-
Notifications
You must be signed in to change notification settings - Fork 5.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(health): support for aws.crossplane.io resources (#19029)
* feat(health): support for iam.aws.crossplane.io resources Signed-off-by: Jellyfrog <Jellyfrog@users.noreply.github.com> * feat(health): support for bucket s3.aws.crossplane.io resource Signed-off-by: Jellyfrog <Jellyfrog@users.noreply.github.com> --------- Signed-off-by: Jellyfrog <Jellyfrog@users.noreply.github.com>
- Loading branch information
Showing
16 changed files
with
524 additions
and
0 deletions.
There are no files selected for viewing
41 changes: 41 additions & 0 deletions
41
resource_customizations/iam.aws.crossplane.io/Policy/health.lua
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
local hs = {} | ||
if obj.status ~= nil then | ||
if obj.status.conditions ~= nil then | ||
local ready = false | ||
local synced = false | ||
local suspended = false | ||
for i, condition in ipairs(obj.status.conditions) do | ||
|
||
if condition.type == "Ready" then | ||
ready = condition.status == "True" | ||
ready_message = condition.reason | ||
elseif condition.type == "Synced" then | ||
synced = condition.status == "True" | ||
if condition.reason == "ReconcileError" then | ||
synced_message = condition.message | ||
elseif condition.reason == "ReconcilePaused" then | ||
suspended = true | ||
suspended_message = condition.reason | ||
end | ||
end | ||
end | ||
if ready and synced then | ||
hs.status = "Healthy" | ||
hs.message = ready_message | ||
elseif synced == false and suspended == true then | ||
hs.status = "Suspended" | ||
hs.message = suspended_message | ||
elseif ready == false and synced == true and suspended == false then | ||
hs.status = "Progressing" | ||
hs.message = "Waiting for Policy to be available" | ||
else | ||
hs.status = "Degraded" | ||
hs.message = synced_message | ||
end | ||
return hs | ||
end | ||
end | ||
|
||
hs.status = "Progressing" | ||
hs.message = "Waiting for Policy to be created" | ||
return hs |
10 changes: 10 additions & 0 deletions
10
resource_customizations/iam.aws.crossplane.io/Policy/health_test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
tests: | ||
- healthStatus: | ||
status: Degraded | ||
message: 'observe failed: cannot check if policy is up to date: invalid character | ||
'']'' looking for beginning of value' | ||
inputPath: testdata/ReconcileError.yaml | ||
- healthStatus: | ||
status: Healthy | ||
message: Available | ||
inputPath: testdata/healthy.yaml |
39 changes: 39 additions & 0 deletions
39
resource_customizations/iam.aws.crossplane.io/Policy/testdata/ReconcileError.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
apiVersion: iam.aws.crossplane.io/v1beta1 | ||
kind: Policy | ||
metadata: | ||
name: example | ||
spec: | ||
deletionPolicy: Delete | ||
forProvider: | ||
description: example | ||
document: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": | ||
\"Allow\",\n \"Action\": [\n \"s3:*\",\n ], \n \"Resource\": | ||
[\n \"arn:aws:s3:::example\"\n ]\n }\n ]\n}\n" | ||
name: example | ||
tags: | ||
- key: crossplane-name | ||
value: example | ||
- key: crossplane-providerconfig | ||
value: provider-aws | ||
- key: crossplane-kind | ||
value: policy.iam.aws.crossplane.io | ||
providerConfigRef: | ||
name: provider-aws | ||
status: | ||
atProvider: | ||
arn: arn:aws:iam::123:policy/example | ||
attachmentCount: 1 | ||
defaultVersionId: v1 | ||
isAttachable: true | ||
policyId: ABC | ||
conditions: | ||
- lastTransitionTime: "2024-07-11T11:01:01Z" | ||
reason: Available | ||
status: "True" | ||
type: Ready | ||
- lastTransitionTime: "2024-07-11T11:01:01Z" | ||
message: 'observe failed: cannot check if policy is up to date: invalid character | ||
'']'' looking for beginning of value' | ||
reason: ReconcileError | ||
status: "False" | ||
type: Synced |
45 changes: 45 additions & 0 deletions
45
resource_customizations/iam.aws.crossplane.io/Policy/testdata/healthy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
apiVersion: iam.aws.crossplane.io/v1beta1 | ||
kind: Policy | ||
metadata: | ||
name: example | ||
spec: | ||
deletionPolicy: Delete | ||
forProvider: | ||
description: example | ||
document: | | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Action": ["s3:ListBucket"], | ||
"Resource": ["arn:aws:s3:::examples"] | ||
} | ||
] | ||
} | ||
name: examples-s3-hello-s3 | ||
tags: | ||
- key: crossplane-name | ||
value: example | ||
- key: crossplane-providerconfig | ||
value: provider-aws | ||
- key: crossplane-kind | ||
value: policy.iam.aws.crossplane.io | ||
providerConfigRef: | ||
name: provider-aws | ||
status: | ||
atProvider: | ||
arn: arn:aws:iam::123:policy/examples-s3-hello-s3 | ||
attachmentCount: 1 | ||
defaultVersionId: v2 | ||
isAttachable: true | ||
policyId: 123 | ||
conditions: | ||
- lastTransitionTime: "2024-07-11T08:18:16Z" | ||
reason: Available | ||
status: "True" | ||
type: Ready | ||
- lastTransitionTime: "2024-07-11T08:18:07Z" | ||
reason: ReconcileSuccess | ||
status: "True" | ||
type: Synced |
41 changes: 41 additions & 0 deletions
41
resource_customizations/iam.aws.crossplane.io/Role/health.lua
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
local hs = {} | ||
if obj.status ~= nil then | ||
if obj.status.conditions ~= nil then | ||
local ready = false | ||
local synced = false | ||
local suspended = false | ||
for i, condition in ipairs(obj.status.conditions) do | ||
|
||
if condition.type == "Ready" then | ||
ready = condition.status == "True" | ||
ready_message = condition.reason | ||
elseif condition.type == "Synced" then | ||
synced = condition.status == "True" | ||
if condition.reason == "ReconcileError" then | ||
synced_message = condition.message | ||
elseif condition.reason == "ReconcilePaused" then | ||
suspended = true | ||
suspended_message = condition.reason | ||
end | ||
end | ||
end | ||
if ready and synced then | ||
hs.status = "Healthy" | ||
hs.message = ready_message | ||
elseif synced == false and suspended == true then | ||
hs.status = "Suspended" | ||
hs.message = suspended_message | ||
elseif ready == false and synced == true and suspended == false then | ||
hs.status = "Progressing" | ||
hs.message = "Waiting for Role to be available" | ||
else | ||
hs.status = "Degraded" | ||
hs.message = synced_message | ||
end | ||
return hs | ||
end | ||
end | ||
|
||
hs.status = "Progressing" | ||
hs.message = "Waiting for Role to be created" | ||
return hs |
10 changes: 10 additions & 0 deletions
10
resource_customizations/iam.aws.crossplane.io/Role/health_test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
tests: | ||
- healthStatus: | ||
status: Degraded | ||
message: 'connect failed: cannot get referenced Provider: ProviderConfig.aws.crossplane.io | ||
"provider-aws1" not found' | ||
inputPath: testdata/ReconcileError.yaml | ||
- healthStatus: | ||
status: Healthy | ||
message: Available | ||
inputPath: testdata/healthy.yaml |
54 changes: 54 additions & 0 deletions
54
resource_customizations/iam.aws.crossplane.io/Role/testdata/ReconcileError.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
apiVersion: iam.aws.crossplane.io/v1beta1 | ||
kind: Role | ||
metadata: | ||
name: example | ||
spec: | ||
deletionPolicy: Delete | ||
forProvider: | ||
assumeRolePolicyDocument: | | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Federated": "arn:aws:iam::123:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/123ABC" | ||
}, | ||
"Action": "sts:AssumeRoleWithWebIdentity", | ||
"Condition": { | ||
"StringEquals": { | ||
"oidc.eks.eu-north-1.amazonaws.com/id/123ABC:sub": "system:serviceaccount:ABC:example", | ||
"oidc.eks.eu-north-1.amazonaws.com/id/123ABC:aud": "sts.amazonaws.com" | ||
} | ||
} | ||
} | ||
] | ||
} | ||
description: example | ||
maxSessionDuration: 3600 | ||
path: / | ||
tags: | ||
- key: crossplane-kind | ||
value: role.iam.aws.crossplane.io | ||
- key: crossplane-name | ||
value: example | ||
- key: crossplane-providerconfig | ||
value: provider-aws | ||
providerConfigRef: | ||
name: provider-aws1 | ||
status: | ||
atProvider: | ||
arn: arn:aws:iam::123:role/examples-s31 | ||
roleID: ABC123 | ||
conditions: | ||
- lastTransitionTime: "2024-07-11T13:51:47Z" | ||
reason: Available | ||
status: "True" | ||
type: Ready | ||
- lastTransitionTime: "2024-07-11T13:54:11Z" | ||
message: 'connect failed: cannot get referenced Provider: ProviderConfig.aws.crossplane.io | ||
"provider-aws1" not found' | ||
reason: ReconcileError | ||
status: "False" | ||
type: Synced |
52 changes: 52 additions & 0 deletions
52
resource_customizations/iam.aws.crossplane.io/Role/testdata/healthy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
apiVersion: iam.aws.crossplane.io/v1beta1 | ||
kind: Role | ||
metadata: | ||
name: example | ||
spec: | ||
deletionPolicy: Delete | ||
forProvider: | ||
assumeRolePolicyDocument: | | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Federated": "arn:aws:iam::123:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/123ABC" | ||
}, | ||
"Action": "sts:AssumeRoleWithWebIdentity", | ||
"Condition": { | ||
"StringEquals": { | ||
"oidc.eks.eu-north-1.amazonaws.com/id/123ABC:sub": "system:serviceaccount:ABC:example", | ||
"oidc.eks.eu-north-1.amazonaws.com/id/123ABC:aud": "sts.amazonaws.com" | ||
} | ||
} | ||
} | ||
] | ||
} | ||
description: example | ||
maxSessionDuration: 3600 | ||
path: / | ||
tags: | ||
- key: crossplane-kind | ||
value: role.iam.aws.crossplane.io | ||
- key: crossplane-name | ||
value: example | ||
- key: crossplane-providerconfig | ||
value: provider-aws | ||
providerConfigRef: | ||
name: provider-aws | ||
status: | ||
atProvider: | ||
arn: arn:aws:iam::123:role/example | ||
roleID: ABC123 | ||
conditions: | ||
- lastTransitionTime: "2024-07-11T07:49:50Z" | ||
reason: Available | ||
status: "True" | ||
type: Ready | ||
- lastTransitionTime: "2024-07-11T07:49:49Z" | ||
reason: ReconcileSuccess | ||
status: "True" | ||
type: Synced |
41 changes: 41 additions & 0 deletions
41
resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health.lua
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
local hs = {} | ||
if obj.status ~= nil then | ||
if obj.status.conditions ~= nil then | ||
local ready = false | ||
local synced = false | ||
local suspended = false | ||
for i, condition in ipairs(obj.status.conditions) do | ||
|
||
if condition.type == "Ready" then | ||
ready = condition.status == "True" | ||
ready_message = condition.reason | ||
elseif condition.type == "Synced" then | ||
synced = condition.status == "True" | ||
if condition.reason == "ReconcileError" then | ||
synced_message = condition.message | ||
elseif condition.reason == "ReconcilePaused" then | ||
suspended = true | ||
suspended_message = condition.reason | ||
end | ||
end | ||
end | ||
if ready and synced then | ||
hs.status = "Healthy" | ||
hs.message = ready_message | ||
elseif synced == false and suspended == true then | ||
hs.status = "Suspended" | ||
hs.message = suspended_message | ||
elseif ready == false and synced == true and suspended == false then | ||
hs.status = "Progressing" | ||
hs.message = "Waiting for RolePolicyAttachment to be available" | ||
else | ||
hs.status = "Degraded" | ||
hs.message = synced_message | ||
end | ||
return hs | ||
end | ||
end | ||
|
||
hs.status = "Progressing" | ||
hs.message = "Waiting for RolePolicyAttachment to be created" | ||
return hs |
10 changes: 10 additions & 0 deletions
10
resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health_test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
tests: | ||
- healthStatus: | ||
status: Degraded | ||
message: 'create failed: failed to attach the policy to role: NoSuchEntity: The | ||
role with name example cannot be found.' | ||
inputPath: testdata/ReconcileError.yaml | ||
- healthStatus: | ||
status: Healthy | ||
message: Available | ||
inputPath: testdata/healthy.yaml |
25 changes: 25 additions & 0 deletions
25
...ce_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/ReconcileError.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
apiVersion: iam.aws.crossplane.io/v1beta1 | ||
kind: RolePolicyAttachment | ||
metadata: | ||
name: example | ||
spec: | ||
deletionPolicy: Delete | ||
forProvider: | ||
policyArn: arn:aws:iam::123:policy/example | ||
roleName: example | ||
providerConfigRef: | ||
name: provider-aws | ||
status: | ||
atProvider: | ||
attachedPolicyArn: "" | ||
conditions: | ||
- lastTransitionTime: "2024-07-11T13:44:28Z" | ||
reason: Creating | ||
status: "False" | ||
type: Ready | ||
- lastTransitionTime: "2024-07-11T13:44:28Z" | ||
message: 'create failed: failed to attach the policy to role: NoSuchEntity: The | ||
role with name example cannot be found.' | ||
reason: ReconcileError | ||
status: "False" | ||
type: Synced |
Oops, something went wrong.