Merge pull request #6 from negz/haarchri-fixes

Make the project work
upbound · Nov 8, 2024 · 59174f9 · 59174f9
2 parents b06f958 + 9b6d749
commit 59174f9
Show file tree

Hide file tree

Showing 6 changed files with 104 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,25 @@
+# example-project-aws
+
+An example Upbound control plane project for Amazon Web Services (AWS).
+
+A control plane project is a source-level representation of a Crossplane control
+plane. It lets you treat your control plane configuration as a software project.
+With a control plane project you can build your compositions using a language
+like KCL or Python. This enables Crossplane schema-aware syntax highlighting,
+autocompletion, and linting.
+
+Read the [control plane project documentation][proj-docs] to learn more about
+control plane projects.
+
+This project defines a new `StorageBucket` API, which is powered by AWS S3. It
+includes [KCL][kcl-docs] and [Python][py-docs] functions that implement the
+composition logic.
+
+The project uses the KCL function by default. Edit [`composition.yaml`][comp] to
+switch to the Python function.
+
+
+[proj-docs]: https://docs.upbound.io/core-concepts/projects/
+[kcl-docs]: https://docs.upbound.io/core-concepts/kcl/overview/
+[py-docs]: https://docs.upbound.io/core-concepts/python/overview/
+[comp]: ./apis/xstoragebuckets/composition.yaml
diff --git a/apis/xstoragebuckets/composition.yaml b/apis/xstoragebuckets/composition.yaml
@@ -1,7 +1,6 @@
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
-  creationTimestamp: null
   name: xstoragebuckets.platform.example.com
 spec:
   compositeTypeRef:

diff --git a/examples/storagebucket/example.yaml b/examples/storagebucket/example.yaml
@@ -7,4 +7,4 @@ spec:
   parameters:
     region: us-west-1
     versioning: true
-    acl: public
+    acl: public-read
diff --git a/examples/storagebucket/providerconfig.yaml b/examples/storagebucket/providerconfig.yaml
@@ -0,0 +1,11 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: default
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-secret
+      key: my-aws-secret
diff --git a/functions/compose-bucket-kcl/main.k b/functions/compose-bucket-kcl/main.k
@@ -25,11 +25,43 @@ _items: [any] = [
             }
         }
     },
+    s3v1beta1.BucketOwnershipControls{
+        metadata: _metadata("{}-boc".format(oxr.metadata.name))
+        spec = {
+            forProvider = {
+                bucketRef = {
+                    name = bucketName
+                }
+                region = params.region
+                rule:[{
+                    objectOwnership:"BucketOwnerPreferred"
+                }]
+            }
+        }
+    },
+    s3v1beta1.BucketPublicAccessBlock{
+        metadata: _metadata("{}-pab".format(oxr.metadata.name))
+        spec = {
+            forProvider = {
+                bucketRef = {
+                    name = bucketName
+                }
+                region = params.region
+                blockPublicAcls: False
+                ignorePublicAcls: False
+                restrictPublicBuckets: False
+                blockPublicPolicy: False
+            }
+        }
+    },
     # ACL for the bucket
     s3v1beta1.BucketACL{
         metadata: _metadata("{}-acl".format(oxr.metadata.name))
         spec = {
             forProvider = {
+                bucketRef = {
+                    name = bucketName
+                }
                 region = params.region
                 acl = params.acl
             }

diff --git a/functions/compose-bucket-python/main.py b/functions/compose-bucket-python/main.py
@@ -5,6 +5,8 @@
 from .model.com.example.platform.xstoragebucket import v1alpha1
 from .model.io.upbound.aws.s3.bucket import v1beta1 as bucketv1beta1
 from .model.io.upbound.aws.s3.bucketacl import v1beta1 as aclv1beta1
+from .model.io.upbound.aws.s3.bucketownershipcontrols import v1beta1 as bocv1beta1
+from .model.io.upbound.aws.s3.bucketpublicaccessblock import v1beta1 as pabv1beta1
 from .model.io.upbound.aws.s3.bucketversioning import v1beta1 as verv1beta1
 from .model.io.upbound.aws.s3.bucketserversideencryptionconfiguration import (
     v1beta1 as ssev1beta1,
@@ -59,6 +61,39 @@ def compose(req: fnv1.RunFunctionRequest, rsp: fnv1.RunFunctionResponse):
     )
     resource.update(rsp.desired.resources["acl"], desired_acl)
 
+    desired_boc = bocv1beta1.BucketOwnershipControls(
+        apiVersion="s3.aws.upbound.io/v1beta1",
+        kind="BucketOwnershipControls",
+        spec=bocv1beta1.Spec(
+            forProvider=bocv1beta1.ForProvider(
+                region=params.region,
+                bucket=bucket_external_name,
+                rule=[
+                    bocv1beta1.RuleItem(
+                        objectOwnership="BucketOwnerPreferred",
+                    ),
+                ],
+            )
+        ),
+    )
+    resource.update(rsp.desired.resources["boc"], desired_boc)
+
+    desired_pab = pabv1beta1.BucketPublicAccessBlock(
+        apiVersion="s3.aws.upbound.io/v1beta1",
+        kind="BucketPublicAccessBlock",
+        spec=pabv1beta1.Spec(
+            forProvider=pabv1beta1.ForProvider(
+                region=params.region,
+                bucket=bucket_external_name,
+                blockPublicAcls=False,
+                ignorePublicAcls=False,
+                restrictPublicBuckets=False,
+                blockPublicPolicy=False,
+            )
+        ),
+    )
+    resource.update(rsp.desired.resources["pab"], desired_pab)
+
     desired_sse = ssev1beta1.BucketServerSideEncryptionConfiguration(
         apiVersion="s3.aws.upbound.io/v1beta1",
         kind="BucketServerSideEncryptionConfiguration",