Move IAMRole and IAMRolePolicyAttachment to v1beta1 (crossplane-contr…

…ib#141)

Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>

apis/aws.go

@@ -24,7 +24,7 @@ import (
 	computev1alpha3 "github.com/crossplane/provider-aws/apis/compute/v1alpha3"
 	databasev1alpha3 "github.com/crossplane/provider-aws/apis/database/v1alpha3"
 	databasev1beta1 "github.com/crossplane/provider-aws/apis/database/v1beta1"
-	identityv1alpha3 "github.com/crossplane/provider-aws/apis/identity/v1alpha3"
+	identityv1beta1 "github.com/crossplane/provider-aws/apis/identity/v1beta1"
 	networkv1alpha3 "github.com/crossplane/provider-aws/apis/network/v1alpha3"
 	storagev1alpha3 "github.com/crossplane/provider-aws/apis/storage/v1alpha3"
 	awsv1alpha3 "github.com/crossplane/provider-aws/apis/v1alpha3"
@@ -37,7 +37,7 @@ func init() {
 		computev1alpha3.SchemeBuilder.AddToScheme,
 		databasev1beta1.SchemeBuilder.AddToScheme,
 		databasev1alpha3.SchemeBuilder.AddToScheme,
-		identityv1alpha3.SchemeBuilder.AddToScheme,
+		identityv1beta1.SchemeBuilder.AddToScheme,
 		networkv1alpha3.SchemeBuilder.AddToScheme,
 		awsv1alpha3.SchemeBuilder.AddToScheme,
 		storagev1alpha3.SchemeBuilder.AddToScheme,

apis/compute/v1alpha3/types.go

@@ -23,7 +23,7 @@ import (
 	runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 
-	identity "github.com/crossplane/provider-aws/apis/identity/v1alpha3"
+	identity "github.com/crossplane/provider-aws/apis/identity/v1beta1"
 	network "github.com/crossplane/provider-aws/apis/network/v1alpha3"
 )
 

apis/database/v1beta1/rdsinstance_types.go

@@ -24,7 +24,7 @@ import (
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 
 	databasev1alpha3 "github.com/crossplane/provider-aws/apis/database/v1alpha3"
-	identityv1alpha3 "github.com/crossplane/provider-aws/apis/identity/v1alpha3"
+	identityv1beta1 "github.com/crossplane/provider-aws/apis/identity/v1beta1"
 	network "github.com/crossplane/provider-aws/apis/network/v1alpha3"
 )
 
@@ -82,7 +82,7 @@ func (v *DBSubnetGroupNameReferencerForRDSInstance) Assign(res resource.CanRefer
 // IAMRoleARNReferencerForRDSInstanceMonitoringRole is an attribute referencer
 // that retrieves an RDSInstance's MonitoringRoleARN from a referenced IAMRole.
 type IAMRoleARNReferencerForRDSInstanceMonitoringRole struct {
-	identityv1alpha3.IAMRoleARNReferencer `json:",inline"`
+	identityv1beta1.IAMRoleARNReferencer `json:",inline"`
 }
 
 // Assign assigns the retrieved value to the managed resource
@@ -99,7 +99,7 @@ func (v *IAMRoleARNReferencerForRDSInstanceMonitoringRole) Assign(res resource.C
 // IAMRoleNameReferencerForRDSInstanceDomainRole is an attribute referencer
 // that retrieves an RDSInstance's DomainRoleName from a referenced IAMRole.
 type IAMRoleNameReferencerForRDSInstanceDomainRole struct {
-	identityv1alpha3.IAMRoleNameReferencer `json:",inline"`
+	identityv1beta1.IAMRoleNameReferencer `json:",inline"`
 }
 
 // Assign assigns the retrieved value to the managed resource

apis/identity/v1alpha3/doc.go → apis/identity/v1beta1/doc.go

@@ -14,9 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package v1alpha3 contains managed resources for AWS identity services such as
+// Package v1beta1 contains managed resources for AWS identity services such as
 // IAM.
 // +kubebuilder:object:generate=true
 // +groupName=identity.aws.crossplane.io
-// +versionName=v1alpha3
-package v1alpha3
+// +versionName=v1beta1
+package v1beta1

apis/identity/v1alpha3/iamrole_referencers.go → apis/identity/v1beta1/iamrole_referencers.go

@@ -14,11 +14,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package v1alpha3
+package v1beta1
 
 import (
 	"context"
 
+	"github.com/crossplane/crossplane-runtime/pkg/meta"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -48,7 +49,7 @@ func (v *IAMRoleARNReferencer) Build(ctx context.Context, _ resource.CanReferenc
 		return "", err
 	}
 
-	return role.Status.ARN, nil
+	return role.Status.AtProvider.ARN, nil
 }
 
 // IAMRoleNameReferencer is used to get the Name from a referenced IAMRole object
@@ -69,7 +70,7 @@ func (v *IAMRoleNameReferencer) Build(ctx context.Context, _ resource.CanReferen
 		return "", err
 	}
 
-	return role.Spec.RoleName, nil
+	return meta.GetExternalName(&role), nil
 }
 
 func getRoleStatus(ctx context.Context, name string, reader client.Reader) ([]resource.ReferenceStatus, error) {

apis/identity/v1alpha3/iamrole_referencers_test.go → apis/identity/v1beta1/iamrole_referencers_test.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package v1alpha3
+package v1beta1
 
 import (
 	"context"
@@ -29,6 +29,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1"
+	"github.com/crossplane/crossplane-runtime/pkg/meta"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 	"github.com/crossplane/crossplane-runtime/pkg/test"
 )
@@ -58,7 +59,7 @@ func TestIAMRoleARNReferencerGetStatus(t *testing.T) {
 
 	readyResource := IAMRole{
 		Status: IAMRoleStatus{
-			IAMRoleExternalStatus: IAMRoleExternalStatus{
+			AtProvider: IAMRoleExternalStatus{
 				ARN: mockIAMRoleARN,
 			},
 		},
@@ -169,7 +170,7 @@ func TestIAMRoleARNReferencerBuild(t *testing.T) {
 			input: input{
 				readerFn: func(ctx context.Context, key client.ObjectKey, obj runtime.Object) error {
 					p := obj.(*IAMRole)
-					p.Status.ARN = mockIAMRoleARN
+					p.Status.AtProvider.ARN = mockIAMRoleARN
 					return nil
 				},
 			},
@@ -204,13 +205,9 @@ func TestIAMRoleNameReferencerGetStatus(t *testing.T) {
 
 	errResourceNotFound := &kerrors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonNotFound}}
 
-	readyResource := IAMRole{
-		Spec: IAMRoleSpec{
-			IAMRoleParameters: IAMRoleParameters{
-				RoleName: mockIAMRoleName,
-			},
-		},
-	}
+	readyResource := IAMRole{}
+
+	meta.SetExternalName(&readyResource, mockIAMRoleName)
 
 	readyResource.Status.SetConditions(runtimev1alpha1.Available())
 
@@ -317,7 +314,7 @@ func TestIAMRoleNameReferencerBuild(t *testing.T) {
 			input: input{
 				readerFn: func(ctx context.Context, key client.ObjectKey, obj runtime.Object) error {
 					p := obj.(*IAMRole)
-					p.Spec.RoleName = mockIAMRoleName
+					meta.SetExternalName(p, mockIAMRoleName)
 					return nil
 				},
 			},

apis/identity/v1alpha3/iamrole_types.go → apis/identity/v1beta1/iamrole_types.go

@@ -14,37 +14,78 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package v1alpha3
+package v1beta1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/aws/aws-sdk-go-v2/service/iam"
-
-	aws "github.com/crossplane/provider-aws/pkg/clients"
-
 	runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1"
 )
 
+// Tag represents user-provided metadata that can be associated
+// with a IAM role. For more information about tagging,
+// see Tagging IAM Identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
+// in the IAM User Guide.
+type Tag struct {
+
+	// The key name that can be used to look up or retrieve the associated value.
+	// For example, Department or Cost Center are common choices.
+	Key string `json:"key"`
+
+	// The value associated with this tag. For example, tags with a key name of
+	// Department could have values such as Human Resources, Accounting, and Support.
+	// Tags with a key name of Cost Center might have values that consist of the
+	// number associated with the different cost centers in your company. Typically,
+	// many resources have tags with the same key name but with different values.
+	//
+	// AWS always interprets the tag Value as a single string. If you need to store
+	// an array, you can store comma-separated values in the string. However, you
+	// must interpret the value in your code.
+	// +optional
+	Value string `json:"value,omitempty"`
+}
+
 // IAMRoleParameters define the desired state of an AWS IAM Role.
 type IAMRoleParameters struct {
 
 	// AssumeRolePolicyDocument is the the trust relationship policy document
 	// that grants an entity permission to assume the role.
+	// +immutable
 	AssumeRolePolicyDocument string `json:"assumeRolePolicyDocument"`
 
 	// Description is a description of the role.
 	// +optional
-	Description string `json:"description,omitempty"`
+	Description *string `json:"description,omitempty"`
+
+	// MaxSessionDuration is the duration (in seconds) that you want to set for the specified
+	// role. The default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
+	// Default: 3600
+	// +optional
+	MaxSessionDuration *int64 `json:"maxSessionDuration,omitempty"`
 
-	// RoleName presents the name of the IAM role.
-	RoleName string `json:"roleName"`
+	// Path is the path to the role.
+	// Default: /
+	// +immutable
+	// +optional
+	Path *string `json:"path,omitempty"`
+
+	// PermissionsBoundary is the ARN of the policy that is used to set the permissions boundary for the role.
+	// +immutable
+	// +optional
+	PermissionsBoundary *string `json:"permissionsBoundary,omitempty"`
+
+	// Tags. For more information about
+	// tagging, see Tagging IAM Identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
+	// in the IAM User Guide.
+	// +immutable
+	// +optional
+	Tags []Tag `json:"tags,omitempty"`
 }
 
 // An IAMRoleSpec defines the desired state of an IAMRole.
 type IAMRoleSpec struct {
 	runtimev1alpha1.ResourceSpec `json:",inline"`
-	IAMRoleParameters            `json:",inline"`
+	ForProvider                  IAMRoleParameters `json:"forProvider"`
 }
 
 // IAMRoleExternalStatus keeps the state for the external resource
@@ -63,15 +104,14 @@ type IAMRoleExternalStatus struct {
 // An IAMRoleStatus represents the observed state of an IAMRole.
 type IAMRoleStatus struct {
 	runtimev1alpha1.ResourceStatus `json:",inline"`
-
-	IAMRoleExternalStatus `json:",inline"`
+	AtProvider                     IAMRoleExternalStatus `json:"atProvider"`
 }
 
 // +kubebuilder:object:root=true
 
 // An IAMRole is a managed resource that represents an AWS IAM Role.
 // +kubebuilder:printcolumn:name="ROLENAME",type="string",JSONPath=".spec.roleName"
-// +kubebuilder:printcolumn:name="DESCRIPTION",type="string",JSONPath=".spec.description"
+// +kubebuilder:printcolumn:name="DESCRIPTION",type="string",JSONPath=".spec.forProvider.description"
 // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
 // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
@@ -93,11 +133,3 @@ type IAMRoleList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []IAMRole `json:"items"`
 }
-
-// UpdateExternalStatus updates the external status object, given the observation
-func (r *IAMRole) UpdateExternalStatus(observation iam.Role) {
-	r.Status.IAMRoleExternalStatus = IAMRoleExternalStatus{
-		ARN:    aws.StringValue(observation.Arn),
-		RoleID: aws.StringValue(observation.RoleId),
-	}
-}

apis/identity/v1alpha3/iamrolepolicyattachment_types.go → apis/identity/v1beta1/iamrolepolicyattachment_types.go

@@ -14,18 +14,15 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package v1alpha3
+package v1beta1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/aws/aws-sdk-go-v2/service/iam"
 	runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 
 	"github.com/pkg/errors"
-
-	aws "github.com/crossplane/provider-aws/pkg/clients"
 )
 
 // Error strings
@@ -45,7 +42,7 @@ func (v *IAMRoleNameReferencerForIAMRolePolicyAttachment) Assign(res resource.Ca
 		return errors.New(errResourceIsNotIAMRolePolicyAttachment)
 	}
 
-	p.Spec.RoleName = value
+	p.Spec.ForProvider.RoleName = value
 	return nil
 }
 
@@ -55,20 +52,22 @@ type IAMRolePolicyAttachmentParameters struct {
 
 	// PolicyARN is the Amazon Resource Name (ARN) of the IAM policy you want to
 	// attach.
+	// +immutable
 	PolicyARN string `json:"policyArn"`
 
 	// RoleName presents the name of the IAM role.
 	RoleName string `json:"roleName,omitempty"`
 
 	// RoleNameRef references to an IAMRole to retrieve its Name
-	RoleNameRef *IAMRoleNameReferencerForIAMRolePolicyAttachment `json:"roleNameRef,omitempty" resource:"attributereferencer"`
+	// +optional
+	RoleNameRef *IAMRoleNameReferencerForIAMRolePolicyAttachment `json:"roleNameRef,omitempty"`
 }
 
 // An IAMRolePolicyAttachmentSpec defines the desired state of an
 // IAMRolePolicyAttachment.
 type IAMRolePolicyAttachmentSpec struct {
-	runtimev1alpha1.ResourceSpec      `json:",inline"`
-	IAMRolePolicyAttachmentParameters `json:",inline"`
+	runtimev1alpha1.ResourceSpec `json:",inline"`
+	ForProvider                  IAMRolePolicyAttachmentParameters `json:"forProvider"`
 }
 
 // IAMRolePolicyAttachmentExternalStatus keeps the state for the external resource
@@ -82,16 +81,15 @@ type IAMRolePolicyAttachmentExternalStatus struct {
 // IAMRolePolicyAttachment.
 type IAMRolePolicyAttachmentStatus struct {
 	runtimev1alpha1.ResourceStatus `json:",inline"`
-
-	IAMRolePolicyAttachmentExternalStatus `json:",inline"`
+	AtProvider                     IAMRolePolicyAttachmentExternalStatus `json:"atProvider"`
 }
 
 // +kubebuilder:object:root=true
 
 // An IAMRolePolicyAttachment is a managed resource that represents an AWS IAM
 // Role policy attachment.
-// +kubebuilder:printcolumn:name="ROLENAME",type="string",JSONPath=".spec.roleName"
-// +kubebuilder:printcolumn:name="POLICYARN",type="string",JSONPath=".spec.policyArn"
+// +kubebuilder:printcolumn:name="ROLENAME",type="string",JSONPath=".spec.forProvider.roleName"
+// +kubebuilder:printcolumn:name="POLICYARN",type="string",JSONPath=".spec.forProvider.policyArn"
 // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
 // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
@@ -113,10 +111,3 @@ type IAMRolePolicyAttachmentList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []IAMRolePolicyAttachment `json:"items"`
 }
-
-// UpdateExternalStatus updates the external status object, given the observation
-func (r *IAMRolePolicyAttachment) UpdateExternalStatus(observation iam.AttachedPolicy) {
-	r.Status.IAMRolePolicyAttachmentExternalStatus = IAMRolePolicyAttachmentExternalStatus{
-		AttachedPolicyARN: aws.StringValue(observation.PolicyArn),
-	}
-}