v1.8.0

The v1.8.0 release introduces a new family provider provider-aws-codeartifact, new resources, bug fixes, and dependency updates.

Support for New Resources

• Domain.codeartifact.aws.upbound.io/v1beta1
• DomainPermissionsPolicy.codeartifact.aws.upbound.io/v1beta1
• Repository.codeartifact.aws.upbound.io/v1beta1
• RepositoryPermissionsPolicy.codeartifact.aws.upbound.io/v1beta1

Bug Fixes

• Fixes conflicts due to version field in the NodeGroup.ec2 resource #1374
• Fixes update loop in the LaunchTemplate.ec2 resource #1377

What's Changed

• Update actions/checkout digest to 692973e by @renovate in #1364
• Only add singleton list API converters for the existing APIs by @ulucinar in #1367
• Update alpine Docker tag to v3.20.1 by @renovate in #1371
• lateinit version due to nodegroup conflict by @stevendborrelli in #1374
• Update dependency upbound/up to v0.31.0 by @renovate in #1348
• Add Codeartifact resources by @stevendborrelli in #1368
• fix(ec2): launchtemplate late init remove for defaultVersion by @haarchri in #1377

Full Changelog: v1.7.0...v1.8.0

v1.7.0

The v1.7.0 release introduces converting singleton lists in the MR APIs to embedded objects, bug fixes, and dependency updates.

In this release, we've updated how Terraform configuration blocks are handled in our APIs. Terraform configuration blocks, even if they have a MaxItems constraint of 1, are (almost) always generated as lists. We now generate the lists with a MaxItems constraint of 1 as embedded objects in our MR APIs. This also helps when updating or patching via SSA the (previously list) objects.

The new v1beta2 versions of the CRD APIs incorporate these changes, ensuring backward compatibility for clients using the older v1beta1 versions. Any clients wanting to use the embedded objects-based APIs should update to the v1beta2 versions of the CRD APIs.

• For instance, let's look at the YAML output of the Application.elasticbeanstalk.aws.upbound.io/v1beta2 resource's spec.forProvider, with this release we can see the spec.forProvider.appversionLifecycle field as an object:

spec:
  forProvider:
    appversionLifecycle:
      deleteSourceFromS3: true
      maxCount: 128
      serviceRole: arn:aws:iam::153891904029:role/aws-elasticbeanstalk-service-role
    region: us-west-1
    tags:
      crossplane-kind: application.elasticbeanstalk.aws.upbound.io
      crossplane-name: first-app-test-qwerty-test
      crossplane-providerconfig: default

• If we look at the v1beta1 YAML output of the resource, we see the field as a list:

spec:
  forProvider:
    appversionLifecycle:
    - deleteSourceFromS3: true
      maxCount: 128
      serviceRole: arn:aws:iam::153891904029:role/aws-elasticbeanstalk-service-role
    region: us-west-1
    tags:
      crossplane-kind: application.elasticbeanstalk.aws.upbound.io
      crossplane-name: first-app-test-qwerty-test
      crossplane-providerconfig: default

For a detailed overview of the implementation, please see crossplane/upjet#387 and crossplane/upjet#400

What's Changed

• Remove documents related to monolithic provider by @turkenf in #1355
• fix(sqs): update loop queues.sqs by @haarchri in #1356
• Convert all singleton lists in the MR APIs to embedded objects by @ulucinar in #1332
• Add example manifests for the converted singleton list API versions by @ulucinar in #1334
• Remove monolithic provider from updoc workflow by @turkenf in #1362

Full Changelog: v1.6.1...v1.7.0

v1.6.1

The v1.6.1 release introduces an important bug fix.

What's Changed

• [Backport release-1.6] fix(sqs): update loop queues.sqs by @github-actions in #1361

Full Changelog: v1.6.0...v1.6.1

v1.6.0

The v1.6.0 release introduces a new family provider provider-aws-codeguruprofiler, new resources, bug fixes, enhancements, and dependency updates.

Support for New Resources

• Connector.v1beta1.transfer.aws.upbound.io
• ProfilingGroup.v1beta1.codeguruprofiler.aws.upbound.io
• EndpointAccess.v1beta1.redshift.aws.upbound.io

Bug Fixes and Enhancements

• Fixes Topic.sns update loops #1347
• Fixes AccessKey.iam reconciliation #1344, related issue crossplane/upjet#416
• Adds option autoGenerateAuthToken for ElastiCache ReplicationGroup #1322
• Bug Fixes: Elasticache ReplicationGroup connection secret is empty #1043
• Adds selectors and references for Certificate.acm #1336, Domain.opensearch #1337
• Switches the order of the SYNCED and READY printer columns for ClusterAuth.eks #1276

What's Changed

• Update dependency kubernetes-sigs/kind to v0.23.0 by @renovate in #1309
• Update dependency upbound/up to v0.30.0 by @renovate in #1302
• Update actions/checkout digest to a5ac7e5 by @renovate in #1327
• Update alpine Docker tag to v3.20.0 by @renovate in #1328
• Fix documentation of rule.filter.prefix field for BucketLifecycleConfiguration.s3 by @turkenf in #1331
• feat(acm): add reference and selector for certificate_authority_arn by @haarchri in #1336
• feat(sftp): add aws_transfer_connector by @haarchri in #1341
• feat(opensearch): domain add more selector and references by @haarchri in #1337
• ElastiCache ReplicationGroup auth token generation and connection details by @chlunde in #1322
• CodeGuru Profiler Profiling Group by @chlunde in #1316
• Fix AccessKey.iam reconciliation by @ulucinar in #1344
• Use newlines in config/generated.lst to prevent git conflicts by @mbbush in #1245
• Update dependency go to v1.22.4 by @renovate in #1342
• Configure EndpointAccess.redshift resource and add example by @turkenf in #1314
• Fix Topic.sns update loops by @ulucinar in #1347
• re-order columns for handwritten ClusterAuth.eks by @mbbush in #1276

New Contributors

• @chlunde made their first contribution in #1322

Full Changelog: v1.5.0...v1.6.0

v1.5.0

In the v1.5.0 release, we've upgraded the underlying Terraform provider version from v5.31.0 to v5.50.0. This release also introduces a new resource, bug fixes, and dependency updates.

Support for a New Resource:

• User.v1alpha1.mq.aws.upbound.io: If you'd like to use the User.mq MRs together with Broker.mq, you need to specify the broker's bootstrap users under spec.initProvider.user instead of spec.forProvider.user. This will prevent a race condition between the two controllers. Please see #1325 for some more context.

Bug Fixes and Enhancements

• Bumps the upjet dependency to v1.4.0 and generates the secret references under spec.initProvider API trees for the sensitive MR parameters: #1325
• Fixes MR state metrics when MRs are deleted #1312
• Bumps the Terraform provider version to v5.50.0 and the Go version to 1.22 #1315
• Fixes late init issue for the ClusterInstance.rds resource #1326
• Upjet v1.4.0 depracates config.Reference.Type. All usages of config.Reference.Type have been replaced with config.Reference.TerraformName in the provider #1310
• We now depend on the crossplane/build submodule #1313
• Authentication documentation improvements #1321

What's Changed

• Add needs:triage label to issue template by @turkenf in #1290
• Update actions/upload-artifact digest to 6546280 by @renovate in #1284
• Update k8s.io/utils digest to 0849a56 by @renovate in #1289
• Update actions/checkout digest to 0ad4b8f by @renovate in #1291
• Update dependency kubernetes-sigs/kind to v0.22.0 by @renovate in #1153
• Update actions/setup-go digest to cdcb360 by @renovate in #1300
• Update module k8s.io/utils to v0.0.0-20240502163921-fe8a2dddb1d0 by @renovate in #1301
• Update actions/checkout digest to 44c2b7a by @renovate in #1304
• Update actions/checkout digest to 0ad4b8f by @renovate in #1305
• Use config.Reference.TerraformName instead of config.Reference.Type by @ulucinar in #1310
• Bump crossplane-runtime version to consume the fix of MR metrics by @sergenyalcin in #1312
• Use crossplane/build submodule by @negz in #1313
• Use custom Terraform provider release to generate schema.json by @mergenci in #1318
• Bump Terraform provider version to v5.50.0 by @ulucinar in #1315
• Add MQ User resource by @mergenci in #1311
• Auth doc: update IRSA example with DeploymentRuntimeConfig by @ytsarev in #1321
• Reduce linter concurrency to 1 by @ulucinar in #1324
• fix(rds): fix late init for rds clusterinstance by @haarchri in #1326
• Bump upjet to v1.4.0 by @ulucinar in #1325

New Contributors

• @negz made their first contribution in #1313

Full Changelog: v1.4.0...v1.5.0

v1.4.0

The v1.4.0 release introduces MR metrics, bug fixes, enhancements, and dependency updates.

We are excited to introduce a new set of managed resource (MR) metrics in this release. These metrics are pivotal for monitoring the state and performance of resources managed through Crossplane. This enhancement follows the implementation guidelines from the provider-kubernetes and incorporates changes from crossplane/crossplane-runtime#683. The newly available metrics include:

• crossplane_managed_resource_exists{"gvk"}
• crossplane_managed_resource_ready{"gvk"}
• crossplane_managed_resource_synced{"gvk"}
• crossplane_managed_resource_first_time_to_reconcile_seconds{"gvk"}
• crossplane_managed_resource_first_time_to_readiness_seconds{"gvk"}
• crossplane_managed_resource_deletion_seconds{"gvk"}
• crossplane_managed_resource_drift_seconds{"gvk"}

For a detailed overview of the implementation, please refer to this crossplane/crossplane-runtime#683.

Note that, for async resources, upjet_resource_ttr_bucket{"group","kind","version"} gives a more accurate measurement of when the external resource becomes available, compared to crossplane_managed_resource_first_time_to_readiness_seconds{"gvk"} .

Bug Fixes and Enhancements

• Bug Fix: Addresses a critical bug related to asynchronous operation failures (#1164). With this fix, the "Synced" status will immediately reflect as "False" upon any failure in asynchronous operations, ensuring compliance with the XRM contract and improving reliability in status reporting. Previously, the error handling only updated the LastAsyncOperation status without properly setting the Synced condition to False. For more information, please see the crossplane/upjet#391 (comment).
• Bug Fix: Lambda Functions keeps updating after few seconds with Diff Detected #1027
• Enhancement: Adds ClusterParameterGroup and ParameterGroup Selectors for the Cluster.rds resource

What's Changed

• Monitor, mark and close issues and PRs with github workflow by @turkenf in #1250
• pin aws-sdk-go-v2 dependency versions for ClusterAuth presign breaking change by @erhancagirici in #1251
• Change the value of meta.crossplane.io/source by @turkenf in #1246
• Update docker/setup-buildx-action digest to d70bba7 by @renovate in #1258
• Update module sigs.k8s.io/controller-runtime to v0.17.3 by @renovate in #1259
• Removes GitHub issue triage workflow by @jeanduplessis in #1263
• Update kubernetes patches to v0.29.4 by @renovate in #1267
• Select spec fields specific to Upbound OIDC by @jastang in #1265
• Remove ARN Parameter from Firehose DeliveryStream Resource by @blakeromano in #1233
• Update actions/upload-artifact digest to 1746f4a by @renovate in #1269
• Remove resource from externalnamenottested that is already implemented by @mbbush in #1270
• Update slack channel name in readme by @turkenf in #1275
• Update actions/checkout digest to 1d96c77 by @renovate in #1283
• Rename upbound provider ci repo by @mbbush in #1287
• [Cluster.RDS] Add ClusterParameterGroup and ParameterGroup Selectors by @ytsarev in #1288
• Fix update loop for Function.lambda resource by @turkenf in #1266
• Introduce MR metrics by @mergenci in #1281

Full Changelog: v1.3.1...v1.4.0

v1.3.1

The release v1.3.1 introduces an important bug fix: [Bug]: EKS ClusterAuth v1.3.0 kubeconfig results in Unauthorized#1248

What's Changed

• [Backport release-1.3] pin aws-sdk-go-v2 dependency versions for ClusterAuth presign breaking change by @github-actions in #1257

Full Changelog: v1.3.0...v1.3.1

v1.3.0

The v1.3.0 release introduces a new family provider provider-aws-kafkaconnect, new resources, bug fixes, and dependency updates.

This release also introduces a credential cache for IRSA authentication, which greatly reduces the number of AWS STS calls the provider makes. This cache is currently only employed for IRSA configurations. Please refer to the description here for the results of some experiments and the observed improvements in those experiments.

Also in this release, we add the API call counters for the provider. An example for the new metrics is as follows:

# HELP upjet_resource_external_api_calls_total The number of external API calls.
# TYPE upjet_resource_external_api_calls_total counter
upjet_resource_external_api_calls_total{operation="AssumeRole",service="STS"} 2
upjet_resource_external_api_calls_total{operation="AssumeRoleWithWebIdentity",service="STS"} 1
upjet_resource_external_api_calls_total{operation="CreateRole",service="IAM"} 1
upjet_resource_external_api_calls_total{operation="GetCallerIdentity",service="STS"} 1
upjet_resource_external_api_calls_total{operation="GetRole",service="IAM"} 61
upjet_resource_external_api_calls_total{operation="GetRolePolicy",service="IAM"} 60
upjet_resource_external_api_calls_total{operation="ListAttachedRolePolicies",service="IAM"} 60
upjet_resource_external_api_calls_total{operation="ListRolePolicies",service="IAM"} 60
upjet_resource_external_api_calls_total{operation="PutRolePolicy",service="IAM"} 1

Please refer to the description of this PR for the details.

Support for New Resources

• User.memorydb.aws.upbound.io/v1beta1
• Connector.kafkaconnect.aws.upbound.io/v1beta1
• CustomPlugin.kafkaconnect.aws.upbound.io/v1beta1
• WorkerConfiguration.kafkaconnect.aws.upbound.io/v1beta1

Bug Fixes

• [Bug]: IAM Role inlinePolicy conflicting with IAM RolePolicy #1207
• Excessive calls to AssumeRoleWithWebIdentity w/ IRSA #997

What's Changed

• Add Matt Bush (mbbush) as maintainer by @jeanduplessis in #1214
• Generate license headers for setup.go files by consuming the latest commit of upjet by @sergenyalcin in #1216
• fix(example): remove spec.forProvider.name for iam policy examples by @haarchri in #1219
• Add region parameter back to TF setup.Configuration by @erhancagirici in #1221
• Log a deprecation message when the monolithic provider is run by @sergenyalcin in #1230
• Update kubernetes patches by @renovate in #1201
• Update actions/checkout digest to b4ffde6 by @renovate in #1206
• Update actions/cache digest by @renovate in #1205
• Update docker/setup-buildx-action digest to 2b51285 by @renovate in #1236
• Update fkirc/skip-duplicate-actions action to v5.3.1 by @renovate in #1237
• Add memorydb _user by @stevendborrelli in #1170
• Update authentication document for WebIdentity by @turkenf in #1171
• Update actions/cache action to v4 by @renovate in #1238
• Update actions/setup-go action to v5 by @renovate in #1239
• Skip late initialization for several duplicate resource policy fields by @mbbush in #1213
• Count external API calls by @mergenci in #1241
• Cache AWS Config's CredentialsProvider to reduce STS calls by @erhancagirici in #1235
• Add support for msk connect resources by @mbbush in #1162
• Use Generation instead of ResourceVersion when computing the cache key by @ulucinar in #1244

Full Changelog: v1.2.1...v1.3.0

v1.2.1

The release v1.2.1 includes a bug fix: [Bug]: SNS Topics Not Creating #1220

What's Changed

• [Backport release-1.2] Add region parameter back to TF setup.Configuration by @github-actions in #1222

Full Changelog: v1.2.0...v1.2.1

v1.2.0

The release v1.2.0 includes bug fixes, and updating dependencies, with the most significant ones detailed below.

• Sets a default io.Discard logger for the controller-runtime if debug logging is not enabled which fixes #974 and #854. If debug logging is enabled, then the controller-runtime uses a debug mode zap logger as usual.
• Refactors AWS client configuration logic with a single path #1204. This refactoring also leads to a 50% reduction in the number of STS calls made per reconcile.
• Adds ability to auto-generate password in referenced secret for Cluster.rds resource #1169
• Fixes the update loop in Firewall.networkfirewall resource #1167

Breaking UX Changes

The release switches the order of the SYNCED and READY printer columns so that the SYCNED column is now printed before the READY column as follows:

❯ kubectl get managed

NAME                                SYNCED   READY   EXTERNAL-NAME           AGE
vpc.ec2.aws.upbound.io/sample-vpc   True     True    vpc-0c4b6ee9568fe7a16   30s

This used to be first the READY column and then the SYNCED column previously. Please see crossplane/upjet#360 for further details.

What's Changed

• Update kubernetes patches by @renovate in #1152
• Fix the update loop in Firewall.networkfirewall resource by @ulucinar in #1167
• Pin the UXP version in Makefile by @sergenyalcin in #1190
• Update docker/setup-buildx-action digest to 0d103c3 by @renovate in #1176
• Update actions/cache digest to ab5e6d0 by @renovate in #1183
• Consume StateFunc fix by @sergenyalcin in #1188
• rds.cluster: add ability to auto-generate password in referenced secret by @ravibagri5 in #1169
• Decrease linter's memory usage by @ulucinar in #1194
• Consume the reusable workflows from upbound/uptest@standard-runners by @ulucinar in #1180
• Run the "Cleanup Disk" step in the publish-service-artifacts CI job by @ulucinar in #1209
• Add a "Disk Cleanup" step as the first step in the lint job by @ulucinar in #1211
• Unify TF AWS provider configuration logic by @erhancagirici in #1204
• Set log.Default's output to io.Discard by @ulucinar in #1203
• Applying license changes by @sergenyalcin in #1212

New Contributors

• @ravibagri5 made their first contribution in #1169

Full Changelog: v1.1.1...v1.2.0