kinesis creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kinesis(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + stream.Setup, + streamconsumer.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kinesisanalytics_setup.go b/internal/controller/zz_kinesisanalytics_setup.go new file mode 100755 index 0000000000..3ff8ef25c3 --- /dev/null +++ b/internal/controller/zz_kinesisanalytics_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/kinesisanalytics/application" +) + +// Setup_kinesisanalytics creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kinesisanalytics(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kinesisanalyticsv2_setup.go b/internal/controller/zz_kinesisanalyticsv2_setup.go new file mode 100755 index 0000000000..7b76ff0259 --- /dev/null +++ b/internal/controller/zz_kinesisanalyticsv2_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/kinesisanalyticsv2/application" + applicationsnapshot "github.com/upbound/provider-aws/internal/controller/kinesisanalyticsv2/applicationsnapshot" +) + +// Setup_kinesisanalyticsv2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kinesisanalyticsv2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + applicationsnapshot.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kinesisvideo_setup.go b/internal/controller/zz_kinesisvideo_setup.go new file mode 100755 index 0000000000..a53a2e0938 --- /dev/null +++ b/internal/controller/zz_kinesisvideo_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + stream "github.com/upbound/provider-aws/internal/controller/kinesisvideo/stream" +) + +// Setup_kinesisvideo creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kinesisvideo(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + stream.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_kms_setup.go b/internal/controller/zz_kms_setup.go new file mode 100755 index 0000000000..86da42bc46 --- /dev/null +++ b/internal/controller/zz_kms_setup.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + alias "github.com/upbound/provider-aws/internal/controller/kms/alias" + ciphertext "github.com/upbound/provider-aws/internal/controller/kms/ciphertext" + externalkey "github.com/upbound/provider-aws/internal/controller/kms/externalkey" + grant "github.com/upbound/provider-aws/internal/controller/kms/grant" + key "github.com/upbound/provider-aws/internal/controller/kms/key" + replicaexternalkey "github.com/upbound/provider-aws/internal/controller/kms/replicaexternalkey" + replicakey "github.com/upbound/provider-aws/internal/controller/kms/replicakey" +) + +// Setup_kms creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_kms(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + alias.Setup, + ciphertext.Setup, + externalkey.Setup, + grant.Setup, + key.Setup, + replicaexternalkey.Setup, + replicakey.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_lakeformation_setup.go b/internal/controller/zz_lakeformation_setup.go new file mode 100755 index 0000000000..454182ab5b --- /dev/null +++ b/internal/controller/zz_lakeformation_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + datalakesettings "github.com/upbound/provider-aws/internal/controller/lakeformation/datalakesettings" + permissions "github.com/upbound/provider-aws/internal/controller/lakeformation/permissions" + resource "github.com/upbound/provider-aws/internal/controller/lakeformation/resource" +) + +// Setup_lakeformation creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_lakeformation(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + datalakesettings.Setup, + permissions.Setup, + resource.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_lambda_setup.go b/internal/controller/zz_lambda_setup.go new file mode 100755 index 0000000000..44a218de9c --- /dev/null +++ b/internal/controller/zz_lambda_setup.go @@ -0,0 +1,46 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + alias "github.com/upbound/provider-aws/internal/controller/lambda/alias" + codesigningconfig "github.com/upbound/provider-aws/internal/controller/lambda/codesigningconfig" + eventsourcemapping "github.com/upbound/provider-aws/internal/controller/lambda/eventsourcemapping" + function "github.com/upbound/provider-aws/internal/controller/lambda/function" + functioneventinvokeconfig "github.com/upbound/provider-aws/internal/controller/lambda/functioneventinvokeconfig" + functionurl "github.com/upbound/provider-aws/internal/controller/lambda/functionurl" + invocation "github.com/upbound/provider-aws/internal/controller/lambda/invocation" + layerversion "github.com/upbound/provider-aws/internal/controller/lambda/layerversion" + layerversionpermission "github.com/upbound/provider-aws/internal/controller/lambda/layerversionpermission" + permission "github.com/upbound/provider-aws/internal/controller/lambda/permission" + provisionedconcurrencyconfig "github.com/upbound/provider-aws/internal/controller/lambda/provisionedconcurrencyconfig" +) + +// Setup_lambda creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_lambda(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + alias.Setup, + codesigningconfig.Setup, + eventsourcemapping.Setup, + function.Setup, + functioneventinvokeconfig.Setup, + functionurl.Setup, + invocation.Setup, + layerversion.Setup, + layerversionpermission.Setup, + permission.Setup, + provisionedconcurrencyconfig.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_lexmodels_setup.go b/internal/controller/zz_lexmodels_setup.go new file mode 100755 index 0000000000..7924fc0dac --- /dev/null +++ b/internal/controller/zz_lexmodels_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + bot "github.com/upbound/provider-aws/internal/controller/lexmodels/bot" + botalias "github.com/upbound/provider-aws/internal/controller/lexmodels/botalias" + intent "github.com/upbound/provider-aws/internal/controller/lexmodels/intent" + slottype "github.com/upbound/provider-aws/internal/controller/lexmodels/slottype" +) + +// Setup_lexmodels creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_lexmodels(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + bot.Setup, + botalias.Setup, + intent.Setup, + slottype.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_licensemanager_setup.go b/internal/controller/zz_licensemanager_setup.go new file mode 100755 index 0000000000..65f9f20bea --- /dev/null +++ b/internal/controller/zz_licensemanager_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + association "github.com/upbound/provider-aws/internal/controller/licensemanager/association" + licenseconfiguration "github.com/upbound/provider-aws/internal/controller/licensemanager/licenseconfiguration" +) + +// Setup_licensemanager creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_licensemanager(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + association.Setup, + licenseconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_lightsail_setup.go b/internal/controller/zz_lightsail_setup.go new file mode 100755 index 0000000000..8c4b8c13b4 --- /dev/null +++ b/internal/controller/zz_lightsail_setup.go @@ -0,0 +1,56 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + bucket "github.com/upbound/provider-aws/internal/controller/lightsail/bucket" + certificate "github.com/upbound/provider-aws/internal/controller/lightsail/certificate" + containerservice "github.com/upbound/provider-aws/internal/controller/lightsail/containerservice" + disk "github.com/upbound/provider-aws/internal/controller/lightsail/disk" + diskattachment "github.com/upbound/provider-aws/internal/controller/lightsail/diskattachment" + domain "github.com/upbound/provider-aws/internal/controller/lightsail/domain" + domainentry "github.com/upbound/provider-aws/internal/controller/lightsail/domainentry" + instance "github.com/upbound/provider-aws/internal/controller/lightsail/instance" + instancepublicports "github.com/upbound/provider-aws/internal/controller/lightsail/instancepublicports" + keypair "github.com/upbound/provider-aws/internal/controller/lightsail/keypair" + lb "github.com/upbound/provider-aws/internal/controller/lightsail/lb" + lbattachment "github.com/upbound/provider-aws/internal/controller/lightsail/lbattachment" + lbcertificate "github.com/upbound/provider-aws/internal/controller/lightsail/lbcertificate" + lbstickinesspolicy "github.com/upbound/provider-aws/internal/controller/lightsail/lbstickinesspolicy" + staticip "github.com/upbound/provider-aws/internal/controller/lightsail/staticip" + staticipattachment "github.com/upbound/provider-aws/internal/controller/lightsail/staticipattachment" +) + +// Setup_lightsail creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_lightsail(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + bucket.Setup, + certificate.Setup, + containerservice.Setup, + disk.Setup, + diskattachment.Setup, + domain.Setup, + domainentry.Setup, + instance.Setup, + instancepublicports.Setup, + keypair.Setup, + lb.Setup, + lbattachment.Setup, + lbcertificate.Setup, + lbstickinesspolicy.Setup, + staticip.Setup, + staticipattachment.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_location_setup.go b/internal/controller/zz_location_setup.go new file mode 100755 index 0000000000..109806b6cb --- /dev/null +++ b/internal/controller/zz_location_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + geofencecollection "github.com/upbound/provider-aws/internal/controller/location/geofencecollection" + placeindex "github.com/upbound/provider-aws/internal/controller/location/placeindex" + routecalculator "github.com/upbound/provider-aws/internal/controller/location/routecalculator" + tracker "github.com/upbound/provider-aws/internal/controller/location/tracker" + trackerassociation "github.com/upbound/provider-aws/internal/controller/location/trackerassociation" +) + +// Setup_location creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_location(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + geofencecollection.Setup, + placeindex.Setup, + routecalculator.Setup, + tracker.Setup, + trackerassociation.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_macie2_setup.go b/internal/controller/zz_macie2_setup.go new file mode 100755 index 0000000000..a2ba07d0f6 --- /dev/null +++ b/internal/controller/zz_macie2_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + account "github.com/upbound/provider-aws/internal/controller/macie2/account" + classificationjob "github.com/upbound/provider-aws/internal/controller/macie2/classificationjob" + customdataidentifier "github.com/upbound/provider-aws/internal/controller/macie2/customdataidentifier" + findingsfilter "github.com/upbound/provider-aws/internal/controller/macie2/findingsfilter" + invitationaccepter "github.com/upbound/provider-aws/internal/controller/macie2/invitationaccepter" + member "github.com/upbound/provider-aws/internal/controller/macie2/member" +) + +// Setup_macie2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_macie2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + account.Setup, + classificationjob.Setup, + customdataidentifier.Setup, + findingsfilter.Setup, + invitationaccepter.Setup, + member.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_mediaconvert_setup.go b/internal/controller/zz_mediaconvert_setup.go new file mode 100755 index 0000000000..6b6070c135 --- /dev/null +++ b/internal/controller/zz_mediaconvert_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + queue "github.com/upbound/provider-aws/internal/controller/mediaconvert/queue" +) + +// Setup_mediaconvert creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_mediaconvert(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + queue.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_medialive_setup.go b/internal/controller/zz_medialive_setup.go new file mode 100755 index 0000000000..cfb2a3e3a3 --- /dev/null +++ b/internal/controller/zz_medialive_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + channel "github.com/upbound/provider-aws/internal/controller/medialive/channel" + input "github.com/upbound/provider-aws/internal/controller/medialive/input" + inputsecuritygroup "github.com/upbound/provider-aws/internal/controller/medialive/inputsecuritygroup" + multiplex "github.com/upbound/provider-aws/internal/controller/medialive/multiplex" +) + +// Setup_medialive creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_medialive(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + channel.Setup, + input.Setup, + inputsecuritygroup.Setup, + multiplex.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_mediapackage_setup.go b/internal/controller/zz_mediapackage_setup.go new file mode 100755 index 0000000000..a497dc743a --- /dev/null +++ b/internal/controller/zz_mediapackage_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + channel "github.com/upbound/provider-aws/internal/controller/mediapackage/channel" +) + +// Setup_mediapackage creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_mediapackage(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + channel.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_mediastore_setup.go b/internal/controller/zz_mediastore_setup.go new file mode 100755 index 0000000000..9f3d9aef76 --- /dev/null +++ b/internal/controller/zz_mediastore_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + container "github.com/upbound/provider-aws/internal/controller/mediastore/container" + containerpolicy "github.com/upbound/provider-aws/internal/controller/mediastore/containerpolicy" +) + +// Setup_mediastore creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_mediastore(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + container.Setup, + containerpolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_memorydb_setup.go b/internal/controller/zz_memorydb_setup.go new file mode 100755 index 0000000000..95504e78d6 --- /dev/null +++ b/internal/controller/zz_memorydb_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + acl "github.com/upbound/provider-aws/internal/controller/memorydb/acl" + cluster "github.com/upbound/provider-aws/internal/controller/memorydb/cluster" + parametergroup "github.com/upbound/provider-aws/internal/controller/memorydb/parametergroup" + snapshot "github.com/upbound/provider-aws/internal/controller/memorydb/snapshot" + subnetgroup "github.com/upbound/provider-aws/internal/controller/memorydb/subnetgroup" +) + +// Setup_memorydb creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_memorydb(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + acl.Setup, + cluster.Setup, + parametergroup.Setup, + snapshot.Setup, + subnetgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_setup.go b/internal/controller/zz_monolith_setup.go similarity index 99% rename from internal/controller/zz_setup.go rename to internal/controller/zz_monolith_setup.go index db1a777d10..791b2fb525 100755 --- a/internal/controller/zz_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -910,9 +910,9 @@ import ( samplingrule "github.com/upbound/provider-aws/internal/controller/xray/samplingrule" ) -// Setup creates all controllers with the supplied logger and adds them to +// Setup_monolith creates all controllers with the supplied logger and adds them to // the supplied manager. -func Setup(mgr ctrl.Manager, o controller.Options) error { +func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ analyzer.Setup, archiverule.Setup, diff --git a/internal/controller/zz_mq_setup.go b/internal/controller/zz_mq_setup.go new file mode 100755 index 0000000000..d9a8b25f89 --- /dev/null +++ b/internal/controller/zz_mq_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + broker "github.com/upbound/provider-aws/internal/controller/mq/broker" + configuration "github.com/upbound/provider-aws/internal/controller/mq/configuration" +) + +// Setup_mq creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_mq(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + broker.Setup, + configuration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_neptune_setup.go b/internal/controller/zz_neptune_setup.go new file mode 100755 index 0000000000..39a30fdffe --- /dev/null +++ b/internal/controller/zz_neptune_setup.go @@ -0,0 +1,42 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/neptune/cluster" + clusterendpoint "github.com/upbound/provider-aws/internal/controller/neptune/clusterendpoint" + clusterinstance "github.com/upbound/provider-aws/internal/controller/neptune/clusterinstance" + clusterparametergroup "github.com/upbound/provider-aws/internal/controller/neptune/clusterparametergroup" + clustersnapshot "github.com/upbound/provider-aws/internal/controller/neptune/clustersnapshot" + eventsubscription "github.com/upbound/provider-aws/internal/controller/neptune/eventsubscription" + globalcluster "github.com/upbound/provider-aws/internal/controller/neptune/globalcluster" + parametergroup "github.com/upbound/provider-aws/internal/controller/neptune/parametergroup" + subnetgroup "github.com/upbound/provider-aws/internal/controller/neptune/subnetgroup" +) + +// Setup_neptune creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_neptune(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + clusterendpoint.Setup, + clusterinstance.Setup, + clusterparametergroup.Setup, + clustersnapshot.Setup, + eventsubscription.Setup, + globalcluster.Setup, + parametergroup.Setup, + subnetgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_networkfirewall_setup.go b/internal/controller/zz_networkfirewall_setup.go new file mode 100755 index 0000000000..962b4c3328 --- /dev/null +++ b/internal/controller/zz_networkfirewall_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + firewall "github.com/upbound/provider-aws/internal/controller/networkfirewall/firewall" + firewallpolicy "github.com/upbound/provider-aws/internal/controller/networkfirewall/firewallpolicy" + loggingconfiguration "github.com/upbound/provider-aws/internal/controller/networkfirewall/loggingconfiguration" + rulegroup "github.com/upbound/provider-aws/internal/controller/networkfirewall/rulegroup" +) + +// Setup_networkfirewall creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_networkfirewall(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + firewall.Setup, + firewallpolicy.Setup, + loggingconfiguration.Setup, + rulegroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_networkmanager_setup.go b/internal/controller/zz_networkmanager_setup.go new file mode 100755 index 0000000000..b7ab405e51 --- /dev/null +++ b/internal/controller/zz_networkmanager_setup.go @@ -0,0 +1,50 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + attachmentaccepter "github.com/upbound/provider-aws/internal/controller/networkmanager/attachmentaccepter" + connectattachment "github.com/upbound/provider-aws/internal/controller/networkmanager/connectattachment" + connection "github.com/upbound/provider-aws/internal/controller/networkmanager/connection" + corenetwork "github.com/upbound/provider-aws/internal/controller/networkmanager/corenetwork" + customergatewayassociation "github.com/upbound/provider-aws/internal/controller/networkmanager/customergatewayassociation" + device "github.com/upbound/provider-aws/internal/controller/networkmanager/device" + globalnetwork "github.com/upbound/provider-aws/internal/controller/networkmanager/globalnetwork" + link "github.com/upbound/provider-aws/internal/controller/networkmanager/link" + linkassociation "github.com/upbound/provider-aws/internal/controller/networkmanager/linkassociation" + site "github.com/upbound/provider-aws/internal/controller/networkmanager/site" + transitgatewayconnectpeerassociation "github.com/upbound/provider-aws/internal/controller/networkmanager/transitgatewayconnectpeerassociation" + transitgatewayregistration "github.com/upbound/provider-aws/internal/controller/networkmanager/transitgatewayregistration" + vpcattachment "github.com/upbound/provider-aws/internal/controller/networkmanager/vpcattachment" +) + +// Setup_networkmanager creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_networkmanager(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + attachmentaccepter.Setup, + connectattachment.Setup, + connection.Setup, + corenetwork.Setup, + customergatewayassociation.Setup, + device.Setup, + globalnetwork.Setup, + link.Setup, + linkassociation.Setup, + site.Setup, + transitgatewayconnectpeerassociation.Setup, + transitgatewayregistration.Setup, + vpcattachment.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_opensearch_setup.go b/internal/controller/zz_opensearch_setup.go new file mode 100755 index 0000000000..d04eaffca8 --- /dev/null +++ b/internal/controller/zz_opensearch_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + domain "github.com/upbound/provider-aws/internal/controller/opensearch/domain" + domainpolicy "github.com/upbound/provider-aws/internal/controller/opensearch/domainpolicy" + domainsamloptions "github.com/upbound/provider-aws/internal/controller/opensearch/domainsamloptions" +) + +// Setup_opensearch creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_opensearch(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + domain.Setup, + domainpolicy.Setup, + domainsamloptions.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_opsworks_setup.go b/internal/controller/zz_opsworks_setup.go new file mode 100755 index 0000000000..5ab66acfbf --- /dev/null +++ b/internal/controller/zz_opsworks_setup.go @@ -0,0 +1,58 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + application "github.com/upbound/provider-aws/internal/controller/opsworks/application" + customlayer "github.com/upbound/provider-aws/internal/controller/opsworks/customlayer" + ecsclusterlayer "github.com/upbound/provider-aws/internal/controller/opsworks/ecsclusterlayer" + ganglialayer "github.com/upbound/provider-aws/internal/controller/opsworks/ganglialayer" + haproxylayer "github.com/upbound/provider-aws/internal/controller/opsworks/haproxylayer" + instance "github.com/upbound/provider-aws/internal/controller/opsworks/instance" + javaapplayer "github.com/upbound/provider-aws/internal/controller/opsworks/javaapplayer" + memcachedlayer "github.com/upbound/provider-aws/internal/controller/opsworks/memcachedlayer" + mysqllayer "github.com/upbound/provider-aws/internal/controller/opsworks/mysqllayer" + nodejsapplayer "github.com/upbound/provider-aws/internal/controller/opsworks/nodejsapplayer" + permission "github.com/upbound/provider-aws/internal/controller/opsworks/permission" + phpapplayer "github.com/upbound/provider-aws/internal/controller/opsworks/phpapplayer" + railsapplayer "github.com/upbound/provider-aws/internal/controller/opsworks/railsapplayer" + rdsdbinstance "github.com/upbound/provider-aws/internal/controller/opsworks/rdsdbinstance" + stack "github.com/upbound/provider-aws/internal/controller/opsworks/stack" + staticweblayer "github.com/upbound/provider-aws/internal/controller/opsworks/staticweblayer" + userprofile "github.com/upbound/provider-aws/internal/controller/opsworks/userprofile" +) + +// Setup_opsworks creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_opsworks(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + application.Setup, + customlayer.Setup, + ecsclusterlayer.Setup, + ganglialayer.Setup, + haproxylayer.Setup, + instance.Setup, + javaapplayer.Setup, + memcachedlayer.Setup, + mysqllayer.Setup, + nodejsapplayer.Setup, + permission.Setup, + phpapplayer.Setup, + railsapplayer.Setup, + rdsdbinstance.Setup, + stack.Setup, + staticweblayer.Setup, + userprofile.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_organizations_setup.go b/internal/controller/zz_organizations_setup.go new file mode 100755 index 0000000000..563043e61b --- /dev/null +++ b/internal/controller/zz_organizations_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + account "github.com/upbound/provider-aws/internal/controller/organizations/account" + delegatedadministrator "github.com/upbound/provider-aws/internal/controller/organizations/delegatedadministrator" + organization "github.com/upbound/provider-aws/internal/controller/organizations/organization" + organizationalunit "github.com/upbound/provider-aws/internal/controller/organizations/organizationalunit" + policy "github.com/upbound/provider-aws/internal/controller/organizations/policy" + policyattachment "github.com/upbound/provider-aws/internal/controller/organizations/policyattachment" +) + +// Setup_organizations creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_organizations(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + account.Setup, + delegatedadministrator.Setup, + organization.Setup, + organizationalunit.Setup, + policy.Setup, + policyattachment.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_pinpoint_setup.go b/internal/controller/zz_pinpoint_setup.go new file mode 100755 index 0000000000..81d1e2584f --- /dev/null +++ b/internal/controller/zz_pinpoint_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + app "github.com/upbound/provider-aws/internal/controller/pinpoint/app" + smschannel "github.com/upbound/provider-aws/internal/controller/pinpoint/smschannel" +) + +// Setup_pinpoint creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_pinpoint(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + app.Setup, + smschannel.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_qldb_setup.go b/internal/controller/zz_qldb_setup.go new file mode 100755 index 0000000000..e82baccb95 --- /dev/null +++ b/internal/controller/zz_qldb_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + ledger "github.com/upbound/provider-aws/internal/controller/qldb/ledger" + stream "github.com/upbound/provider-aws/internal/controller/qldb/stream" +) + +// Setup_qldb creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_qldb(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + ledger.Setup, + stream.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_quicksight_setup.go b/internal/controller/zz_quicksight_setup.go new file mode 100755 index 0000000000..56165382a0 --- /dev/null +++ b/internal/controller/zz_quicksight_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + group "github.com/upbound/provider-aws/internal/controller/quicksight/group" + user "github.com/upbound/provider-aws/internal/controller/quicksight/user" +) + +// Setup_quicksight creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_quicksight(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + group.Setup, + user.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ram_setup.go b/internal/controller/zz_ram_setup.go new file mode 100755 index 0000000000..c2697aec40 --- /dev/null +++ b/internal/controller/zz_ram_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + resourceassociation "github.com/upbound/provider-aws/internal/controller/ram/resourceassociation" + resourceshare "github.com/upbound/provider-aws/internal/controller/ram/resourceshare" +) + +// Setup_ram creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ram(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + resourceassociation.Setup, + resourceshare.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_rds_setup.go b/internal/controller/zz_rds_setup.go new file mode 100755 index 0000000000..f28c98c349 --- /dev/null +++ b/internal/controller/zz_rds_setup.go @@ -0,0 +1,68 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/rds/cluster" + clusteractivitystream "github.com/upbound/provider-aws/internal/controller/rds/clusteractivitystream" + clusterendpoint "github.com/upbound/provider-aws/internal/controller/rds/clusterendpoint" + clusterinstance "github.com/upbound/provider-aws/internal/controller/rds/clusterinstance" + clusterparametergroup "github.com/upbound/provider-aws/internal/controller/rds/clusterparametergroup" + clusterroleassociation "github.com/upbound/provider-aws/internal/controller/rds/clusterroleassociation" + clustersnapshot "github.com/upbound/provider-aws/internal/controller/rds/clustersnapshot" + dbinstanceautomatedbackupsreplication "github.com/upbound/provider-aws/internal/controller/rds/dbinstanceautomatedbackupsreplication" + dbsnapshotcopy "github.com/upbound/provider-aws/internal/controller/rds/dbsnapshotcopy" + eventsubscription "github.com/upbound/provider-aws/internal/controller/rds/eventsubscription" + globalcluster "github.com/upbound/provider-aws/internal/controller/rds/globalcluster" + instance "github.com/upbound/provider-aws/internal/controller/rds/instance" + instanceroleassociation "github.com/upbound/provider-aws/internal/controller/rds/instanceroleassociation" + optiongroup "github.com/upbound/provider-aws/internal/controller/rds/optiongroup" + parametergroup "github.com/upbound/provider-aws/internal/controller/rds/parametergroup" + proxy "github.com/upbound/provider-aws/internal/controller/rds/proxy" + proxydefaulttargetgroup "github.com/upbound/provider-aws/internal/controller/rds/proxydefaulttargetgroup" + proxyendpoint "github.com/upbound/provider-aws/internal/controller/rds/proxyendpoint" + proxytarget "github.com/upbound/provider-aws/internal/controller/rds/proxytarget" + securitygroup "github.com/upbound/provider-aws/internal/controller/rds/securitygroup" + snapshot "github.com/upbound/provider-aws/internal/controller/rds/snapshot" + subnetgroup "github.com/upbound/provider-aws/internal/controller/rds/subnetgroup" +) + +// Setup_rds creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_rds(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + clusteractivitystream.Setup, + clusterendpoint.Setup, + clusterinstance.Setup, + clusterparametergroup.Setup, + clusterroleassociation.Setup, + clustersnapshot.Setup, + dbinstanceautomatedbackupsreplication.Setup, + dbsnapshotcopy.Setup, + eventsubscription.Setup, + globalcluster.Setup, + instance.Setup, + instanceroleassociation.Setup, + optiongroup.Setup, + parametergroup.Setup, + proxy.Setup, + proxydefaulttargetgroup.Setup, + proxyendpoint.Setup, + proxytarget.Setup, + securitygroup.Setup, + snapshot.Setup, + subnetgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_redshift_setup.go b/internal/controller/zz_redshift_setup.go new file mode 100755 index 0000000000..51c41d0679 --- /dev/null +++ b/internal/controller/zz_redshift_setup.go @@ -0,0 +1,48 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + authenticationprofile "github.com/upbound/provider-aws/internal/controller/redshift/authenticationprofile" + cluster "github.com/upbound/provider-aws/internal/controller/redshift/cluster" + eventsubscription "github.com/upbound/provider-aws/internal/controller/redshift/eventsubscription" + hsmclientcertificate "github.com/upbound/provider-aws/internal/controller/redshift/hsmclientcertificate" + hsmconfiguration "github.com/upbound/provider-aws/internal/controller/redshift/hsmconfiguration" + parametergroup "github.com/upbound/provider-aws/internal/controller/redshift/parametergroup" + scheduledaction "github.com/upbound/provider-aws/internal/controller/redshift/scheduledaction" + snapshotcopygrant "github.com/upbound/provider-aws/internal/controller/redshift/snapshotcopygrant" + snapshotschedule "github.com/upbound/provider-aws/internal/controller/redshift/snapshotschedule" + snapshotscheduleassociation "github.com/upbound/provider-aws/internal/controller/redshift/snapshotscheduleassociation" + subnetgroup "github.com/upbound/provider-aws/internal/controller/redshift/subnetgroup" + usagelimit "github.com/upbound/provider-aws/internal/controller/redshift/usagelimit" +) + +// Setup_redshift creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_redshift(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + authenticationprofile.Setup, + cluster.Setup, + eventsubscription.Setup, + hsmclientcertificate.Setup, + hsmconfiguration.Setup, + parametergroup.Setup, + scheduledaction.Setup, + snapshotcopygrant.Setup, + snapshotschedule.Setup, + snapshotscheduleassociation.Setup, + subnetgroup.Setup, + usagelimit.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_resourcegroups_setup.go b/internal/controller/zz_resourcegroups_setup.go new file mode 100755 index 0000000000..e34aad6cdc --- /dev/null +++ b/internal/controller/zz_resourcegroups_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + group "github.com/upbound/provider-aws/internal/controller/resourcegroups/group" +) + +// Setup_resourcegroups creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_resourcegroups(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + group.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_rolesanywhere_setup.go b/internal/controller/zz_rolesanywhere_setup.go new file mode 100755 index 0000000000..ef66b9bcbb --- /dev/null +++ b/internal/controller/zz_rolesanywhere_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + profile "github.com/upbound/provider-aws/internal/controller/rolesanywhere/profile" +) + +// Setup_rolesanywhere creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_rolesanywhere(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + profile.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_route53_setup.go b/internal/controller/zz_route53_setup.go new file mode 100755 index 0000000000..d29c62fb68 --- /dev/null +++ b/internal/controller/zz_route53_setup.go @@ -0,0 +1,42 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + delegationset "github.com/upbound/provider-aws/internal/controller/route53/delegationset" + healthcheck "github.com/upbound/provider-aws/internal/controller/route53/healthcheck" + hostedzonednssec "github.com/upbound/provider-aws/internal/controller/route53/hostedzonednssec" + record "github.com/upbound/provider-aws/internal/controller/route53/record" + resolverconfig "github.com/upbound/provider-aws/internal/controller/route53/resolverconfig" + trafficpolicy "github.com/upbound/provider-aws/internal/controller/route53/trafficpolicy" + trafficpolicyinstance "github.com/upbound/provider-aws/internal/controller/route53/trafficpolicyinstance" + vpcassociationauthorization "github.com/upbound/provider-aws/internal/controller/route53/vpcassociationauthorization" + zone "github.com/upbound/provider-aws/internal/controller/route53/zone" +) + +// Setup_route53 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_route53(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + delegationset.Setup, + healthcheck.Setup, + hostedzonednssec.Setup, + record.Setup, + resolverconfig.Setup, + trafficpolicy.Setup, + trafficpolicyinstance.Setup, + vpcassociationauthorization.Setup, + zone.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_route53recoverycontrolconfig_setup.go b/internal/controller/zz_route53recoverycontrolconfig_setup.go new file mode 100755 index 0000000000..fe7047efe6 --- /dev/null +++ b/internal/controller/zz_route53recoverycontrolconfig_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cluster "github.com/upbound/provider-aws/internal/controller/route53recoverycontrolconfig/cluster" + controlpanel "github.com/upbound/provider-aws/internal/controller/route53recoverycontrolconfig/controlpanel" + routingcontrol "github.com/upbound/provider-aws/internal/controller/route53recoverycontrolconfig/routingcontrol" + safetyrule "github.com/upbound/provider-aws/internal/controller/route53recoverycontrolconfig/safetyrule" +) + +// Setup_route53recoverycontrolconfig creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_route53recoverycontrolconfig(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + controlpanel.Setup, + routingcontrol.Setup, + safetyrule.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_route53recoveryreadiness_setup.go b/internal/controller/zz_route53recoveryreadiness_setup.go new file mode 100755 index 0000000000..46879a5e47 --- /dev/null +++ b/internal/controller/zz_route53recoveryreadiness_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cell "github.com/upbound/provider-aws/internal/controller/route53recoveryreadiness/cell" + readinesscheck "github.com/upbound/provider-aws/internal/controller/route53recoveryreadiness/readinesscheck" + recoverygroup "github.com/upbound/provider-aws/internal/controller/route53recoveryreadiness/recoverygroup" + resourceset "github.com/upbound/provider-aws/internal/controller/route53recoveryreadiness/resourceset" +) + +// Setup_route53recoveryreadiness creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_route53recoveryreadiness(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cell.Setup, + readinesscheck.Setup, + recoverygroup.Setup, + resourceset.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_route53resolver_setup.go b/internal/controller/zz_route53resolver_setup.go new file mode 100755 index 0000000000..d83826123a --- /dev/null +++ b/internal/controller/zz_route53resolver_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + endpoint "github.com/upbound/provider-aws/internal/controller/route53resolver/endpoint" + rule "github.com/upbound/provider-aws/internal/controller/route53resolver/rule" + ruleassociation "github.com/upbound/provider-aws/internal/controller/route53resolver/ruleassociation" +) + +// Setup_route53resolver creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_route53resolver(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + endpoint.Setup, + rule.Setup, + ruleassociation.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_rum_setup.go b/internal/controller/zz_rum_setup.go new file mode 100755 index 0000000000..93bba3a1df --- /dev/null +++ b/internal/controller/zz_rum_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + appmonitor "github.com/upbound/provider-aws/internal/controller/rum/appmonitor" + metricsdestination "github.com/upbound/provider-aws/internal/controller/rum/metricsdestination" +) + +// Setup_rum creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_rum(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + appmonitor.Setup, + metricsdestination.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_s3_setup.go b/internal/controller/zz_s3_setup.go new file mode 100755 index 0000000000..26c4e1eaef --- /dev/null +++ b/internal/controller/zz_s3_setup.go @@ -0,0 +1,70 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + bucket "github.com/upbound/provider-aws/internal/controller/s3/bucket" + bucketaccelerateconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketaccelerateconfiguration" + bucketacl "github.com/upbound/provider-aws/internal/controller/s3/bucketacl" + bucketanalyticsconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketanalyticsconfiguration" + bucketcorsconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketcorsconfiguration" + bucketintelligenttieringconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketintelligenttieringconfiguration" + bucketinventory "github.com/upbound/provider-aws/internal/controller/s3/bucketinventory" + bucketlifecycleconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketlifecycleconfiguration" + bucketlogging "github.com/upbound/provider-aws/internal/controller/s3/bucketlogging" + bucketmetric "github.com/upbound/provider-aws/internal/controller/s3/bucketmetric" + bucketnotification "github.com/upbound/provider-aws/internal/controller/s3/bucketnotification" + bucketobject "github.com/upbound/provider-aws/internal/controller/s3/bucketobject" + bucketobjectlockconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketobjectlockconfiguration" + bucketownershipcontrols "github.com/upbound/provider-aws/internal/controller/s3/bucketownershipcontrols" + bucketpolicy "github.com/upbound/provider-aws/internal/controller/s3/bucketpolicy" + bucketpublicaccessblock "github.com/upbound/provider-aws/internal/controller/s3/bucketpublicaccessblock" + bucketreplicationconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketreplicationconfiguration" + bucketrequestpaymentconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketrequestpaymentconfiguration" + bucketserversideencryptionconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketserversideencryptionconfiguration" + bucketversioning "github.com/upbound/provider-aws/internal/controller/s3/bucketversioning" + bucketwebsiteconfiguration "github.com/upbound/provider-aws/internal/controller/s3/bucketwebsiteconfiguration" + object "github.com/upbound/provider-aws/internal/controller/s3/object" + objectcopy "github.com/upbound/provider-aws/internal/controller/s3/objectcopy" +) + +// Setup_s3 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_s3(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + bucket.Setup, + bucketaccelerateconfiguration.Setup, + bucketacl.Setup, + bucketanalyticsconfiguration.Setup, + bucketcorsconfiguration.Setup, + bucketintelligenttieringconfiguration.Setup, + bucketinventory.Setup, + bucketlifecycleconfiguration.Setup, + bucketlogging.Setup, + bucketmetric.Setup, + bucketnotification.Setup, + bucketobject.Setup, + bucketobjectlockconfiguration.Setup, + bucketownershipcontrols.Setup, + bucketpolicy.Setup, + bucketpublicaccessblock.Setup, + bucketreplicationconfiguration.Setup, + bucketrequestpaymentconfiguration.Setup, + bucketserversideencryptionconfiguration.Setup, + bucketversioning.Setup, + bucketwebsiteconfiguration.Setup, + object.Setup, + objectcopy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_s3control_setup.go b/internal/controller/zz_s3control_setup.go new file mode 100755 index 0000000000..e554f2af9d --- /dev/null +++ b/internal/controller/zz_s3control_setup.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + accesspoint "github.com/upbound/provider-aws/internal/controller/s3control/accesspoint" + accesspointpolicy "github.com/upbound/provider-aws/internal/controller/s3control/accesspointpolicy" + accountpublicaccessblock "github.com/upbound/provider-aws/internal/controller/s3control/accountpublicaccessblock" + multiregionaccesspoint "github.com/upbound/provider-aws/internal/controller/s3control/multiregionaccesspoint" + multiregionaccesspointpolicy "github.com/upbound/provider-aws/internal/controller/s3control/multiregionaccesspointpolicy" + objectlambdaaccesspoint "github.com/upbound/provider-aws/internal/controller/s3control/objectlambdaaccesspoint" + objectlambdaaccesspointpolicy "github.com/upbound/provider-aws/internal/controller/s3control/objectlambdaaccesspointpolicy" + storagelensconfiguration "github.com/upbound/provider-aws/internal/controller/s3control/storagelensconfiguration" +) + +// Setup_s3control creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_s3control(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accesspoint.Setup, + accesspointpolicy.Setup, + accountpublicaccessblock.Setup, + multiregionaccesspoint.Setup, + multiregionaccesspointpolicy.Setup, + objectlambdaaccesspoint.Setup, + objectlambdaaccesspointpolicy.Setup, + storagelensconfiguration.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_sagemaker_setup.go b/internal/controller/zz_sagemaker_setup.go new file mode 100755 index 0000000000..5d5fc544fd --- /dev/null +++ b/internal/controller/zz_sagemaker_setup.go @@ -0,0 +1,66 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + app "github.com/upbound/provider-aws/internal/controller/sagemaker/app" + appimageconfig "github.com/upbound/provider-aws/internal/controller/sagemaker/appimageconfig" + coderepository "github.com/upbound/provider-aws/internal/controller/sagemaker/coderepository" + device "github.com/upbound/provider-aws/internal/controller/sagemaker/device" + devicefleet "github.com/upbound/provider-aws/internal/controller/sagemaker/devicefleet" + domain "github.com/upbound/provider-aws/internal/controller/sagemaker/domain" + endpointconfiguration "github.com/upbound/provider-aws/internal/controller/sagemaker/endpointconfiguration" + featuregroup "github.com/upbound/provider-aws/internal/controller/sagemaker/featuregroup" + image "github.com/upbound/provider-aws/internal/controller/sagemaker/image" + imageversion "github.com/upbound/provider-aws/internal/controller/sagemaker/imageversion" + model "github.com/upbound/provider-aws/internal/controller/sagemaker/model" + modelpackagegroup "github.com/upbound/provider-aws/internal/controller/sagemaker/modelpackagegroup" + modelpackagegrouppolicy "github.com/upbound/provider-aws/internal/controller/sagemaker/modelpackagegrouppolicy" + notebookinstance "github.com/upbound/provider-aws/internal/controller/sagemaker/notebookinstance" + notebookinstancelifecycleconfiguration "github.com/upbound/provider-aws/internal/controller/sagemaker/notebookinstancelifecycleconfiguration" + servicecatalogportfoliostatus "github.com/upbound/provider-aws/internal/controller/sagemaker/servicecatalogportfoliostatus" + space "github.com/upbound/provider-aws/internal/controller/sagemaker/space" + studiolifecycleconfig "github.com/upbound/provider-aws/internal/controller/sagemaker/studiolifecycleconfig" + userprofile "github.com/upbound/provider-aws/internal/controller/sagemaker/userprofile" + workforce "github.com/upbound/provider-aws/internal/controller/sagemaker/workforce" + workteam "github.com/upbound/provider-aws/internal/controller/sagemaker/workteam" +) + +// Setup_sagemaker creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_sagemaker(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + app.Setup, + appimageconfig.Setup, + coderepository.Setup, + device.Setup, + devicefleet.Setup, + domain.Setup, + endpointconfiguration.Setup, + featuregroup.Setup, + image.Setup, + imageversion.Setup, + model.Setup, + modelpackagegroup.Setup, + modelpackagegrouppolicy.Setup, + notebookinstance.Setup, + notebookinstancelifecycleconfiguration.Setup, + servicecatalogportfoliostatus.Setup, + space.Setup, + studiolifecycleconfig.Setup, + userprofile.Setup, + workforce.Setup, + workteam.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_scheduler_setup.go b/internal/controller/zz_scheduler_setup.go new file mode 100755 index 0000000000..e55b07381c --- /dev/null +++ b/internal/controller/zz_scheduler_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + schedule "github.com/upbound/provider-aws/internal/controller/scheduler/schedule" + schedulegroup "github.com/upbound/provider-aws/internal/controller/scheduler/schedulegroup" +) + +// Setup_scheduler creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_scheduler(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + schedule.Setup, + schedulegroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_schemas_setup.go b/internal/controller/zz_schemas_setup.go new file mode 100755 index 0000000000..1f8fe71df5 --- /dev/null +++ b/internal/controller/zz_schemas_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + discoverer "github.com/upbound/provider-aws/internal/controller/schemas/discoverer" + registry "github.com/upbound/provider-aws/internal/controller/schemas/registry" + schema "github.com/upbound/provider-aws/internal/controller/schemas/schema" +) + +// Setup_schemas creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_schemas(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + discoverer.Setup, + registry.Setup, + schema.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_secretsmanager_setup.go b/internal/controller/zz_secretsmanager_setup.go new file mode 100755 index 0000000000..a8a293b813 --- /dev/null +++ b/internal/controller/zz_secretsmanager_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + secret "github.com/upbound/provider-aws/internal/controller/secretsmanager/secret" + secretpolicy "github.com/upbound/provider-aws/internal/controller/secretsmanager/secretpolicy" + secretrotation "github.com/upbound/provider-aws/internal/controller/secretsmanager/secretrotation" + secretversion "github.com/upbound/provider-aws/internal/controller/secretsmanager/secretversion" +) + +// Setup_secretsmanager creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_secretsmanager(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + secret.Setup, + secretpolicy.Setup, + secretrotation.Setup, + secretversion.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_securityhub_setup.go b/internal/controller/zz_securityhub_setup.go new file mode 100755 index 0000000000..e071f750f4 --- /dev/null +++ b/internal/controller/zz_securityhub_setup.go @@ -0,0 +1,40 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + account "github.com/upbound/provider-aws/internal/controller/securityhub/account" + actiontarget "github.com/upbound/provider-aws/internal/controller/securityhub/actiontarget" + findingaggregator "github.com/upbound/provider-aws/internal/controller/securityhub/findingaggregator" + insight "github.com/upbound/provider-aws/internal/controller/securityhub/insight" + inviteaccepter "github.com/upbound/provider-aws/internal/controller/securityhub/inviteaccepter" + member "github.com/upbound/provider-aws/internal/controller/securityhub/member" + productsubscription "github.com/upbound/provider-aws/internal/controller/securityhub/productsubscription" + standardssubscription "github.com/upbound/provider-aws/internal/controller/securityhub/standardssubscription" +) + +// Setup_securityhub creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_securityhub(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + account.Setup, + actiontarget.Setup, + findingaggregator.Setup, + insight.Setup, + inviteaccepter.Setup, + member.Setup, + productsubscription.Setup, + standardssubscription.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_serverlessrepo_setup.go b/internal/controller/zz_serverlessrepo_setup.go new file mode 100755 index 0000000000..98e23f7b35 --- /dev/null +++ b/internal/controller/zz_serverlessrepo_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + cloudformationstack "github.com/upbound/provider-aws/internal/controller/serverlessrepo/cloudformationstack" +) + +// Setup_serverlessrepo creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_serverlessrepo(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cloudformationstack.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_servicecatalog_setup.go b/internal/controller/zz_servicecatalog_setup.go new file mode 100755 index 0000000000..6b9514ccf3 --- /dev/null +++ b/internal/controller/zz_servicecatalog_setup.go @@ -0,0 +1,46 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + budgetresourceassociation "github.com/upbound/provider-aws/internal/controller/servicecatalog/budgetresourceassociation" + constraint "github.com/upbound/provider-aws/internal/controller/servicecatalog/constraint" + portfolio "github.com/upbound/provider-aws/internal/controller/servicecatalog/portfolio" + portfolioshare "github.com/upbound/provider-aws/internal/controller/servicecatalog/portfolioshare" + principalportfolioassociation "github.com/upbound/provider-aws/internal/controller/servicecatalog/principalportfolioassociation" + product "github.com/upbound/provider-aws/internal/controller/servicecatalog/product" + productportfolioassociation "github.com/upbound/provider-aws/internal/controller/servicecatalog/productportfolioassociation" + provisioningartifact "github.com/upbound/provider-aws/internal/controller/servicecatalog/provisioningartifact" + serviceaction "github.com/upbound/provider-aws/internal/controller/servicecatalog/serviceaction" + tagoption "github.com/upbound/provider-aws/internal/controller/servicecatalog/tagoption" + tagoptionresourceassociation "github.com/upbound/provider-aws/internal/controller/servicecatalog/tagoptionresourceassociation" +) + +// Setup_servicecatalog creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_servicecatalog(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + budgetresourceassociation.Setup, + constraint.Setup, + portfolio.Setup, + portfolioshare.Setup, + principalportfolioassociation.Setup, + product.Setup, + productportfolioassociation.Setup, + provisioningartifact.Setup, + serviceaction.Setup, + tagoption.Setup, + tagoptionresourceassociation.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_servicediscovery_setup.go b/internal/controller/zz_servicediscovery_setup.go new file mode 100755 index 0000000000..1d4d0cbccd --- /dev/null +++ b/internal/controller/zz_servicediscovery_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + httpnamespace "github.com/upbound/provider-aws/internal/controller/servicediscovery/httpnamespace" + privatednsnamespace "github.com/upbound/provider-aws/internal/controller/servicediscovery/privatednsnamespace" + publicdnsnamespace "github.com/upbound/provider-aws/internal/controller/servicediscovery/publicdnsnamespace" + service "github.com/upbound/provider-aws/internal/controller/servicediscovery/service" +) + +// Setup_servicediscovery creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_servicediscovery(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + httpnamespace.Setup, + privatednsnamespace.Setup, + publicdnsnamespace.Setup, + service.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_servicequotas_setup.go b/internal/controller/zz_servicequotas_setup.go new file mode 100755 index 0000000000..f15c3bf359 --- /dev/null +++ b/internal/controller/zz_servicequotas_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + servicequota "github.com/upbound/provider-aws/internal/controller/servicequotas/servicequota" +) + +// Setup_servicequotas creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_servicequotas(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + servicequota.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ses_setup.go b/internal/controller/zz_ses_setup.go new file mode 100755 index 0000000000..de7d3fdb6d --- /dev/null +++ b/internal/controller/zz_ses_setup.go @@ -0,0 +1,50 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + activereceiptruleset "github.com/upbound/provider-aws/internal/controller/ses/activereceiptruleset" + configurationset "github.com/upbound/provider-aws/internal/controller/ses/configurationset" + domaindkim "github.com/upbound/provider-aws/internal/controller/ses/domaindkim" + domainidentity "github.com/upbound/provider-aws/internal/controller/ses/domainidentity" + domainmailfrom "github.com/upbound/provider-aws/internal/controller/ses/domainmailfrom" + emailidentity "github.com/upbound/provider-aws/internal/controller/ses/emailidentity" + eventdestination "github.com/upbound/provider-aws/internal/controller/ses/eventdestination" + identitynotificationtopic "github.com/upbound/provider-aws/internal/controller/ses/identitynotificationtopic" + identitypolicy "github.com/upbound/provider-aws/internal/controller/ses/identitypolicy" + receiptfilter "github.com/upbound/provider-aws/internal/controller/ses/receiptfilter" + receiptrule "github.com/upbound/provider-aws/internal/controller/ses/receiptrule" + receiptruleset "github.com/upbound/provider-aws/internal/controller/ses/receiptruleset" + template "github.com/upbound/provider-aws/internal/controller/ses/template" +) + +// Setup_ses creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ses(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + activereceiptruleset.Setup, + configurationset.Setup, + domaindkim.Setup, + domainidentity.Setup, + domainmailfrom.Setup, + emailidentity.Setup, + eventdestination.Setup, + identitynotificationtopic.Setup, + identitypolicy.Setup, + receiptfilter.Setup, + receiptrule.Setup, + receiptruleset.Setup, + template.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_sesv2_setup.go b/internal/controller/zz_sesv2_setup.go new file mode 100755 index 0000000000..6ba64ae88b --- /dev/null +++ b/internal/controller/zz_sesv2_setup.go @@ -0,0 +1,36 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + configurationset "github.com/upbound/provider-aws/internal/controller/sesv2/configurationset" + configurationseteventdestination "github.com/upbound/provider-aws/internal/controller/sesv2/configurationseteventdestination" + dedicatedippool "github.com/upbound/provider-aws/internal/controller/sesv2/dedicatedippool" + emailidentity "github.com/upbound/provider-aws/internal/controller/sesv2/emailidentity" + emailidentityfeedbackattributes "github.com/upbound/provider-aws/internal/controller/sesv2/emailidentityfeedbackattributes" + emailidentitymailfromattributes "github.com/upbound/provider-aws/internal/controller/sesv2/emailidentitymailfromattributes" +) + +// Setup_sesv2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_sesv2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + configurationset.Setup, + configurationseteventdestination.Setup, + dedicatedippool.Setup, + emailidentity.Setup, + emailidentityfeedbackattributes.Setup, + emailidentitymailfromattributes.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_sfn_setup.go b/internal/controller/zz_sfn_setup.go new file mode 100755 index 0000000000..724cbb892b --- /dev/null +++ b/internal/controller/zz_sfn_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + activity "github.com/upbound/provider-aws/internal/controller/sfn/activity" + statemachine "github.com/upbound/provider-aws/internal/controller/sfn/statemachine" +) + +// Setup_sfn creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_sfn(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + activity.Setup, + statemachine.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_signer_setup.go b/internal/controller/zz_signer_setup.go new file mode 100755 index 0000000000..595c82b6bc --- /dev/null +++ b/internal/controller/zz_signer_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + signingjob "github.com/upbound/provider-aws/internal/controller/signer/signingjob" + signingprofile "github.com/upbound/provider-aws/internal/controller/signer/signingprofile" + signingprofilepermission "github.com/upbound/provider-aws/internal/controller/signer/signingprofilepermission" +) + +// Setup_signer creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_signer(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + signingjob.Setup, + signingprofile.Setup, + signingprofilepermission.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_simpledb_setup.go b/internal/controller/zz_simpledb_setup.go new file mode 100755 index 0000000000..33b7ecdad0 --- /dev/null +++ b/internal/controller/zz_simpledb_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + domain "github.com/upbound/provider-aws/internal/controller/simpledb/domain" +) + +// Setup_simpledb creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_simpledb(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + domain.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_sns_setup.go b/internal/controller/zz_sns_setup.go new file mode 100755 index 0000000000..15fedd8a6b --- /dev/null +++ b/internal/controller/zz_sns_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + platformapplication "github.com/upbound/provider-aws/internal/controller/sns/platformapplication" + smspreferences "github.com/upbound/provider-aws/internal/controller/sns/smspreferences" + topic "github.com/upbound/provider-aws/internal/controller/sns/topic" + topicpolicy "github.com/upbound/provider-aws/internal/controller/sns/topicpolicy" + topicsubscription "github.com/upbound/provider-aws/internal/controller/sns/topicsubscription" +) + +// Setup_sns creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_sns(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + platformapplication.Setup, + smspreferences.Setup, + topic.Setup, + topicpolicy.Setup, + topicsubscription.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_sqs_setup.go b/internal/controller/zz_sqs_setup.go new file mode 100755 index 0000000000..7a6f58d694 --- /dev/null +++ b/internal/controller/zz_sqs_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + queue "github.com/upbound/provider-aws/internal/controller/sqs/queue" + queuepolicy "github.com/upbound/provider-aws/internal/controller/sqs/queuepolicy" + queueredriveallowpolicy "github.com/upbound/provider-aws/internal/controller/sqs/queueredriveallowpolicy" + queueredrivepolicy "github.com/upbound/provider-aws/internal/controller/sqs/queueredrivepolicy" +) + +// Setup_sqs creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_sqs(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + queue.Setup, + queuepolicy.Setup, + queueredriveallowpolicy.Setup, + queueredrivepolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ssm_setup.go b/internal/controller/zz_ssm_setup.go new file mode 100755 index 0000000000..cd803d3a54 --- /dev/null +++ b/internal/controller/zz_ssm_setup.go @@ -0,0 +1,48 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + activation "github.com/upbound/provider-aws/internal/controller/ssm/activation" + association "github.com/upbound/provider-aws/internal/controller/ssm/association" + defaultpatchbaseline "github.com/upbound/provider-aws/internal/controller/ssm/defaultpatchbaseline" + document "github.com/upbound/provider-aws/internal/controller/ssm/document" + maintenancewindow "github.com/upbound/provider-aws/internal/controller/ssm/maintenancewindow" + maintenancewindowtarget "github.com/upbound/provider-aws/internal/controller/ssm/maintenancewindowtarget" + maintenancewindowtask "github.com/upbound/provider-aws/internal/controller/ssm/maintenancewindowtask" + parameter "github.com/upbound/provider-aws/internal/controller/ssm/parameter" + patchbaseline "github.com/upbound/provider-aws/internal/controller/ssm/patchbaseline" + patchgroup "github.com/upbound/provider-aws/internal/controller/ssm/patchgroup" + resourcedatasync "github.com/upbound/provider-aws/internal/controller/ssm/resourcedatasync" + servicesetting "github.com/upbound/provider-aws/internal/controller/ssm/servicesetting" +) + +// Setup_ssm creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ssm(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + activation.Setup, + association.Setup, + defaultpatchbaseline.Setup, + document.Setup, + maintenancewindow.Setup, + maintenancewindowtarget.Setup, + maintenancewindowtask.Setup, + parameter.Setup, + patchbaseline.Setup, + patchgroup.Setup, + resourcedatasync.Setup, + servicesetting.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_ssoadmin_setup.go b/internal/controller/zz_ssoadmin_setup.go new file mode 100755 index 0000000000..f67112f92a --- /dev/null +++ b/internal/controller/zz_ssoadmin_setup.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + accountassignment "github.com/upbound/provider-aws/internal/controller/ssoadmin/accountassignment" + managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" + permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" +) + +// Setup_ssoadmin creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_ssoadmin(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accountassignment.Setup, + managedpolicyattachment.Setup, + permissionset.Setup, + permissionsetinlinepolicy.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_swf_setup.go b/internal/controller/zz_swf_setup.go new file mode 100755 index 0000000000..5ec908e35a --- /dev/null +++ b/internal/controller/zz_swf_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + domain "github.com/upbound/provider-aws/internal/controller/swf/domain" +) + +// Setup_swf creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_swf(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + domain.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_timestreamwrite_setup.go b/internal/controller/zz_timestreamwrite_setup.go new file mode 100755 index 0000000000..d968f6a187 --- /dev/null +++ b/internal/controller/zz_timestreamwrite_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + database "github.com/upbound/provider-aws/internal/controller/timestreamwrite/database" + table "github.com/upbound/provider-aws/internal/controller/timestreamwrite/table" +) + +// Setup_timestreamwrite creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_timestreamwrite(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + database.Setup, + table.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_transcribe_setup.go b/internal/controller/zz_transcribe_setup.go new file mode 100755 index 0000000000..444ba55f56 --- /dev/null +++ b/internal/controller/zz_transcribe_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + languagemodel "github.com/upbound/provider-aws/internal/controller/transcribe/languagemodel" + vocabulary "github.com/upbound/provider-aws/internal/controller/transcribe/vocabulary" + vocabularyfilter "github.com/upbound/provider-aws/internal/controller/transcribe/vocabularyfilter" +) + +// Setup_transcribe creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_transcribe(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + languagemodel.Setup, + vocabulary.Setup, + vocabularyfilter.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_transfer_setup.go b/internal/controller/zz_transfer_setup.go new file mode 100755 index 0000000000..06bd382250 --- /dev/null +++ b/internal/controller/zz_transfer_setup.go @@ -0,0 +1,34 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + server "github.com/upbound/provider-aws/internal/controller/transfer/server" + sshkey "github.com/upbound/provider-aws/internal/controller/transfer/sshkey" + tag "github.com/upbound/provider-aws/internal/controller/transfer/tag" + user "github.com/upbound/provider-aws/internal/controller/transfer/user" + workflow "github.com/upbound/provider-aws/internal/controller/transfer/workflow" +) + +// Setup_transfer creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_transfer(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + server.Setup, + sshkey.Setup, + tag.Setup, + user.Setup, + workflow.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_vpc_setup.go b/internal/controller/zz_vpc_setup.go new file mode 100755 index 0000000000..e7c3a1fe39 --- /dev/null +++ b/internal/controller/zz_vpc_setup.go @@ -0,0 +1,26 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + networkperformancemetricsubscription "github.com/upbound/provider-aws/internal/controller/vpc/networkperformancemetricsubscription" +) + +// Setup_vpc creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_vpc(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + networkperformancemetricsubscription.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_waf_setup.go b/internal/controller/zz_waf_setup.go new file mode 100755 index 0000000000..225255f9df --- /dev/null +++ b/internal/controller/zz_waf_setup.go @@ -0,0 +1,46 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + bytematchset "github.com/upbound/provider-aws/internal/controller/waf/bytematchset" + geomatchset "github.com/upbound/provider-aws/internal/controller/waf/geomatchset" + ipset "github.com/upbound/provider-aws/internal/controller/waf/ipset" + ratebasedrule "github.com/upbound/provider-aws/internal/controller/waf/ratebasedrule" + regexmatchset "github.com/upbound/provider-aws/internal/controller/waf/regexmatchset" + regexpatternset "github.com/upbound/provider-aws/internal/controller/waf/regexpatternset" + rule "github.com/upbound/provider-aws/internal/controller/waf/rule" + sizeconstraintset "github.com/upbound/provider-aws/internal/controller/waf/sizeconstraintset" + sqlinjectionmatchset "github.com/upbound/provider-aws/internal/controller/waf/sqlinjectionmatchset" + webacl "github.com/upbound/provider-aws/internal/controller/waf/webacl" + xssmatchset "github.com/upbound/provider-aws/internal/controller/waf/xssmatchset" +) + +// Setup_waf creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_waf(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + bytematchset.Setup, + geomatchset.Setup, + ipset.Setup, + ratebasedrule.Setup, + regexmatchset.Setup, + regexpatternset.Setup, + rule.Setup, + sizeconstraintset.Setup, + sqlinjectionmatchset.Setup, + webacl.Setup, + xssmatchset.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_wafregional_setup.go b/internal/controller/zz_wafregional_setup.go new file mode 100755 index 0000000000..db4097429c --- /dev/null +++ b/internal/controller/zz_wafregional_setup.go @@ -0,0 +1,46 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + bytematchset "github.com/upbound/provider-aws/internal/controller/wafregional/bytematchset" + geomatchset "github.com/upbound/provider-aws/internal/controller/wafregional/geomatchset" + ipset "github.com/upbound/provider-aws/internal/controller/wafregional/ipset" + ratebasedrule "github.com/upbound/provider-aws/internal/controller/wafregional/ratebasedrule" + regexmatchset "github.com/upbound/provider-aws/internal/controller/wafregional/regexmatchset" + regexpatternset "github.com/upbound/provider-aws/internal/controller/wafregional/regexpatternset" + rule "github.com/upbound/provider-aws/internal/controller/wafregional/rule" + sizeconstraintset "github.com/upbound/provider-aws/internal/controller/wafregional/sizeconstraintset" + sqlinjectionmatchset "github.com/upbound/provider-aws/internal/controller/wafregional/sqlinjectionmatchset" + webacl "github.com/upbound/provider-aws/internal/controller/wafregional/webacl" + xssmatchset "github.com/upbound/provider-aws/internal/controller/wafregional/xssmatchset" +) + +// Setup_wafregional creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_wafregional(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + bytematchset.Setup, + geomatchset.Setup, + ipset.Setup, + ratebasedrule.Setup, + regexmatchset.Setup, + regexpatternset.Setup, + rule.Setup, + sizeconstraintset.Setup, + sqlinjectionmatchset.Setup, + webacl.Setup, + xssmatchset.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_wafv2_setup.go b/internal/controller/zz_wafv2_setup.go new file mode 100755 index 0000000000..dd029efe74 --- /dev/null +++ b/internal/controller/zz_wafv2_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + ipset "github.com/upbound/provider-aws/internal/controller/wafv2/ipset" + regexpatternset "github.com/upbound/provider-aws/internal/controller/wafv2/regexpatternset" +) + +// Setup_wafv2 creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_wafv2(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + ipset.Setup, + regexpatternset.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_workspaces_setup.go b/internal/controller/zz_workspaces_setup.go new file mode 100755 index 0000000000..f214bd851e --- /dev/null +++ b/internal/controller/zz_workspaces_setup.go @@ -0,0 +1,28 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + directory "github.com/upbound/provider-aws/internal/controller/workspaces/directory" + ipgroup "github.com/upbound/provider-aws/internal/controller/workspaces/ipgroup" +) + +// Setup_workspaces creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_workspaces(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + directory.Setup, + ipgroup.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_xray_setup.go b/internal/controller/zz_xray_setup.go new file mode 100755 index 0000000000..bca5c1fd61 --- /dev/null +++ b/internal/controller/zz_xray_setup.go @@ -0,0 +1,30 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/upbound/upjet/pkg/controller" + + encryptionconfig "github.com/upbound/provider-aws/internal/controller/xray/encryptionconfig" + group "github.com/upbound/provider-aws/internal/controller/xray/group" + samplingrule "github.com/upbound/provider-aws/internal/controller/xray/samplingrule" +) + +// Setup_xray creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_xray(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + encryptionconfig.Setup, + group.Setup, + samplingrule.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +}