Releases: tidbcloud/provider-aws
Releases · tidbcloud/provider-aws
v0.20.20
What's Changed
- bump crossplane runtime version to v0.15.1 by @zjj2wry in #51
- upgrade crossplane-runtime to v0.19.3 by @liubog2008 in #52
- Update ci.yml by @fgksgf in #53
New Contributors
- @liubog2008 made their first contribution in #52
Full Changelog: v0.20.19...v0.20.20
v0.20.19
v0.20.18
v0.20.17
v0.20.16
v0.20.15
Enable required resources (#46) * Add lambda api group and controller Signed-off-by: Hanlin Shi <[email protected]> * Add vpc endpoint and vpc endpoint service controllers Signed-off-by: Hanlin Shi <[email protected]>
v0.20.14
Merge upstream branch v0.23.0 into pingcap/provider-aws (#37) * fix(eks-kubeconfig): eks-presignGetCallerIdentity Signed-off-by: haarchri <[email protected]> * Add haarchri as a maintainer See https://github.com/crossplane/org/issues/20 Signed-off-by: Nic Cope <[email protected]> * Add support for associating an IdentityProviderConfig to an EKS cluster Signed-off-by: Mathias Åhsberg <[email protected]> * update signing region based on partition Signed-off-by: smcavallo <[email protected]> * fix(injected-identity): fix multioregion with injected identity since 0.20.0 Signed-off-by: haarchri <[email protected]> * feat(secretsmanager): Add support for resource policies Signed-off-by: Maximilian Blatt <[email protected]> (external expert on behalf of DB Netz AG) * Add EKS Addon resource (#872) * Add EKS Addon resource Signed-off-by: Maximilian Blatt <[email protected]> (externel expert on behalf of DB Netz AG) * Add custom origin example for distribution Signed-off-by: gstramandinoli <[email protected]> * map originSSLProtocols Signed-off-by: Steven Borrelli <[email protected]> * Implement Amazon MQ service (#734) * feat(aws): add support for amazon mq Signed-off-by: Praveen Ghuge <[email protected]> Co-authored-by: haarchri <[email protected]> * Tweak DynamoDb table update logic https://github.com/crossplane/provider-aws/pull/839 The above PR recently fixed this controller such that it was possible to configure PAY_PER_REQUEST and SSE, but part of doing this involved potentially making a no-op update and ignoring the resulting error. This commit avoids the no-op update by (hopefully) improving the logic that determines which update(s) are needed. Signed-off-by: Nic Cope <[email protected]> * Use camelCase connection detail keys for DynamoDB tables There's no documented standard here, but the convention is camelCase. Signed-off-by: Nic Cope <[email protected]> * Added tags for iam policy Signed-off-by: Raghav Grover <[email protected]> * readme: add release policy Signed-off-by: Muvaffak Onus <[email protected]> * Implement GlobalSecondaryIndexes Signed-off-by: sergenyalcin <[email protected]> (cherry picked from commit 4cad9633c64ee75ada56ee46ecda1b64525f58d6) * dynamodb.table: add support for updating globalsecondaryindexes Signed-off-by: Muvaffak Onus <[email protected]> * dynamodb.table: add unit tests for global secondary index diff Signed-off-by: Muvaffak Onus <[email protected]> * fix s3 notificationConfiguration Signed-off-by: smcavallo <[email protected]> * fix s3 paymentConfiguration preventing bucket from being ready Signed-off-by: smcavallo <[email protected]> * observe iampolicy which already exists Signed-off-by: smcavallo <[email protected]> * upgrade to aws-sdk-go-v2 - 2021-11-06 Signed-off-by: smcavallo <[email protected]> * feat(cw): added loggroup Signed-off-by: haarchri <[email protected]> * use getCallerIdentity to determine policy arn Signed-off-by: smcavallo <[email protected]> * consider policy with path Signed-off-by: smcavallo <[email protected]> * add path to examples Signed-off-by: smcavallo <[email protected]> * policy ext-name should return better exception Signed-off-by: smcavallo <[email protected]> * kms.alias: make it manually-written because removing parameters cause empty spec which makes the for loops in conversion functions throw compile errors since there is nothing to process and variables end up unused Signed-off-by: Muvaffak Onus <[email protected]> * kms.key: assume the key is removed once it is in pendingdeletion state otherwise it will not go away for days. Signed-off-by: Muvaffak Onus <[email protected]> * kms.alias: filter the alias list with alias name Signed-off-by: Muvaffak Onus <[email protected]> * github: add release issue Signed-off-by: Muvaffak Onus <[email protected]> * Manually late-init CloudFront Distributions CloudFront Distributions and CachePolicies were built to use a generic reflect based late initialization library that can match two similar structs. While this approach is probably good for simpler APIs and is much more scalable than hand writing code as I've done here, we found that it was tricky to debug and customise the late-init logic and the IsUpToDate functions that use it. Notably, the Distribution API seems to: * Always return CloudFrontDefaultCertificate: nil, which causes false positives in IsUpToDate. * Not return slices in the order they were supplied, making it impossible to late init slices of structs based on index alone. * Require some slices of structs (e.g. Origins) to be late initialized. I believe the reflect based late-init library attempts to late init slices under the assumption that the actual and desired elements will be in the same order. It also appears to append actual elements to the desired slice when the actual slice is longer than the desired slice, which would prevent us from removing elements from the desired slice (since they'd be late-init-ed right back in during Observe, resetting the desired state). This manual implementation follows our typical pattern of only late-initing nil slices which avoids the above problem. However in some cases we _must_ late init elements of slices (e.g. late init the Origin structs) in order to be able to perform an update. The Distribution API requires a create, read, then update flow where many of the fields that are optional at create time are defaulted and subsequently required at update time. In order to handle this we special case Origins, matching them on their (unique) ID fields. We may need to do this for other slices of structs such as OriginGroups. At a glance the CachePolicy API appears simpler and thus hopefully doesn't suffer from many of these issues, but it probably warrants a closer look in future to be sure. Signed-off-by: Nic Cope <[email protected]> * Move reflect based late init implementation to CachePolicy This is now the only controller that consumes it. Signed-off-by: Nic Cope <[email protected]> * iam.rolepolicyattachment: clean up old code that relies on functionality that already exists in runtime Signed-off-by: Muvaffak Onus <[email protected]> * iam: clean up old code that duplicates functionality from runtime Signed-off-by: Muvaffak Onus <[email protected]> * Review comments Signed-off-by: Raghav Grover <[email protected]> * Fix some Distribution late-init logic, test some of the nil checks We had a few places where we tested whether a parent struct was nil, but then tried to set fields of that parent struct outside the if-not-nil clause. I've added partial tests for these cases too. Signed-off-by: Nic Cope <[email protected]> * Remove gomega from S3 tests We're attempting to remove all usage of gomega, in favor of using just cmp. https://github.com/golang/go/wiki/TestComments#assert-libraries Signed-off-by: Nic Cope <[email protected]> * :s/s3Testing/s3testing/g in package imports We typically aim for import aliases that would also be valid package names. Signed-off-by: Nic Cope <[email protected]> * s3 replicationConfiguration with delete marker enabled and fixes Signed-off-by: smcavallo <[email protected]> * feat(route53resolver): added postObserve status Signed-off-by: haarchri <[email protected]> * ec2.securitygroup: add security group resolver (#592) Signed-off-by: Carl Henrik Lunde <[email protected]> * ec2.securitygroup: fix add, implement revoke/update ingress and egress rules When adding a rule, we should not send the complete rule set, only the new rule. When updating a rule, we must first delete it. And with that done, we also support deleting rules. Fixes #503 Fixes #300 Signed-off-by: Carl Henrik Lunde <[email protected]> * ec2.securitygroup: remove late init of rules Rules are keyless arrays. The code to late-init them often corrupted data by copying data between rules. Signed-off-by: Carl Henrik Lunde <[email protected]> * ec2.securitygroup: GroupID/GroupName is a valid key Signed-off-by: Carl Henrik Lunde <[email protected]> * ec2.securitygroup: Ignore slice order in tests Signed-off-by: Carl Henrik Lunde <[email protected]> * Adding back the auto generated iampolicy crd Signed-off-by: Raghav Grover <[email protected]> * Allow explicitly specifying DynamoDB table billingMode: PROVISIONED Previously specifying billingMode: PROVISIONED would result in a constant update loop, because the DynamoDB DescribeTable API omits the billing mode from its response when it's set to PROVISIONED. Signed-off-by: Nic Cope <[email protected]> * Allow explicitly specifying DynamoDB Table streamEnabled: false This is another case where DescribeTableOutput has an 'implied' default value of false. That value differing from our explicit value of false was causing Crossplane to think it needed to make an update when it did not. Signed-off-by: Nic Cope <[email protected]> * identity.iampolicy: Disable gocyclo after two merges broke CI CI tests for two individual PRs were OK, but after the merge, CI fails due to the combined cyclomatic complexity of the function. Since every PR from master at this point will fail until it is fixed, I think the lowest risk now is to disable this lint check. Signed-off-by: Carl Henrik Lunde <[email protected]> * rdsinstance: Use ResourceLateInitialized from crossplane-runtime When creating a new database, late init would trigger a kubernetes update in the Observe method, which in turn would trigger an error in crossplane-runtime: 2021-09-12T15:29:23.921+0200 ERROR controller-runtime.manager.controller.managed/rdsinstance.database.aws.crossplane.io Reconciler error {"reconciler group": "database.aws.crossplane.io", "reconciler kind": "RDSInstance", "name": "example-rds", "namespace": "", "error": "cannot update managed resource status: Operation cannot be fulfilled on rdsinstances.database.aws.crossplane.io \"example-rds\": the object has been modified; please apply your changes to the latest version and try again", "errorVerbose": "Operation cannot be fulfilled on rdsinstances.database.aws.crossplane.io \"example-rds\": the object has been modified; please apply your changes to the latest version and try again\ncannot update managed resource status\n...."} Prevent this error by instead setting ResourceLateInitialized for crossplane, which will make crossplane-runtime do the update call instead, and avoid the error message. Signed-off-by: Carl Henrik Lunde <[email protected]> * fix(nat): tags and tagspecification Signed-off-by: haarchri <[email protected]> * feat(bottlerocket): added informations for eks-bottlerocket-nodegroup Signed-off-by: haarchri <[email protected]> * add basic install command Signed-off-by: Nic Grayson <[email protected]> * Add make target to identify the go build cache directory The build submodule currently overrides XDG_CACHE_HOME in order to force the Helm 3 to use the .work/helm directory. This causes Go on Linux machines to use that directory as the build cache as well. We should adjust this behavior in the build submodule because it is also causing Linux users to duplicate their build cache, but for now we just make it easier to identify its location in CI so that we cache between builds. Signed-off-by: hasheddan <[email protected]> * Consume go.cachedir in CI workflow Updates CI workflow to cache based on go.cachedir to work around the fact that we override the GOCACHE in our make context due to the inclusion of helm.mk. Signed-off-by: hasheddan <[email protected]> * feat(rds): #984 added ref and selector for *parameterGroup Signed-off-by: haarchri <[email protected]> * move storage of operationid into annotations Signed-off-by: Steven Borrelli <[email protected]> * Update apis/servicediscovery/v1alpha1/custom_types.go group import statements Co-authored-by: muvaffak onuş <[email protected]> Signed-off-by: Steven Borrelli <[email protected]> * fix(fmt): #988 fix gofmt-servicediscovery Signed-off-by: haarchri <[email protected]> * Fixing constantly update requests problem of replicationgroup Signed-off-by: Sergen Yalçın <[email protected]> * glue.crawler: ignore problematic field in and set its value in handwritten code Signed-off-by: Muvaffak Onus <[email protected]> * lambda.function: ignore problematic field in and set its value in handwritten code Signed-off-by: Muvaffak Onus <[email protected]> * ack regenerate Signed-off-by: Muvaffak Onus <[email protected]> * Bumping CODE_GENERATOR_COMMIT to capture fix for Issue 876 Signed-off-by: Aaron Eaton <[email protected]> * code-generator: bump code-generator to the latest commit that has fixes to make it work with Crossplane again Signed-off-by: Muvaffak Onus <[email protected]> (cherry picked from commit 0d2ea7e7640549d2344052353e1e07f2580a1dd1) * ec2.vpccidrblock: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * ecr.repository: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * ecr.repositorypolicy: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * eks.fargateprofile: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * examples: update for new v1beta1 CRDs Signed-off-by: Muvaffak Onus <[email protected]> * ec2.vpccidrblock: use angryjet reference resolver generator Signed-off-by: Muvaffak Onus <[email protected]> * Generating code with latest code-generator Signed-off-by: Aaron Eaton <[email protected]> * acm.certificate: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * acm.certificate: remove renew certificate action since it is imperative and hard to get right in declarative fashion and add tagger Signed-off-by: Muvaffak Onus <[email protected]> * acmcpa.certificateauthority: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * acm.certificate: change the schema in v1beta1 to conform to the shape of the corresponding type in SDK Signed-off-by: Muvaffak Onus <[email protected]> * acmpca.certificatepermission: upgrade to v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * fix(cleanup): rerun generator after #920 merge Signed-off-by: haarchri <[email protected]> * feat(rds): added rds-apply-immediately field Signed-off-by: haarchri <[email protected]> * feat(addedStsAssumeRole) added assumeRoleArn Signed-off-by: haarchri <[email protected]> * iam: rename identity group to iam but keep v1beta1 ones intact to give users time to migrate Signed-off-by: Muvaffak Onus <[email protected]> * iam: move all kinds in identity.v1alpha1 to iam.v1beta1 Signed-off-by: Muvaffak Onus <[email protected]> * iam: update examples Signed-off-by: Muvaffak Onus <[email protected]> * iam.accesskey: rename IAMAccessKey to AccessKey Signed-off-by: Muvaffak Onus <[email protected]> * iam.role: rename IAMRole to Role Signed-off-by: Muvaffak Onus <[email protected]> * iam.grouppolicyattachment: rename IAMGroupPolicyAttachment to GroupPolicyAttachment Signed-off-by: Muvaffak Onus <[email protected]> * iam.groupusermembership: rename IAMGroupUserMembership to GroupUserMembership Signed-off-by: Muvaffak Onus <[email protected]> * iam.userpolicyattachment: rename IAMUserPolicyAttachment to UserPolicyAttachment Signed-off-by: Muvaffak Onus <[email protected]> * iam.user: rename IAMUser to User Signed-off-by: Muvaffak Onus <[email protected]> * iam.group: rename IAMGroup to Group Signed-off-by: Muvaffak Onus <[email protected]> * iam.policy: rename IAMPolicy to Policy Signed-off-by: Muvaffak Onus <[email protected]> * iam.rolepolicyattachment: rename IAMRolePolicyAttachment to RolePolicyAttachment Signed-off-by: Muvaffak Onus <[email protected]> * identity.iamrole and identity.iamrolepolicyattachment: remove CRDs and their controllers similar to v1alpha1 ones to reduce the risk of something going wrong during migration Signed-off-by: Muvaffak Onus <[email protected]> * upgrade: add upgrade guide for IAM resources Signed-off-by: Muvaffak Onus <[email protected]> * upgrade guide: add composition instructions Signed-off-by: Muvaffak Onus <[email protected]> * Implement Cloudfront Origin Access Identity (#929) * Implement Cloudfront Origin Access Identity (#929) Signed-off-by: Steven Borrelli <[email protected]> * feat(volume): ec2 volume Signed-off-by: haarchri <[email protected]> * feat(tgw): added ec2 transitgateway & transitgateway vpc attachment Signed-off-by: haarchri <[email protected]> * update doc links Signed-off-by: Steven Borrelli <[email protected]> * Add IOT/Thing Managed Resource Signed-off-by: sergenyalcin <[email protected]> * added external crossplane tags by default on iam.Role Signed-off-by: Cecilia Bernardi <[email protected]> * Add instructions to use kube2iam authentication This PR aims to clarify the configuration needed to use kube2iam to authenticate to AWS in a non-EKS cluster (cf. Slack discussion [here](https://crossplane.slack.com/archives/CEG3T90A1/p1639651106294400?thread_ts=1639591534.284400&cid=CEG3T90A1) Signed-off-by: yogeek <[email protected]> * feat(glue): followup cleanup cr.name to external.name Signed-off-by: haarchri <[email protected]> * feat(resolvers) added more s3 resolvers and changed to generated.resolvers Signed-off-by: haarchri <[email protected]> * add iamrole shortname Signed-off-by: smcavallo <[email protected]> * add ec2 route api & controller Signed-off-by: Dkaykay <[email protected]> * fix sync and ready states not being shown by kubectl Signed-off-by: Dkaykay <[email protected]> * reset ec2 route crd Signed-off-by: Dkaykay <[email protected]> * feat(ec2-route): rebase master & added create,observe,delete & resolvers Signed-off-by: haarchri <[email protected]> * feat(athena-workgroup): added athena workgroup object Signed-off-by: haarchri <[email protected]> * fix(docs): fix docs to current aws-go-sdk 1.37.10 for code-gen Signed-off-by: haarchri <[email protected]> * feat(ram): added ram Signed-off-by: haarchri <[email protected]> * fix(tagger): tagger fixed for tgw/tgwvpcattachment Signed-off-by: haarchri <[email protected]> * Remove inaccurate deprecation warning from v1beta1 type Removes the deprecation warning from certificate authority permission v1beta1 as it should only exist on v1alpha1. Signed-off-by: hasheddan <[email protected]> * Add Ipv6CIDRBlock support in VPC Signed-off-by: vaspahomov <[email protected]> * Add Ipv6Pool support in VPC Signed-off-by: vaspahomov <[email protected]> * feat(printcolumn) added ipv6CIDRBlock as printcolumn Signed-off-by: haarchri <[email protected]> * feat(kafka): added kafka configurations & kafka server refs,selectors Signed-off-by: haarchri <[email protected]> * feat: implement VPC Endpoint for AWS Provider Signed-off-by: Darryl Sw <[email protected]> * feat(ec2): rebased, set generated resolvers, cleanup Signed-off-by: haarchri <[email protected]> * Restoring build submodule Signed-off-by: Aaron Eaton <[email protected]> * Add elbv2 resources Adds the Loadbalancer, Listener, and TargetGroup resources from the elbv2 api. Signed-off-by: EdgeJ <[email protected]> * feat(elbv2): changed examples to fits after last cleanup Signed-off-by: haarchri <[email protected]> * Launch Template and Luanch Template Version resources added Signed-off-by: Tanuj Dwivedi <[email protected]> * feat(ec2-launchtemplate): set referencers, skip dryRun & clientToken, set correct examples Signed-off-by: haarchri <[email protected]> * feat(transitgatewayroutes): added transitgatewayroutes and transitgatewayroutetable Signed-off-by: haarchri <[email protected]> * feat(vpcendpointserviceconfiguration) added ec2 vpcendpointserviceconfiguration Signed-off-by: haarchri <[email protected]> * fix(e2e-test) changed pkg.crossplane.io to v1 Signed-off-by: haarchri <[email protected]> * fix(init): #1049 fix problem that kms-key external-name Signed-off-by: haarchri <[email protected]> * fix(name): fix &cr.name Signed-off-by: haarchri <[email protected]> * fix(glue) fix securityconfig &cr.name Signed-off-by: haarchri <[email protected]> * feat(stream): added kinesis stream Signed-off-by: haarchri <[email protected]> * Remove unuse controller * Support vpcpeering * Rewrite peering logic * Rewrite peering logic * add docker file * fix-lint * fix lint * fix lint * avoid legacy ec2 dependencies Signed-off-by: Aylei <[email protected]> * fix aws peering post-processing Signed-off-by: Aylei <[email protected]> * fix ut Signed-off-by: Aylei <[email protected]> * fix vpc peering deletion Signed-off-by: Aylei <[email protected]> * fix peering check Signed-off-by: Aylei <[email protected]> * format Signed-off-by: Aylei <[email protected]> * add building image to ci (#18) * debug gha * delete debug code * Fix AWS VPC Peering Pending to Delete Issue (#20) Co-authored-by: Yan Ou <[email protected]> * bump alpine (base image) for security (#22) * disable CGO_ENABLED (#23) * Update ci.yml * DM-2654 Clean RouteTables (#21) * check routes * fix errors * check routes by peeringID * change func name from checkRoutes to countRoutes * do delete() again if vpcconnections are 0 by Observer() Co-authored-by: Yan Ou <[email protected]> * Fix delete unready vpc peering will panic (#24) * Reconcile EKS clusters and node groups. (#26) The commit is slightly modified from commit d912a8b5756034904a2c7384d2949ac26180957a. Changes: - AWS controller now reconciles EKS clusters and node groups. - AWS controller now recognizes assume-role and external-id from provider configs. * Fix vpc connetion can not got ready (#25) * Fix vpc connetion can not got ready * remove debug log * deprecated aws error * fix ut * address comments * remove debug log * fix bug * rollback code * fix ci (#27) * fix ci * Update .github/workflows/ci.yml * Update max reconciles worker to 1 (#28) * fix s3 paymentConfiguration preventing bucket from being ready (#29) Signed-off-by: smcavallo <[email protected]> Co-authored-by: smcavallo <[email protected]> * Reduce unnecessary AWS API requests (#30) * Reduce unnecessary AWS API requests * add unittest * Fix can not delete pending accept vpc peering (#33) * Improve the duration of backoff and requeue internal (#35) * Support internal vpc peering connection (#32) * fix s3 paymentConfiguration preventing bucket from being ready Signed-off-by: smcavallo <[email protected]> * Reduce unnecessary AWS API requests * add unittest * Support internal vpc peering connection * Fix unittest failed * Add unittest * rebase * add unittest when delete vpc peering * Refactor code to support cross region * remove unused client * address comments * fix unittest Co-authored-by: smcavallo <[email protected]> * add failed and rejected status to vpc peering filter (#36) * add failed and rejected status to vpc peering filter * add unittest * Aviod call modify vpc peering option * Update kernel security base image (#34) * Update kernel security base image * Update Dockerfile * Update Dockerfile * Make it buildable * rebase * register eksmanualv1alpha1 api * rebase * Add support for external ID when assume role Signed-off-by: Hanlin Shi <[email protected]> * fix(lables): eks-nodegroup Signed-off-by: haarchri <[email protected]> Co-authored-by: haarchri <[email protected]> Co-authored-by: muvaffak onuş <[email protected]> Co-authored-by: Nic Cope <[email protected]> Co-authored-by: Mathias Åhsberg <[email protected]> Co-authored-by: smcavallo <[email protected]> Co-authored-by: Maximilian Blatt <[email protected]> Co-authored-by: MisterMX <[email protected]> Co-authored-by: gstramandinoli <[email protected]> Co-authored-by: Steven Borrelli <[email protected]> Co-authored-by: Praveen Ghuge <[email protected]> Co-authored-by: Nic Cope <[email protected]> Co-authored-by: Raghav Grover <[email protected]> Co-authored-by: sergenyalcin <[email protected]> Co-authored-by: Carl Henrik Lunde <[email protected]> Co-authored-by: Nic Grayson <[email protected]> Co-authored-by: hasheddan <[email protected]> Co-authored-by: Daniel Mangum <[email protected]> Co-authored-by: Steven Borrelli <[email protected]> Co-authored-by: Alper Rifat Ulucinar <[email protected]> Co-authored-by: Aaron Eaton <[email protected]> Co-authored-by: Cecilia Bernardi <[email protected]> Co-authored-by: Guillaume Dupin <[email protected]> Co-authored-by: Dkaykay <[email protected]> Co-authored-by: vaspahomov <[email protected]> Co-authored-by: Darryl Sw <[email protected]> Co-authored-by: EdgeJ <[email protected]> Co-authored-by: Tanuj Dwivedi <[email protected]> Co-authored-by: qiffang <[email protected]> Co-authored-by: Aylei <[email protected]> Co-authored-by: Hoshea Jiang <[email protected]> Co-authored-by: Yan-Ou <[email protected]> Co-authored-by: Yan Ou <[email protected]> Co-authored-by: Xuecheng Zhang <[email protected]> Co-authored-by: Jiajin Zheng <[email protected]> Co-authored-by: rajeshwerrao madoori <[email protected]> Co-authored-by: Jiajin Zheng <[email protected]> Co-authored-by: Hanlin Shi <[email protected]>