Skip to content

Commit

Permalink
Add deletionProtection for managed crossplane resources
Browse files Browse the repository at this point in the history
Signed-off-by: Nicolas Bigler <[email protected]>
  • Loading branch information
TheBigLee committed Oct 18, 2024
1 parent c433fcf commit e128ede
Show file tree
Hide file tree
Showing 31 changed files with 2,004 additions and 543 deletions.
2 changes: 2 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,8 @@ clean:
get-crds:
./hack/get_crds.sh https://github.com/crossplane-contrib/provider-helm provider-helm apis/release apis/helm
./hack/get_crds.sh https://github.com/crossplane-contrib/provider-kubernetes provider-kubernetes apis/object/v1alpha2 apis/kubernetes
# We don't need the conversion function and it messes with the v1alpha1 version
rm apis/kubernetes/v1alpha2/conversion.go
# There is currently a bug with the serialization if `inline` and `omitempty` are set: https://github.com/crossplane/function-sdk-go/issues/161
$(sed) -i 's/inline,omitempty/inline/g' apis/helm/release/v1beta1/types.go
# provider-sql needs manual fixes... Running this every time would break them.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
Copyright 2023 The Crossplane Authors.
Copyright 2020 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand All @@ -14,9 +14,8 @@ See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha2

// Hub marks this type as a conversion hub.
func (g *Object) Hub() {

}
// Package v1alpha1 contains the v1alpha1 group Object resources of the Kubernetes provider.
// +kubebuilder:object:generate=true
// +groupName=kubernetes.crossplane.io
// +versionName=v1alpha1
package v1alpha1
81 changes: 81 additions & 0 deletions apis/kubernetes/v1alpha1/management_policy_hack.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package v1alpha1

import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"

// Note(turkenh): Provider Kubernetes Object already has a ManagementPolicy
// field and implements the logic in its own controller.
// This file contains temporary hacks until we remove the ManagementPolicy field
// from the Provider Kubernetes Object in favor of the one in the ResourceSpec.
// Ultimately, we should remove the ManagementPolicy field from the Provider
// Kubernetes Object and use the one in the ResourceSpec with the help of
// a conversion webhook.
// Something like https://github.com/crossplane/crossplane/pull/3822#issuecomment-1550039349

// A ResourceSpec defines the desired state of a managed resource.
type ResourceSpec struct {
// WriteConnectionSecretToReference specifies the namespace and name of a
// Secret to which any connection details for this managed resource should
// be written. Connection details frequently include the endpoint, username,
// and password required to connect to the managed resource.
// This field is planned to be replaced in a future release in favor of
// PublishConnectionDetailsTo. Currently, both could be set independently
// and connection details would be published to both without affecting
// each other.
// +optional
WriteConnectionSecretToReference *xpv1.SecretReference `json:"writeConnectionSecretToRef,omitempty"`

// PublishConnectionDetailsTo specifies the connection secret config which
// contains a name, metadata and a reference to secret store config to
// which any connection details for this managed resource should be written.
// Connection details frequently include the endpoint, username,
// and password required to connect to the managed resource.
// +optional
PublishConnectionDetailsTo *xpv1.PublishConnectionDetailsTo `json:"publishConnectionDetailsTo,omitempty"`

// ProviderConfigReference specifies how the provider that will be used to
// create, observe, update, and delete this managed resource should be
// configured.
// +kubebuilder:default={"name": "default"}
ProviderConfigReference *xpv1.Reference `json:"providerConfigRef,omitempty"`

// ProviderReference specifies the provider that will be used to create,
// observe, update, and delete this managed resource.
// Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`
ProviderReference *xpv1.Reference `json:"providerRef,omitempty"`

// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
// unless the relevant Crossplane feature flag is enabled, and may be
// changed or removed without notice.
// ManagementPolicy specifies the level of control Crossplane has over the
// managed external resource.
// This field is planned to replace the DeletionPolicy field in a future
// release. Currently, both could be set independently and non-default
// values would be honored if the feature flag is enabled.
// See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
// +optional
// +kubebuilder:default=FullControl
// ManagementPolicy xpv1.ManagementPolicy `json:"managementPolicy,omitempty"`

// DeletionPolicy specifies what will happen to the underlying external
// when this managed resource is deleted - either "Delete" or "Orphan" the
// external resource.
// This field is planned to be deprecated in favor of the ManagementPolicy
// field in a future release. Currently, both could be set independently and
// non-default values would be honored if the feature flag is enabled.
// See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
// +optional
// +kubebuilder:default=Delete
DeletionPolicy xpv1.DeletionPolicy `json:"deletionPolicy,omitempty"`
}

// GetManagementPolicies of this Object.
func (mg *Object) GetManagementPolicies() xpv1.ManagementPolicies {
// Note(turkenh): Crossplane runtime reconciler should leave handling of
// ManagementPolicies to the provider controller. This is a temporary hack
// until we remove the ManagementPolicy field from the Provider Kubernetes
// Object in favor of the one in the ResourceSpec.
return []xpv1.ManagementAction{xpv1.ManagementActionAll}
}

// SetManagementPolicies of this Object.
func (mg *Object) SetManagementPolicies(r xpv1.ManagementPolicies) {}
50 changes: 50 additions & 0 deletions apis/kubernetes/v1alpha1/register.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
Copyright 2020 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha1

import (
"reflect"

"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)

// Package type metadata.
const (
Group = "kubernetes.crossplane.io"
Version = "v1alpha1"
)

var (
// SchemeGroupVersion is group version used to register these objects
SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)

// Object type metadata.
var (
ObjectKind = reflect.TypeOf(Object{}).Name()
ObjectGroupKind = schema.GroupKind{Group: Group, Kind: ObjectKind}.String()
ObjectKindAPIVersion = ObjectKind + "." + SchemeGroupVersion.String()
ObjectGroupVersionKind = SchemeGroupVersion.WithKind(ObjectKind)
)

func init() {
SchemeBuilder.Register(&Object{}, &ObjectList{})
}
Loading

0 comments on commit e128ede

Please sign in to comment.