From 9ac395c05165058f750eef76ce7afd3064519bf8 Mon Sep 17 00:00:00 2001
From: ci-robot <ci-robot@k8s.io>
Date: Fri, 17 Jun 2022 17:44:25 +0000
Subject: [PATCH] Update to ACK runtime `v0.19.1`, code-generator `v0.19.1`

---
 apis/v1alpha1/ack-generate-metadata.yaml        |  6 +++---
 config/controller/kustomization.yaml            |  2 +-
 go.mod                                          |  2 +-
 go.sum                                          |  4 ++--
 helm/Chart.yaml                                 |  4 ++--
 helm/templates/NOTES.txt                        |  2 +-
 helm/templates/_helpers.tpl                     | 10 ++++++++++
 helm/templates/deployment.yaml                  | 16 ++++++++++++++++
 helm/values.schema.json                         | 15 +++++++++++++++
 helm/values.yaml                                |  9 ++++++++-
 pkg/resource/pull_through_cache_rule/manager.go |  6 ++++++
 pkg/resource/pull_through_cache_rule/sdk.go     | 12 +++++++++---
 pkg/resource/repository/manager.go              |  6 ++++++
 pkg/resource/repository/sdk.go                  | 12 +++++++++---
 14 files changed, 89 insertions(+), 17 deletions(-)

diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
index c031e09..b4649fd 100755
--- a/apis/v1alpha1/ack-generate-metadata.yaml
+++ b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2022-06-13T22:50:16Z"
-  build_hash: a133935a9a93591a9e1ba9d5ca940cb83a1353b4
+  build_date: "2022-06-17T17:43:06Z"
+  build_hash: a45f3b900849ec03c5e16ed2778c0b8e2923ffee
   go_version: go1.17.5
-  version: v0.19.0
+  version: v0.19.1
 api_directory_checksum: 491bcbf020d520b2a48877f018674f6dc799571a
 api_version: v1alpha1
 aws_sdk_go_version: v1.43.45
diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml
index 361134f..f9f45b8 100644
--- a/config/controller/kustomization.yaml
+++ b/config/controller/kustomization.yaml
@@ -6,4 +6,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: public.ecr.aws/aws-controllers-k8s/ecr-controller
-  newTag: v0.1.2
+  newTag: v0.1.3
diff --git a/go.mod b/go.mod
index 9fb49ab..640b0ff 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/aws-controllers-k8s/ecr-controller
 go 1.17
 
 require (
-	github.com/aws-controllers-k8s/runtime v0.19.0
+	github.com/aws-controllers-k8s/runtime v0.19.1
 	github.com/aws/aws-sdk-go v1.43.45
 	github.com/go-logr/logr v1.2.0
 	github.com/spf13/pflag v1.0.5
diff --git a/go.sum b/go.sum
index 2455d61..b5b48e6 100644
--- a/go.sum
+++ b/go.sum
@@ -64,8 +64,8 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws-controllers-k8s/runtime v0.19.0 h1:+O5a6jBSBAd8XTNMrVCIYu4G+ZUPZe/G5eopVFO18Dc=
-github.com/aws-controllers-k8s/runtime v0.19.0/go.mod h1:oA8ML1/LL3chPn26P6SzBNu1CUI2nekB+PTqykNs0qU=
+github.com/aws-controllers-k8s/runtime v0.19.1 h1:OBV7vbIbLFRpXdAwJfoPGphhjTa7xSc3pS/kuYlKzRU=
+github.com/aws-controllers-k8s/runtime v0.19.1/go.mod h1:oA8ML1/LL3chPn26P6SzBNu1CUI2nekB+PTqykNs0qU=
 github.com/aws/aws-sdk-go v1.42.0/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go v1.43.45 h1:2708Bj4uV+ym62MOtBnErm/CDX61C4mFe9V2gXy1caE=
 github.com/aws/aws-sdk-go v1.43.45/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index 9512933..6d17620 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: ecr-chart
 description: A Helm chart for the ACK service controller for Amazon Elastic Container Registry (ECR)
-version: v0.1.2
-appVersion: v0.1.2
+version: v0.1.3
+appVersion: v0.1.3
 home: https://github.com/aws-controllers-k8s/ecr-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:
diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt
index 9dee44b..973b1b9 100644
--- a/helm/templates/NOTES.txt
+++ b/helm/templates/NOTES.txt
@@ -1,5 +1,5 @@
 {{ .Chart.Name }} has been installed.
-This chart deploys "public.ecr.aws/aws-controllers-k8s/ecr-controller:v0.1.2".
+This chart deploys "public.ecr.aws/aws-controllers-k8s/ecr-controller:v0.1.3".
 
 Check its status by running:
   kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index 29265d7..973704c 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -36,3 +36,13 @@ If release name contains chart name it will be used as a full name.
 {{- .Release.Namespace -}}
 {{- end -}}
 {{- end -}}
+
+{{/* The mount path for the shared credentials file */}}
+{{- define "aws.credentials.secret_mount_path" -}}
+{{- "/var/run/secrets/aws" -}}
+{{- end -}}
+
+{{/* The path the shared credentials file is mounted */}}
+{{- define "aws.credentials.path" -}}
+{{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}}
+{{- end -}}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index d3a307a..9fd82f7 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -80,6 +80,16 @@ spec:
           value: {{ .Values.log.level | quote }}
         - name: ACK_RESOURCE_TAGS
           value: {{ join "," .Values.resourceTags | quote }}
+        {{- if .Values.aws.credentials.secretName }}
+        - name: AWS_SHARED_CREDENTIALS_FILE
+          value: {{ include "aws.credentials.path" . }}
+        - name: AWS_PROFILE
+          value: {{ .Values.aws.credentials.profile }}
+        volumeMounts:
+          - name: {{ .Values.aws.credentials.secretName }}
+            mountPath: {{ include "aws.credentials.secret_mount_path" . }}
+            readOnly: true
+        {{- end }}          
         securityContext:
           allowPrivilegeEscalation: false
           privileged: false
@@ -101,3 +111,9 @@ spec:
       hostIPC: false
       hostNetwork: false
       hostPID: false
+      {{ if .Values.aws.credentials.secretName -}}
+      volumes:
+        - name: {{ .Values.aws.credentials.secretName }}
+          secret:
+            secretName: {{ .Values.aws.credentials.secretName }}
+      {{ end -}}
diff --git a/helm/values.schema.json b/helm/values.schema.json
index e503248..c80422e 100644
--- a/helm/values.schema.json
+++ b/helm/values.schema.json
@@ -153,6 +153,21 @@
         },
         "endpoint": {
           "type": "string"
+        },
+        "credentials": {
+          "description": "AWS credentials information",
+          "properties": {
+            "secretName": {
+              "type": "string"
+            },
+            "secretKey": {
+              "type": "string"
+            },
+            "profile": {
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
diff --git a/helm/values.yaml b/helm/values.yaml
index 0463548..6b83d0b 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -4,7 +4,7 @@
 
 image:
   repository: public.ecr.aws/aws-controllers-k8s/ecr-controller
-  tag: v0.1.2
+  tag: v0.1.3
   pullPolicy: IfNotPresent
   pullSecrets: []
 
@@ -50,6 +50,13 @@ aws:
   # If specified, use the AWS region for AWS API calls
   region: ""
   endpoint_url: ""
+  credentials:
+    # If specified, Secret with shared credentials file to use.
+    secretName: ""
+    # Secret stringData key that contains the credentials
+    secretKey: "credentials"
+    # Profile used for AWS credentials
+    profile: "default"  
 
 # log level for the controller
 log:
diff --git a/pkg/resource/pull_through_cache_rule/manager.go b/pkg/resource/pull_through_cache_rule/manager.go
index f87bc18..cfbbe00 100644
--- a/pkg/resource/pull_through_cache_rule/manager.go
+++ b/pkg/resource/pull_through_cache_rule/manager.go
@@ -126,6 +126,9 @@ func (rm *resourceManager) Create(
 	}
 	created, err := rm.sdkCreate(ctx, r)
 	if err != nil {
+		if created != nil {
+			return rm.onError(created, err)
+		}
 		return rm.onError(r, err)
 	}
 	return rm.onSuccess(created)
@@ -153,6 +156,9 @@ func (rm *resourceManager) Update(
 	}
 	updated, err := rm.sdkUpdate(ctx, desired, latest, delta)
 	if err != nil {
+		if updated != nil {
+			return rm.onError(updated, err)
+		}
 		return rm.onError(latest, err)
 	}
 	return rm.onSuccess(updated)
diff --git a/pkg/resource/pull_through_cache_rule/sdk.go b/pkg/resource/pull_through_cache_rule/sdk.go
index 40b41c8..d237188 100644
--- a/pkg/resource/pull_through_cache_rule/sdk.go
+++ b/pkg/resource/pull_through_cache_rule/sdk.go
@@ -54,7 +54,9 @@ func (rm *resourceManager) sdkFind(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkFind")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	// If any required fields in the input shape are missing, AWS resource is
 	// not created yet. Return NotFound here to indicate to callers that the
 	// resource isn't yet created.
@@ -158,7 +160,9 @@ func (rm *resourceManager) sdkCreate(
 ) (created *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkCreate")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newCreateRequestPayload(ctx, desired)
 	if err != nil {
 		return nil, err
@@ -240,7 +244,9 @@ func (rm *resourceManager) sdkDelete(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkDelete")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newDeleteRequestPayload(r)
 	if err != nil {
 		return nil, err
diff --git a/pkg/resource/repository/manager.go b/pkg/resource/repository/manager.go
index 19c2610..0e9d9f7 100644
--- a/pkg/resource/repository/manager.go
+++ b/pkg/resource/repository/manager.go
@@ -126,6 +126,9 @@ func (rm *resourceManager) Create(
 	}
 	created, err := rm.sdkCreate(ctx, r)
 	if err != nil {
+		if created != nil {
+			return rm.onError(created, err)
+		}
 		return rm.onError(r, err)
 	}
 	return rm.onSuccess(created)
@@ -153,6 +156,9 @@ func (rm *resourceManager) Update(
 	}
 	updated, err := rm.sdkUpdate(ctx, desired, latest, delta)
 	if err != nil {
+		if updated != nil {
+			return rm.onError(updated, err)
+		}
 		return rm.onError(latest, err)
 	}
 	return rm.onSuccess(updated)
diff --git a/pkg/resource/repository/sdk.go b/pkg/resource/repository/sdk.go
index e22e37f..b61d46d 100644
--- a/pkg/resource/repository/sdk.go
+++ b/pkg/resource/repository/sdk.go
@@ -54,7 +54,9 @@ func (rm *resourceManager) sdkFind(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkFind")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	// If any required fields in the input shape are missing, AWS resource is
 	// not created yet. Return NotFound here to indicate to callers that the
 	// resource isn't yet created.
@@ -192,7 +194,9 @@ func (rm *resourceManager) sdkCreate(
 ) (created *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkCreate")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newCreateRequestPayload(ctx, desired)
 	if err != nil {
 		return nil, err
@@ -337,7 +341,9 @@ func (rm *resourceManager) sdkDelete(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkDelete")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newDeleteRequestPayload(r)
 	if err != nil {
 		return nil, err