The following resources are composed to implement the referenced Composite Resource Definition (XRD).
Role
Policy
RolePolicyAttachment
Object
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xirsas.aws.caas.upbound.io
creationTimestamp: null
spec:
compositeTypeRef:
apiVersion: aws.caas.upbound.io/v1alpha1
kind: XIRSA
patchSets:
- name: Name
patches:
- type: FromCompositeFieldPath
fromFieldPath: metadata.name
toFieldPath: metadata.annotations[crossplane.io/external-name]
- name: providerConfigRef
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
- name: deletionPolicy
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.deletionPolicy
toFieldPath: spec.deletionPolicy
resources:
- name: irsa-role
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
labels:
resource: Role
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.arn
toFieldPath: status.roleArn
policy:
fromFieldPath: Optional
- type: ToCompositeFieldPath
fromFieldPath: status.conditions
toFieldPath: status.observed.role.conditions
policy:
fromFieldPath: Optional
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: status.irsa.oidc_arn
- fromFieldPath: spec.parameters.condition
- fromFieldPath: status.irsa.oidc_host
- fromFieldPath: spec.parameters.serviceAccount.namespace
- fromFieldPath: spec.parameters.serviceAccount.name
strategy: string
string:
fmt: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "%s"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"%s": {
"%s:sub": "system:serviceaccount:%s:%s"
}
}
}
]
}
toFieldPath: spec.forProvider.assumeRolePolicy
- name: irsa-policy
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Policy
metadata:
labels:
resource: Policy
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: spec.parameters.policyDocument
toFieldPath: spec.forProvider.policy
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.policyArn
- type: ToCompositeFieldPath
fromFieldPath: status.conditions
toFieldPath: status.observed.policy.conditions
policy:
fromFieldPath: Optional
- name: irsa-attachment
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
labels:
resource: RolePolicyAttachment
spec:
forProvider:
policyArnSelector:
matchControllerRef: true
matchLabels:
resource: Policy
roleSelector:
matchControllerRef: true
matchLabels:
resource: Role
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: ToCompositeFieldPath
fromFieldPath: status.conditions
toFieldPath: status.observed.rpa.conditions
policy:
fromFieldPath: Optional
- name: irsa-settings
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: default
managementPolicy: Observe
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
transforms:
- type: string
string:
fmt: "%s-irsa-settings"
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.manifest.metadata.name
transforms:
- type: string
string:
fmt: "%s-irsa-settings"
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.manifest.data.oidc_arn
toFieldPath: status.irsa.oidc_arn
policy:
fromFieldPath: Optional
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.manifest.data.oidc_host
toFieldPath: status.irsa.oidc_host
policy:
fromFieldPath: Optional
© 2024 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.