Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency upbound/provider-aws to v1 #19

Merged
merged 1 commit into from
Feb 16, 2024
Merged

chore(deps): update dependency upbound/provider-aws to v1 #19

merged 1 commit into from
Feb 16, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 1, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Update Change
upbound/provider-aws major v0.47.1 -> v1.1.0

Release Notes

upbound/provider-aws (upbound/provider-aws)

v1.1.0

Compare Source

The v1.1.0 release introduces a new family provider, new resources, important bug fixes, dependency updates, and a new ProviderConfig API regarding the WebIdentity authentication.

Support for New Resources
  • StackSetInstance.cloudformation.aws.upbound.io/v1beta1
  • AccessPolicy.opensearchserverless.aws.upbound.io/v1beta1
  • Collection.opensearchserverless.aws.upbound.io/v1beta1
  • LifecyclePolicy.opensearchserverless.aws.upbound.io/v1beta1
  • SecurityConfig.opensearchserverless.aws.upbound.io/v1beta1
  • SecurityPolicy.opensearchserverless.aws.upbound.io/v1beta1
  • VPCEndpoint.opensearchserverless.aws.upbound.io/v1beta1
Bug Fixes

We also have several bug fixes with this release:

  • [Bug]: Secret never Synchttps://github.com/upbound/provider-aws/issues/11288
  • [Bug]: Can't install provider-aws 1.0.0 on crossplane versions before 1.14https://github.com/upbound/provider-aws/issues/11477
  • There’s also a fix in the implementation of the LateInitialize management policy in the context of the no-fork architecture. Previously, we were relying solely on the managed reconciler for preventing the late-initialization of the managed resources if the specified policies do not contain it. Now, we also explicitly skip the late-initialization in upjet to prevent some accidental updates to the spec.forProvider while, for example, updating the annotations.
New API for WebIdentity authentication support in ProviderConfig

It’s now possible to specify the WebIdentity tokens to be used in ProviderConfigs for WebIdentity authentication. Previously, it was only possible to do so via the environment variables.

ProviderConfig API specification is expanded with spec.credentials.webIdentity.tokenConfig, which allows consumers to configure the token to be used for WebIdentity authentication.
Consumers can reference a secret or filesystem location for the token to be used for WebIdentity authentication.

  • Each ProviderConfig using WebIdentity authentication can now use different tokens per ProviderConfig object, allowing multiple WebIdentity configurations in a single cluster.

  • ℹ️ The change is backward compatible for consumers relying on the old behavior where they set both of the AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_ARN environment variables. When spec.credentials.webIdentity.tokenConfig is not specified, the old behavior is assumed.

  • ⚠️ Deprecation Notice: Configuring the WebIdentity authentication using the AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_ARN environment variables is now deprecated in favor of the new spec.credentials.webIdentity.tokenConfig API.

An example WebIdentity token configuration where the token is read from a Kubernetes secret is as follows:

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: webidentity-example
spec:
  credentials:
    source: WebIdentity
    webIdentity:
      roleARN: arn:aws:iam::123456789012:role/providerexamplerole
      tokenConfig:
        source: Secret
        secretRef:
          key: token
          name: example-web-identity-token-secret
          namespace: upbound-system

Another example using a filesystem location is as follows:

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: webidentity-example
spec:
  credentials:
    source: WebIdentity
    webIdentity:
      roleARN: arn:aws:iam::123456789012:role/providerexamplerole
      tokenConfig:
        source: Filesystem
        fs:
          path: /path/to/token/file

Please note that the Filesystem source option needs the token to be mounted as a file in the filesystem of the provider pod, e.g,. via a DeploymentRuntimeConfig.

The difference is that the new API effectively allows specifying the token per ProviderConfig.

Changes in conversion Webhook TLS Certificate & Key Configuration

This PR implements the following protocol for configuring the conversion Webhook TLS certificate & key for the provider:

If the --certs-dir command-line option is supplied, it's used.
If the --certs-dir command-line option is not supplied, the following environment variables are used in the given order: CERTS_DIR (for backwards-compatibility reasons), TLS_SERVER_CERTS_DIR (the new environment variable, which has replaced the WEBHOOK_TLS_CERT_DIR env. variable in Crossplane), and WEBHOOK_TLS_CERT_DIR (for backwards-compatibility).
This change in the configuration API is backwards-compatible.

What's Changed

Full Changelog: crossplane-contrib/provider-upjet-aws@v1.0.0...v1.1.0

v1.0.0

Compare Source

In the v1.0.0 release, we've upgraded the underlying Terraform provider version from v4.67.0 to v5.31.0.
Explore the API Changes section below for a concise overview of the modifications introduced by this version bump. Conversion function support has been incorporated to address significant API changes. Kindly refer to the #​1118 for more details on these updates.

This release is based on Upjet v1.1.0, which implements an external client for Terraform Plugin Framework resources for the first time. Terraform Plugin Framework is successor to Terraform Plugin SDKv2. Before this release, Plugin Framework resources used to be reconciled with Terraform CLI. Now that we use Upjet's external client to reconcile these resources, we no longer need Terraform CLI. Upbound provider-aws v1.0.0 runtime doesn't contain Terraform CLI. Accordingly we also deprecated all the process-forking related command-line flags. The full list of the deprecated command-line flags is as follows:

  • --terraform-version
  • --terraform-provider-version
  • --terraform-native-provider-path
  • --terraform-provider-source
  • --provider-ttl

Using these flags will be non-functional and you will receive log messages similar to the following, if you pass any of these deprecated command-line flags to the provider.

warning: Command-line flag "terraform-version" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).
warning: Command-line flag "terraform-provider-source" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).
warning: Command-line flag "terraform-provider-version" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).
warning: Command-line flag "provider-ttl" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).

Our users are advised to remove any of these deprecated command-line flags from their configurations (ControllerConfigs, etc.) because the deprecated command-line flags will be removed in a future release of the provider.

The release brings forth support for generating multi-version Custom Resource Definitions (CRDs) and CRD conversion webhooks. This enhancement is accompanied by the integration of v1beta2 version support into the following specified resources.

[!Warning]
Downgrades to lower major versions are not supported.

In addition, there are some bug fixes, adding a new resource and updates to dependencies,
some of the important ones are given below.

Support for the v1beta2 of the Following Resources
  • Attachment.autoscaling.aws.upbound.io/v1beta2
  • AutoscalingGroup.autoscaling.aws.upbound.io/v1beta2
  • HoursOfOperation.connect.aws.upbound.io/v1beta2
  • Queue.connect.aws.upbound.io/v1beta2
  • RoutingProfile.connect.aws.upbound.io/v1beta2
  • Instance.rds.aws.upbound.io/v1beta2
  • ReplicationGroup.elasticache.aws.upbound.io/v1beta2
  • Cluster.kafka.aws.upbound.io/v1beta2
  • Route.ec2.aws.upbound.io/v1beta2
Support for New Resource
Bug Fixes and Enhancements
API Changes
  • CertificateAuthority.acmpca.aws.upbound.io/v1beta1 => status.atProvider.status has been deleted.
  • RestAPI.apigateway.aws.upbound.io/v1beta1 => spec.forProvider.minimumCompressionSize type changed from number to string.
  • LaunchConfiguration.autoscaling.aws.upbound.io/v1beta1 => spec.forProvider.{vpcClassicLinkSecurityGroups,vpcClassicLinkId} have been deleted.
  • Attachment.autoscaling.aws.upbound.io/v1beta1 => spec.forProvider.albTargetGroupArn has been replaced with spec.forProvider.lbTargetGroupArn.
  • AutoscalingGroup.autoscaling.aws.upbound.io/v1beta1 => spec.forProvider.tags has been replaced with spec.forProvider.tag.
  • Budget.budgets.aws.upbound.io/v1beta1 => spec.forProvider.costFilters has been replaced with spec.forProvider.costFilter.
  • HoursOfOperation.connect.aws.upbound.io/v1beta1 => status.atProvider.hoursOfOperationArn has been replaced with status.atProvider.arn.
  • Queue.connect.aws.upbound.io/v1beta1 => status.atProvider.quickConnectIdsAssociated has been replaced with status.atProvider.quickConnectIds.
  • RoutingProfile.connect.aws.upbound.io/v1beta1 => status.atProvider.queueConfigsAssociated has been replaced with status.atProvider.queueConfigs.
  • Connection.directconnect.aws.upbound.io/v1beta1 => status.atProvider.vlanId type changed from string to number.
  • Endpoint.dms.aws.upbound.io/v1beta1 => spec.forProvider.s3Settings.ignoreHeadersRow has been deleted.
  • EventSubscription.dms.aws.upbound.io/v1beta1 => spec.forProvider.{sourceIds,sourceType} are new required fields.
  • DefaultVPC.ec2.aws.upbound.io/v1beta1 => spec.forProvider.{enableClassiclink,enableClassiclinkDnsSupport} have been deleted.
  • Route.ec2.aws.upbound.io/v1beta1 => spec.forProvider.instanceId has been deleted, use spec.forProvider.networkInterfaceId.
  • RouteTable.ec2.aws.upbound.io/v1beta1 => status.atProvider.route.instanceId has been deleted, use status.atProvider.route.networkInterfaceId instead.
  • VPCPeeringConnectionAccepter.ec2.aws.upbound.io/v1beta1 => spec.forProvider.accepter.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted. spec.forProvider.requester.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted.
  • VPCPeeringConnectionOptions.ec2.aws.upbound.io/v1beta1 => spec.forProvider.accepter.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted. spec.forProvider.requester.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted.
  • VPCPeeringConnection.ec2.aws.upbound.io/v1beta1 => status.atProvider.accepter.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted. status.atProvider.requester.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted.
  • VPC.ec2.aws.upbound.io/v1beta1 => spec.forProvider.{enableClassiclink,enableClassiclinkDnsSupport} have been deleted.
  • Cluster.ecs.aws.upbound.io/v1beta1 => spec.forProvider.defaultCapacityProviderStrategy has been deleted. status.atProvider.{capacityProviders,defaultCapacityProviderStrategy} have been deleted.
  • Cluster.elasticache.aws.upbound.io/v1beta1 => spec.forProvider.securityGroupNames has been deleted.
  • ReplicationGroup.elasticache.aws.upbound.io/v1beta1 => spec.forProvider.clusterMode has been deleted, use spec.forProvider.numNodeGroups and spec.forProvider.replicasPerNodeGroup instead. spec.forProvider.availabilityZones has been replaced with spec.forProvider.preferredCacheClusterAzs. spec.forProvider.numberCacheClusters has been replaced with spec.forProvider.numCacheClusters. spec.forProvider.replicationGroupDescription has been replaced with spec.forProvider.description.
  • DeliveryStream.firehose.aws.upbound.io/v1beta1 => spec.forProvider.s3Configuration has been replaced with: spec.forProvider.elasticsearchConfiguration.s3Configuration,
    spec.forProvider.opensearchConfigurations.3Configuration, spec.forProvider.redshiftConfiguration.s3Configuration,
    spec.forProvider.splunkConfiguration.s3Configuration and spec.forProvider.httpEndpointConfiguration.s3Configuration.
    spec.forProvider.destination value s3 has been replaced with extended_s3.
    spec.forProvider.extendedS3Configuration.bufferInterval has been replaced with spec.forProvider.extendedS3Configuration.bufferingInterval.
    spec.forProvider.extendedS3Configuration.bufferSize has been replaced with spec.forProvider.extendedS3Configuration.bufferingSize.
    spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferInterval has been replaced with
    spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferingInterval.
    spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferSize has been replaced with
    spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferingSize.
  • Role.iam.aws.upbound.io/v1beta1 => status.atProvider.roleLastUsed has been deleted.
  • Cluster.kafka.aws.upbound.io/v1beta1 => spec.forProvider.brokerNodeGroupInfo.ebsVolumeSize has been deleted, use spec.forProvider.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.volumeSize instead.
  • Instance.lightsail.aws.upbound.io/v1beta1 => status.atProvider.ipv6Address has been deleted, use status.atProvider.ipv6Addresses instead.
  • Channel.medialive.aws.upbound.io/v1beta1 => Various schema changes in spec.forProvider.inputAttachments.inputSettings.audioSelector and
    spec.forProvider.inputAttachments.inputSettings.captionSelector.
  • CoreNetwork.networkmanager.aws.upbound.io/v1beta1 => spec.forProvider.policyDocument has been deleted.
  • Cluster.rds.aws.upbound.io/v1beta1 => spec.forProvider.engine is new required field.
  • ClusterInstance.rds.aws.upbound.io/v1beta1 => spec.forProvider.engine is new required field.
  • Instance.rds.aws.upbound.io/v1beta1 => spec.forProvider.name has been replaced with spec.forProvider.dbName spec.forProvider.securityGroupNames has been deleted. External name changed from ParameterAsIdentifier("identifier") to IdentifierFromProvider due to change in underlying provider.
  • InstanceRoleAssociation.rds.aws.upbound.io/v1beta1 => For sourceIds, changed from rds.Instance.id field to rds.Instance.identifier field.
  • EventSubscription.rds.aws.upbound.io/v1beta1 => For dbInstanceIdentifier, changed from rds.Instance.id field to rds.Instance.identifier field.
  • ProxyTarget.rds.aws.upbound.io/v1beta1 => For dbInstanceIdentifier, changed from rds.Instance.id field to rds.Instance.identifier field.
  • Snapshot.rds.aws.upbound.io/v1beta1 => For dbInstanceIdentifier, changed from rds.Instance.id field to rds.Instance.identifier field.
  • Cluster.redshift.aws.upbound.io/v1beta1 => spec.forProvider.clusterSecurityGroups has been deleted.
  • Secret.secretsmanager.aws.upbound.io/v1beta1 => status.atProvider.{rotationEnabled,rotationLambdaArn,rotationRules} have been deleted.
  • Server.transfer.aws.upbound.io/v1beta1 => spec.initProvider.loggingRole has been deleted.
  • WorkspaceAPIKey.grafana.aws.upbound.io/v1beta1 => status.atProvider.key has been deleted.
  • EmailIdentity.sesv2.aws.upbound.io/v1beta1 => spec.forProvider.dkimSigningAttributes.domainSigningPrivateKey has been deleted.
What's Changed

Full Changelog: crossplane-contrib/provider-upjet-aws@v0.47.1...v1.0.0

v0.47.2

Compare Source

The release v0.47.2 includes some important bug fixes & dependency bumps detailed below:

What's Changed

Full Changelog: crossplane-contrib/provider-upjet-aws@v0.47.1...v0.47.2

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the automated label Feb 1, 2024
@renovate renovate bot force-pushed the renovate/upbound-provider-aws-1.x branch from b990d70 to e6aff87 Compare February 15, 2024 21:40
@renovate renovate bot force-pushed the renovate/upbound-provider-aws-1.x branch from e6aff87 to 0a6cdee Compare February 16, 2024 19:22
@haarchri
Copy link
Member

/test-examples

@haarchri haarchri merged commit e2924db into main Feb 16, 2024
1 check passed
@renovate renovate bot deleted the renovate/upbound-provider-aws-1.x branch February 16, 2024 20:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haarchri haarchri haarchri approved these changes

Assignees
No one assigned
Labels
automated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@haarchri