Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the --enable-upjet-extensions command-line option to process CRDs generated by upjet #160

Merged
merged 1 commit into from
Nov 15, 2023
Merged

Add the --enable-upjet-extensions command-line option to process CRDs generated by upjet #160

merged 1 commit into from
Nov 15, 2023

Conversation

ulucinar
Copy link
Contributor

@ulucinar ulucinar commented Nov 2, 2023

Description of your changes

This PR adds the --enable-upjet-extensions common command-line option to the crddiff sub-commands revision & self to process CRDs generated by upjet. Currently, this enables processing of required properties defined by the x-kubernetes-validations CEL rules in upjet-generated CRDs. This enables crddiff to catch the breaking API changes introduced with upjet-generated CEL rules for the conditionally required spec.forProvider fields. Upjet generates these conditions based on the management policies declared with the spec.managementPolicies field.

I have:

  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

Tested with the crddiff revision sub-command using the attached CRDs:

crd_old.yaml 
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
  controller-gen.kubebuilder.io/version: v0.13.0
name: identityproviderconfigs.eks.aws.upbound.io
spec:
group: eks.aws.upbound.io
names:
  categories:
  - crossplane
  - managed
  - aws
  kind: IdentityProviderConfig
  listKind: IdentityProviderConfigList
  plural: identityproviderconfigs
  singular: identityproviderconfig
scope: Cluster
versions:
- additionalPrinterColumns:
  - jsonPath: .status.conditions[?(@.type=='Ready')].status
    name: READY
    type: string
  - jsonPath: .status.conditions[?(@.type=='Synced')].status
    name: SYNCED
    type: string
  - jsonPath: .metadata.annotations.crossplane\.io/external-name
    name: EXTERNAL-NAME
    type: string
  - jsonPath: .metadata.creationTimestamp
    name: AGE
    type: date
  name: v1beta1
  schema:
    openAPIV3Schema:
      description: IdentityProviderConfig is the Schema for the IdentityProviderConfigs
        API. Manages an EKS Identity Provider Configuration.
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: IdentityProviderConfigSpec defines the desired state of IdentityProviderConfig
          properties:
            deletionPolicy:
              default: Delete
              description: 'DeletionPolicy specifies what will happen to the underlying
                external when this managed resource is deleted - either "Delete"
                or "Orphan" the external resource. This field is planned to be deprecated
                in favor of the ManagementPolicies field in a future release. Currently,
                both could be set independently and non-default values would be
                honored if the feature flag is enabled. See the design doc for more
                information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223'
              enum:
              - Orphan
              - Delete
              type: string
            forProvider:
              properties:
                clusterName:
                  description: –  Name of the EKS Cluster.
                  type: string
                clusterNameRef:
                  description: Reference to a Cluster to populate clusterName.
                  properties:
                    name:
                      description: Name of the referenced object.
                      type: string
                    policy:
                      description: Policies for referencing.
                      properties:
                        resolution:
                          default: Required
                          description: Resolution specifies whether resolution of
                            this reference is required. The default is 'Required',
                            which means the reconcile will fail if the reference
                            cannot be resolved. 'Optional' means this reference
                            will be a no-op if it cannot be resolved.
                          enum:
                          - Required
                          - Optional
                          type: string
                        resolve:
                          description: Resolve specifies when this reference should
                            be resolved. The default is 'IfNotPresent', which will
                            attempt to resolve the reference only when the corresponding
                            field is not present. Use 'Always' to resolve the reference
                            on every reconcile.
                          enum:
                          - Always
                          - IfNotPresent
                          type: string
                      type: object
                  required:
                  - name
                  type: object
                clusterNameSelector:
                  description: Selector for a Cluster to populate clusterName.
                  properties:
                    matchControllerRef:
                      description: MatchControllerRef ensures an object with the
                        same controller reference as the selecting object is selected.
                      type: boolean
                    matchLabels:
                      additionalProperties:
                        type: string
                      description: MatchLabels ensures an object with matching labels
                        is selected.
                      type: object
                    policy:
                      description: Policies for selection.
                      properties:
                        resolution:
                          default: Required
                          description: Resolution specifies whether resolution of
                            this reference is required. The default is 'Required',
                            which means the reconcile will fail if the reference
                            cannot be resolved. 'Optional' means this reference
                            will be a no-op if it cannot be resolved.
                          enum:
                          - Required
                          - Optional
                          type: string
                        resolve:
                          description: Resolve specifies when this reference should
                            be resolved. The default is 'IfNotPresent', which will
                            attempt to resolve the reference only when the corresponding
                            field is not present. Use 'Always' to resolve the reference
                            on every reconcile.
                          enum:
                          - Always
                          - IfNotPresent
                          type: string
                      type: object
                  type: object
                oidc:
                  description: Nested attribute containing OpenID Connect identity
                    provider information for the cluster. Detailed below.
                  items:
                    properties:
                      clientId:
                        description: –  Client ID for the OpenID Connect identity
                          provider.
                        type: string
                      groupsClaim:
                        description: The JWT claim that the provider will use to
                          return groups.
                        type: string
                      groupsPrefix:
                        description: A prefix that is prepended to group claims
                          e.g., oidc:.
                        type: string
                      identityProviderConfigName:
                        description: –  The name of the identity provider config.
                        type: string
                      issuerUrl:
                        description: Issuer URL for the OpenID Connect identity
                          provider.
                        type: string
                      requiredClaims:
                        additionalProperties:
                          type: string
                        description: The key value pairs that describe required
                          claims in the identity token.
                        type: object
                      usernameClaim:
                        description: The JWT claim that the provider will use as
                          the username.
                        type: string
                      usernamePrefix:
                        description: A prefix that is prepended to username claims.
                        type: string
                    type: object
                  type: array
                region:
                  description: Region is the region you'd like your resource to
                    be created in.
                  type: string
                tags:
                  additionalProperties:
                    type: string
                  description: Key-value map of resource tags.
                  type: object
              required:
              - region
              type: object
            initProvider:
              description: THIS IS A BETA FIELD. It will be honored unless the Management
                Policies feature flag is disabled. InitProvider holds the same fields
                as ForProvider, with the exception of Identifier and other resource
                reference fields. The fields that are in InitProvider are merged
                into ForProvider when the resource is created. The same fields are
                also added to the terraform ignore_changes hook, to avoid updating
                them after creation. This is useful for fields that are required
                on creation, but we do not desire to update them after creation,
                for example because of an external controller is managing them,
                like an autoscaler.
              properties:
                oidc:
                  description: Nested attribute containing OpenID Connect identity
                    provider information for the cluster. Detailed below.
                  items:
                    properties:
                      clientId:
                        description: –  Client ID for the OpenID Connect identity
                          provider.
                        type: string
                      groupsClaim:
                        description: The JWT claim that the provider will use to
                          return groups.
                        type: string
                      groupsPrefix:
                        description: A prefix that is prepended to group claims
                          e.g., oidc:.
                        type: string
                      identityProviderConfigName:
                        description: –  The name of the identity provider config.
                        type: string
                      issuerUrl:
                        description: Issuer URL for the OpenID Connect identity
                          provider.
                        type: string
                      requiredClaims:
                        additionalProperties:
                          type: string
                        description: The key value pairs that describe required
                          claims in the identity token.
                        type: object
                      usernameClaim:
                        description: The JWT claim that the provider will use as
                          the username.
                        type: string
                      usernamePrefix:
                        description: A prefix that is prepended to username claims.
                        type: string
                    type: object
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: Key-value map of resource tags.
                  type: object
              type: object
            managementPolicies:
              default:
              - '*'
              description: 'THIS IS A BETA FIELD. It is on by default but can be
                opted out through a Crossplane feature flag. ManagementPolicies
                specify the array of actions Crossplane is allowed to take on the
                managed and external resources. This field is planned to replace
                the DeletionPolicy field in a future release. Currently, both could
                be set independently and non-default values would be honored if
                the feature flag is enabled. If both are custom, the DeletionPolicy
                field will be ignored. See the design doc for more information:
                https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
                and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md'
              items:
                description: A ManagementAction represents an action that the Crossplane
                  controllers can take on an external resource.
                enum:
                - Observe
                - Create
                - Update
                - Delete
                - LateInitialize
                - '*'
                type: string
              type: array
            providerConfigRef:
              default:
                name: default
              description: ProviderConfigReference specifies how the provider that
                will be used to create, observe, update, and delete this managed
                resource should be configured.
              properties:
                name:
                  description: Name of the referenced object.
                  type: string
                policy:
                  description: Policies for referencing.
                  properties:
                    resolution:
                      default: Required
                      description: Resolution specifies whether resolution of this
                        reference is required. The default is 'Required', which
                        means the reconcile will fail if the reference cannot be
                        resolved. 'Optional' means this reference will be a no-op
                        if it cannot be resolved.
                      enum:
                      - Required
                      - Optional
                      type: string
                    resolve:
                      description: Resolve specifies when this reference should
                        be resolved. The default is 'IfNotPresent', which will attempt
                        to resolve the reference only when the corresponding field
                        is not present. Use 'Always' to resolve the reference on
                        every reconcile.
                      enum:
                      - Always
                      - IfNotPresent
                      type: string
                  type: object
              required:
              - name
              type: object
            publishConnectionDetailsTo:
              description: PublishConnectionDetailsTo specifies the connection secret
                config which contains a name, metadata and a reference to secret
                store config to which any connection details for this managed resource
                should be written. Connection details frequently include the endpoint,
                username, and password required to connect to the managed resource.
              properties:
                configRef:
                  default:
                    name: default
                  description: SecretStoreConfigRef specifies which secret store
                    config should be used for this ConnectionSecret.
                  properties:
                    name:
                      description: Name of the referenced object.
                      type: string
                    policy:
                      description: Policies for referencing.
                      properties:
                        resolution:
                          default: Required
                          description: Resolution specifies whether resolution of
                            this reference is required. The default is 'Required',
                            which means the reconcile will fail if the reference
                            cannot be resolved. 'Optional' means this reference
                            will be a no-op if it cannot be resolved.
                          enum:
                          - Required
                          - Optional
                          type: string
                        resolve:
                          description: Resolve specifies when this reference should
                            be resolved. The default is 'IfNotPresent', which will
                            attempt to resolve the reference only when the corresponding
                            field is not present. Use 'Always' to resolve the reference
                            on every reconcile.
                          enum:
                          - Always
                          - IfNotPresent
                          type: string
                      type: object
                  required:
                  - name
                  type: object
                metadata:
                  description: Metadata is the metadata for connection secret.
                  properties:
                    annotations:
                      additionalProperties:
                        type: string
                      description: Annotations are the annotations to be added to
                        connection secret. - For Kubernetes secrets, this will be
                        used as "metadata.annotations". - It is up to Secret Store
                        implementation for others store types.
                      type: object
                    labels:
                      additionalProperties:
                        type: string
                      description: Labels are the labels/tags to be added to connection
                        secret. - For Kubernetes secrets, this will be used as "metadata.labels".
                        - It is up to Secret Store implementation for others store
                        types.
                      type: object
                    type:
                      description: Type is the SecretType for the connection secret.
                        - Only valid for Kubernetes Secret Stores.
                      type: string
                  type: object
                name:
                  description: Name is the name of the connection secret.
                  type: string
              required:
              - name
              type: object
            writeConnectionSecretToRef:
              description: WriteConnectionSecretToReference specifies the namespace
                and name of a Secret to which any connection details for this managed
                resource should be written. Connection details frequently include
                the endpoint, username, and password required to connect to the
                managed resource. This field is planned to be replaced in a future
                release in favor of PublishConnectionDetailsTo. Currently, both
                could be set independently and connection details would be published
                to both without affecting each other.
              properties:
                name:
                  description: Name of the secret.
                  type: string
                namespace:
                  description: Namespace of the secret.
                  type: string
              required:
              - name
              - namespace
              type: object
          required:
          - forProvider
          type: object
        status:
          description: IdentityProviderConfigStatus defines the observed state of
            IdentityProviderConfig.
          properties:
            atProvider:
              properties:
                arn:
                  description: Amazon Resource Name (ARN) of the EKS Identity Provider
                    Configuration.
                  type: string
                clusterName:
                  description: –  Name of the EKS Cluster.
                  type: string
                id:
                  description: EKS Cluster name and EKS Identity Provider Configuration
                    name separated by a colon (:).
                  type: string
                oidc:
                  description: Nested attribute containing OpenID Connect identity
                    provider information for the cluster. Detailed below.
                  items:
                    properties:
                      clientId:
                        description: –  Client ID for the OpenID Connect identity
                          provider.
                        type: string
                      groupsClaim:
                        description: The JWT claim that the provider will use to
                          return groups.
                        type: string
                      groupsPrefix:
                        description: A prefix that is prepended to group claims
                          e.g., oidc:.
                        type: string
                      identityProviderConfigName:
                        description: –  The name of the identity provider config.
                        type: string
                      issuerUrl:
                        description: Issuer URL for the OpenID Connect identity
                          provider.
                        type: string
                      requiredClaims:
                        additionalProperties:
                          type: string
                        description: The key value pairs that describe required
                          claims in the identity token.
                        type: object
                      usernameClaim:
                        description: The JWT claim that the provider will use as
                          the username.
                        type: string
                      usernamePrefix:
                        description: A prefix that is prepended to username claims.
                        type: string
                    type: object
                  type: array
                status:
                  description: Status of the EKS Identity Provider Configuration.
                  type: string
                tags:
                  additionalProperties:
                    type: string
                  description: Key-value map of resource tags.
                  type: object
                tagsAll:
                  additionalProperties:
                    type: string
                  description: A map of tags assigned to the resource, including
                    those inherited from the provider default_tags configuration
                    block.
                  type: object
              type: object
            conditions:
              description: Conditions of the resource.
              items:
                description: A Condition that may apply to a resource.
                properties:
                  lastTransitionTime:
                    description: LastTransitionTime is the last time this condition
                      transitioned from one status to another.
                    format: date-time
                    type: string
                  message:
                    description: A Message containing details about this condition's
                      last transition from one status to another, if any.
                    type: string
                  reason:
                    description: A Reason for this condition's last transition from
                      one status to another.
                    type: string
                  status:
                    description: Status of this condition; is it currently True,
                      False, or Unknown?
                    type: string
                  type:
                    description: Type of this condition. At most one of each condition
                      type may apply to a resource at any point in time.
                    type: string
                required:
                - lastTransitionTime
                - reason
                - status
                - type
                type: object
              type: array
              x-kubernetes-list-map-keys:
              - type
              x-kubernetes-list-type: map
          type: object
      required:
      - spec
      type: object
  served: true
  storage: true
  subresources:
    status: {}
crd_old.yaml 
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
  controller-gen.kubebuilder.io/version: v0.13.0
name: identityproviderconfigs.eks.aws.upbound.io
spec:
group: eks.aws.upbound.io
names:
  categories:
  - crossplane
  - managed
  - aws
  kind: IdentityProviderConfig
  listKind: IdentityProviderConfigList
  plural: identityproviderconfigs
  singular: identityproviderconfig
scope: Cluster
versions:
- additionalPrinterColumns:
  - jsonPath: .status.conditions[?(@.type=='Ready')].status
    name: READY
    type: string
  - jsonPath: .status.conditions[?(@.type=='Synced')].status
    name: SYNCED
    type: string
  - jsonPath: .metadata.annotations.crossplane\.io/external-name
    name: EXTERNAL-NAME
    type: string
  - jsonPath: .metadata.creationTimestamp
    name: AGE
    type: date
  name: v1beta1
  schema:
    openAPIV3Schema:
      description: IdentityProviderConfig is the Schema for the IdentityProviderConfigs
        API. Manages an EKS Identity Provider Configuration.
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: IdentityProviderConfigSpec defines the desired state of IdentityProviderConfig
          properties:
            deletionPolicy:
              default: Delete
              description: 'DeletionPolicy specifies what will happen to the underlying
                external when this managed resource is deleted - either "Delete"
                or "Orphan" the external resource. This field is planned to be deprecated
                in favor of the ManagementPolicies field in a future release. Currently,
                both could be set independently and non-default values would be
                honored if the feature flag is enabled. See the design doc for more
                information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223'
              enum:
              - Orphan
              - Delete
              type: string
            forProvider:
              properties:
                clusterName:
                  description: –  Name of the EKS Cluster.
                  type: string
                clusterNameRef:
                  description: Reference to a Cluster to populate clusterName.
                  properties:
                    name:
                      description: Name of the referenced object.
                      type: string
                    policy:
                      description: Policies for referencing.
                      properties:
                        resolution:
                          default: Required
                          description: Resolution specifies whether resolution of
                            this reference is required. The default is 'Required',
                            which means the reconcile will fail if the reference
                            cannot be resolved. 'Optional' means this reference
                            will be a no-op if it cannot be resolved.
                          enum:
                          - Required
                          - Optional
                          type: string
                        resolve:
                          description: Resolve specifies when this reference should
                            be resolved. The default is 'IfNotPresent', which will
                            attempt to resolve the reference only when the corresponding
                            field is not present. Use 'Always' to resolve the reference
                            on every reconcile.
                          enum:
                          - Always
                          - IfNotPresent
                          type: string
                      type: object
                  required:
                  - name
                  type: object
                clusterNameSelector:
                  description: Selector for a Cluster to populate clusterName.
                  properties:
                    matchControllerRef:
                      description: MatchControllerRef ensures an object with the
                        same controller reference as the selecting object is selected.
                      type: boolean
                    matchLabels:
                      additionalProperties:
                        type: string
                      description: MatchLabels ensures an object with matching labels
                        is selected.
                      type: object
                    policy:
                      description: Policies for selection.
                      properties:
                        resolution:
                          default: Required
                          description: Resolution specifies whether resolution of
                            this reference is required. The default is 'Required',
                            which means the reconcile will fail if the reference
                            cannot be resolved. 'Optional' means this reference
                            will be a no-op if it cannot be resolved.
                          enum:
                          - Required
                          - Optional
                          type: string
                        resolve:
                          description: Resolve specifies when this reference should
                            be resolved. The default is 'IfNotPresent', which will
                            attempt to resolve the reference only when the corresponding
                            field is not present. Use 'Always' to resolve the reference
                            on every reconcile.
                          enum:
                          - Always
                          - IfNotPresent
                          type: string
                      type: object
                  type: object
                oidc:
                  description: Nested attribute containing OpenID Connect identity
                    provider information for the cluster. Detailed below.
                  items:
                    properties:
                      clientId:
                        description: –  Client ID for the OpenID Connect identity
                          provider.
                        type: string
                      groupsClaim:
                        description: The JWT claim that the provider will use to
                          return groups.
                        type: string
                      groupsPrefix:
                        description: A prefix that is prepended to group claims
                          e.g., oidc:.
                        type: string
                      identityProviderConfigName:
                        description: –  The name of the identity provider config.
                        type: string
                      issuerUrl:
                        description: Issuer URL for the OpenID Connect identity
                          provider.
                        type: string
                      requiredClaims:
                        additionalProperties:
                          type: string
                        description: The key value pairs that describe required
                          claims in the identity token.
                        type: object
                      usernameClaim:
                        description: The JWT claim that the provider will use as
                          the username.
                        type: string
                      usernamePrefix:
                        description: A prefix that is prepended to username claims.
                        type: string
                    type: object
                  type: array
                region:
                  description: Region is the region you'd like your resource to
                    be created in.
                  type: string
                tags:
                  additionalProperties:
                    type: string
                  description: Key-value map of resource tags.
                  type: object
              required:
              - region
              type: object
            initProvider:
              description: THIS IS A BETA FIELD. It will be honored unless the Management
                Policies feature flag is disabled. InitProvider holds the same fields
                as ForProvider, with the exception of Identifier and other resource
                reference fields. The fields that are in InitProvider are merged
                into ForProvider when the resource is created. The same fields are
                also added to the terraform ignore_changes hook, to avoid updating
                them after creation. This is useful for fields that are required
                on creation, but we do not desire to update them after creation,
                for example because of an external controller is managing them,
                like an autoscaler.
              properties:
                oidc:
                  description: Nested attribute containing OpenID Connect identity
                    provider information for the cluster. Detailed below.
                  items:
                    properties:
                      clientId:
                        description: –  Client ID for the OpenID Connect identity
                          provider.
                        type: string
                      groupsClaim:
                        description: The JWT claim that the provider will use to
                          return groups.
                        type: string
                      groupsPrefix:
                        description: A prefix that is prepended to group claims
                          e.g., oidc:.
                        type: string
                      identityProviderConfigName:
                        description: –  The name of the identity provider config.
                        type: string
                      issuerUrl:
                        description: Issuer URL for the OpenID Connect identity
                          provider.
                        type: string
                      requiredClaims:
                        additionalProperties:
                          type: string
                        description: The key value pairs that describe required
                          claims in the identity token.
                        type: object
                      usernameClaim:
                        description: The JWT claim that the provider will use as
                          the username.
                        type: string
                      usernamePrefix:
                        description: A prefix that is prepended to username claims.
                        type: string
                    type: object
                  type: array
                tags:
                  additionalProperties:
                    type: string
                  description: Key-value map of resource tags.
                  type: object
              type: object
            managementPolicies:
              default:
              - '*'
              description: 'THIS IS A BETA FIELD. It is on by default but can be
                opted out through a Crossplane feature flag. ManagementPolicies
                specify the array of actions Crossplane is allowed to take on the
                managed and external resources. This field is planned to replace
                the DeletionPolicy field in a future release. Currently, both could
                be set independently and non-default values would be honored if
                the feature flag is enabled. If both are custom, the DeletionPolicy
                field will be ignored. See the design doc for more information:
                https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
                and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md'
              items:
                description: A ManagementAction represents an action that the Crossplane
                  controllers can take on an external resource.
                enum:
                - Observe
                - Create
                - Update
                - Delete
                - LateInitialize
                - '*'
                type: string
              type: array
            providerConfigRef:
              default:
                name: default
              description: ProviderConfigReference specifies how the provider that
                will be used to create, observe, update, and delete this managed
                resource should be configured.
              properties:
                name:
                  description: Name of the referenced object.
                  type: string
                policy:
                  description: Policies for referencing.
                  properties:
                    resolution:
                      default: Required
                      description: Resolution specifies whether resolution of this
                        reference is required. The default is 'Required', which
                        means the reconcile will fail if the reference cannot be
                        resolved. 'Optional' means this reference will be a no-op
                        if it cannot be resolved.
                      enum:
                      - Required
                      - Optional
                      type: string
                    resolve:
                      description: Resolve specifies when this reference should
                        be resolved. The default is 'IfNotPresent', which will attempt
                        to resolve the reference only when the corresponding field
                        is not present. Use 'Always' to resolve the reference on
                        every reconcile.
                      enum:
                      - Always
                      - IfNotPresent
                      type: string
                  type: object
              required:
              - name
              type: object
            publishConnectionDetailsTo:
              description: PublishConnectionDetailsTo specifies the connection secret
                config which contains a name, metadata and a reference to secret
                store config to which any connection details for this managed resource
                should be written. Connection details frequently include the endpoint,
                username, and password required to connect to the managed resource.
              properties:
                configRef:
                  default:
                    name: default
                  description: SecretStoreConfigRef specifies which secret store
                    config should be used for this ConnectionSecret.
                  properties:
                    name:
                      description: Name of the referenced object.
                      type: string
                    policy:
                      description: Policies for referencing.
                      properties:
                        resolution:
                          default: Required
                          description: Resolution specifies whether resolution of
                            this reference is required. The default is 'Required',
                            which means the reconcile will fail if the reference
                            cannot be resolved. 'Optional' means this reference
                            will be a no-op if it cannot be resolved.
                          enum:
                          - Required
                          - Optional
                          type: string
                        resolve:
                          description: Resolve specifies when this reference should
                            be resolved. The default is 'IfNotPresent', which will
                            attempt to resolve the reference only when the corresponding
                            field is not present. Use 'Always' to resolve the reference
                            on every reconcile.
                          enum:
                          - Always
                          - IfNotPresent
                          type: string
                      type: object
                  required:
                  - name
                  type: object
                metadata:
                  description: Metadata is the metadata for connection secret.
                  properties:
                    annotations:
                      additionalProperties:
                        type: string
                      description: Annotations are the annotations to be added to
                        connection secret. - For Kubernetes secrets, this will be
                        used as "metadata.annotations". - It is up to Secret Store
                        implementation for others store types.
                      type: object
                    labels:
                      additionalProperties:
                        type: string
                      description: Labels are the labels/tags to be added to connection
                        secret. - For Kubernetes secrets, this will be used as "metadata.labels".
                        - It is up to Secret Store implementation for others store
                        types.
                      type: object
                    type:
                      description: Type is the SecretType for the connection secret.
                        - Only valid for Kubernetes Secret Stores.
                      type: string
                  type: object
                name:
                  description: Name is the name of the connection secret.
                  type: string
              required:
              - name
              type: object
            writeConnectionSecretToRef:
              description: WriteConnectionSecretToReference specifies the namespace
                and name of a Secret to which any connection details for this managed
                resource should be written. Connection details frequently include
                the endpoint, username, and password required to connect to the
                managed resource. This field is planned to be replaced in a future
                release in favor of PublishConnectionDetailsTo. Currently, both
                could be set independently and connection details would be published
                to both without affecting each other.
              properties:
                name:
                  description: Name of the secret.
                  type: string
                namespace:
                  description: Namespace of the secret.
                  type: string
              required:
              - name
              - namespace
              type: object
          required:
          - forProvider
          type: object
          x-kubernetes-validations:
          - message: spec.forProvider.oidc is a required parameter
            rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
              || ''Update'' in self.managementPolicies) || has(self.forProvider.oidc)
              || (has(self.initProvider) && has(self.initProvider.oidc))'
        status:
          description: IdentityProviderConfigStatus defines the observed state of
            IdentityProviderConfig.
          properties:
            atProvider:
              properties:
                arn:
                  description: Amazon Resource Name (ARN) of the EKS Identity Provider
                    Configuration.
                  type: string
                clusterName:
                  description: –  Name of the EKS Cluster.
                  type: string
                id:
                  description: EKS Cluster name and EKS Identity Provider Configuration
                    name separated by a colon (:).
                  type: string
                oidc:
                  description: Nested attribute containing OpenID Connect identity
                    provider information for the cluster. Detailed below.
                  items:
                    properties:
                      clientId:
                        description: –  Client ID for the OpenID Connect identity
                          provider.
                        type: string
                      groupsClaim:
                        description: The JWT claim that the provider will use to
                          return groups.
                        type: string
                      groupsPrefix:
                        description: A prefix that is prepended to group claims
                          e.g., oidc:.
                        type: string
                      identityProviderConfigName:
                        description: –  The name of the identity provider config.
                        type: string
                      issuerUrl:
                        description: Issuer URL for the OpenID Connect identity
                          provider.
                        type: string
                      requiredClaims:
                        additionalProperties:
                          type: string
                        description: The key value pairs that describe required
                          claims in the identity token.
                        type: object
                      usernameClaim:
                        description: The JWT claim that the provider will use as
                          the username.
                        type: string
                      usernamePrefix:
                        description: A prefix that is prepended to username claims.
                        type: string
                    type: object
                  type: array
                status:
                  description: Status of the EKS Identity Provider Configuration.
                  type: string
                tags:
                  additionalProperties:
                    type: string
                  description: Key-value map of resource tags.
                  type: object
                tagsAll:
                  additionalProperties:
                    type: string
                  description: A map of tags assigned to the resource, including
                    those inherited from the provider default_tags configuration
                    block.
                  type: object
              type: object
            conditions:
              description: Conditions of the resource.
              items:
                description: A Condition that may apply to a resource.
                properties:
                  lastTransitionTime:
                    description: LastTransitionTime is the last time this condition
                      transitioned from one status to another.
                    format: date-time
                    type: string
                  message:
                    description: A Message containing details about this condition's
                      last transition from one status to another, if any.
                    type: string
                  reason:
                    description: A Reason for this condition's last transition from
                      one status to another.
                    type: string
                  status:
                    description: Status of this condition; is it currently True,
                      False, or Unknown?
                    type: string
                  type:
                    description: Type of this condition. At most one of each condition
                      type may apply to a resource at any point in time.
                    type: string
                required:
                - lastTransitionTime
                - reason
                - status
                - type
                type: object
              type: array
              x-kubernetes-list-map-keys:
              - type
              x-kubernetes-list-type: map
          type: object
      required:
      - spec
      type: object
  served: true
  storage: true
  subresources:
    status: {}
> crddiff revision --enable-upjet-extensions crd_old.yaml crd_new.yaml

Version "v1beta1":
- Schema changed
  - Properties changed
    - Modified property: spec
      - Properties changed
        - Modified property: forProvider
          - Required changed
            - New required property: oidc

Please note the:

x-kubernetes-validations:
          - message: spec.forProvider.oidc is a required parameter
            rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
              || ''Update'' in self.managementPolicies) || has(self.forProvider.oidc)
              || (has(self.initProvider) && has(self.initProvider.oidc))'

section exclusive to the CRD in crd_new.yaml.

@ulucinar
Add the --enable-upjet-extensions command-line option to process CRDs…
275dd10 
… generated by upjet

- Currently, this enables processing of required properties defined by
  the x-kubernetes-validations CEL rules in upjet-generated CRDs.

Signed-off-by: Alper Rifat Ulucinar <[email protected]>
sergenyalcin
sergenyalcin approved these changes Nov 7, 2023
View reviewed changes
Copy link
Member

@sergenyalcin sergenyalcin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ulucinar LGTM! This PR was validated on this change crossplane-contrib/provider-upjet-aws@e0d0397

@ulucinar ulucinar merged commit d5e5cb8 into upbound:main Nov 15, 2023
5 checks passed
@ulucinar ulucinar deleted the handle-gmp-changes branch November 15, 2023 09:57
@ulucinar ulucinar mentioned this pull request Dec 22, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergenyalcin sergenyalcin sergenyalcin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ulucinar @sergenyalcin