To allow for more flexible credential methods, we provide common
selectors but do not enforce source enum or restrict from adding
additional selectors. The CredentialsSelectors are meant to be embedded
inline in a ProviderConfig's spec.credentials object.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
Moves the core embedded API types out of the core/v1alpha1 directory and
into common/v1. These types are used by many mature APIs and are now
recognized as stable. This new package should be imported with alias
xpv1 by convention.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
After some discussion amongst the community we felt this more accurately
represents a credentials source where credentials are derived from the
provider pod's identity (i.e. env vars, files, etc).
Signed-off-by: Nic Cope <negz@rk0n.org>
This field distinguishes credentials configuration from other (currently
hypothetical) aspects of provider configuration. It also introduces a
'spec.credentials.source' field that can be used to determine which credentials
source the provider intends to use.
Signed-off-by: Nic Cope <negz@rk0n.org>
This cocndition indicates that a ProviderConfig is being deleted, but blocking
because it still has users. The condition mirrors the similar PVC condition.
There is no inverse of 'Terminating', because a ProviderConfig cannot recover
from the condition.
Signed-off-by: Nic Cope <negz@rk0n.org>
This commit adds a reconciler and some utiltiies that allow Crossplane providers
to track the usage of their ProviderConfig resources. To do so, a provider must:
* Apply a ProviderConfigUsage each time a managed resource successfully connects
to its external API using a ProviderConfig (or is reasonably expected to be
about to do so). The Apply should be a no-op if there is an existing
ProviderConfigUsage for the managed resource - the IsNotAllowed ApplyOption
may be used to establish this.
* Start a controller that watches for ProviderConfigs and ProviderConfigUsages
using the supplied providerconfig.Reconciler.
Signed-off-by: Nic Cope <negz@rk0n.org>
The references resolved condition was marked deprecated in v0.8 and has no known
callers. The secret resolution success condition is only used by the target
controller.
Signed-off-by: Nic Cope <negz@rk0n.org>
The deletion policy is a more narrowly scoped variant of the reclaim policy. It
affects only whether exeternal resources are deleted or orphaned when their
corresponding managed resource is deleted, as opposed to the reclaim policy
which also affects whether the managed resource is deleted when its bound claim
is deleted.
Signed-off-by: Nic Cope <negz@rk0n.org>
Provider reference is a required field for types that embed it. In
practice, accessing the Name field of a Provider reference should never
result in a nil pointer dereference, but it is still an unsafe
operation. Changing the Provider reference to a non-pointer absolves the
user from checking for a nil reference each time it is used.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
We are currently using corev1.ObjectReference for provider resources.
This includes more information than needed and encourages
using helper methods that may depend on other fields in the type that we
do not intend to be utilized. This updates provider references
fields to use the Reference type, which only has a name field.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
This commit introduces managed.APISimpleReferenceResolver, which satisfies the
managed.ReferenceResolver interface. This variant requires much less plumbing
and reflection because it expects that managed resources expose a single
ResolveReferences method that will optionally select and then resolve any
resource references. It also adds a new pkg/reference which contains a library
that managed resource authors _may_ choose to use to avoid reimplementing common
reference selection and resolution logic.
The existing managed.APIReferenceResolver implementation remains the default,
but is marked deprecated and will be removed once all managed resources use the
APISimpleReferenceResolver. Notably, the "reference resolution" condition is no
longer set by managed.Reconciler - managed resources will report reference
resolution issues via the Synced condition (i.e. as a ReconcileError).
Signed-off-by: Nic Cope <negz@rk0n.org>
This commit changes the meaning of the resource claim resource policy to match
https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming as
closely as possible, minus the deprecated 'Recycle' policy. Previously the
reclaim policy dictated only what happened to the external resource when its
managed resource was deleted.
Signed-off-by: Nic Cope <negz@rk0n.org>
Reference resolution is now a no-op if nothing changes, so we run it on every
reconcile. We also run it after delete has been handled, so unresolved
references will only block creates and updates.
This commit means we'll make more get calls to the cache (or API) in order to
resolve our references each reconcile, and also risk potentially changing the
values of 'immutable' fields automatically if and when our references resources
change. I believe we should address this by having referencers be no-ops when
the field value they would set is already set.
I attempted to move reference resolution to right before we call create or
update (i.e. after observe and delete), but it turns out certain resources
(specifically GCP Connections) could need references to be resolved in order to
observe the external resource.
Signed-off-by: Nic Cope <negz@rk0n.org>
This allows us to require that name (and namespace where appropriate) are set at
the CRD level. In the case of cluster scoped resources that reference secrets
this is less surprising than defaulting to the `default` namespace when the
namespace is omitted.
Signed-off-by: Nic Cope <negz@rk0n.org>
This commit renames "non portable resource class" back to "resource class", and
requires that resource claims reference a (non portable) resource class in any
namespace.
Signed-off-by: Nic Cope <negz@rk0n.org>
- Removing the panic recovery logic
- Removing the superfluous IsConditionReady method
- Adding Nic's unit-tests for GetCondition and IsConditionTrue
- Minor other fixes
Signed-off-by: soorena776 <javad@upbound.io>
The GoDoc strings for the API types are used to generate user visible
documentation, for example the API documentation and CRD fields. This commit
ensures the GoDoc is complete, and makes sense in the context of user facing
documentation.
Signed-off-by: Nic Cope <negz@rk0n.org>
hasheddan
Nic Cope
Muvaffak Onus
Daniel Mangum
soorena776
Hasan Turken