From 9ec0163a15ea486951ec978fee384c87cd50846a Mon Sep 17 00:00:00 2001
From: AWS Controllers for Kubernetes Bot
 <82905295+ack-bot@users.noreply.github.com>
Date: Fri, 17 Jun 2022 14:30:00 -0700
Subject: [PATCH] Update to ACK runtime `v0.19.1`, code-generator `v0.19.1`
 (#34)

### Update to ACK runtime `v0.19.1`, code-generator `v0.19.1`

----------

* ACK code-generator `v0.19.1` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.19.1)
* ACK runtime `v0.19.1` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.19.1)

----------

NOTE:
This PR increments the release version of service controller from `v0.0.16` to `v0.0.17`

Once this PR is merged, release `v0.0.17` will be automatically created for `iam-controller`

**Please close this PR, if you do not want the new patch release for `iam-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building iam-controller ====
Copying common custom resource definitions into iam
Building Kubernetes API objects for iam
Generating deepcopy code for iam
Generating custom resource definitions for iam
Building service controller for iam
Generating RBAC manifests for iam
Running gofmt against generated code for iam
Updating additional GitHub repository maintenance files
==== building iam-controller release artifacts ====
Building release artifacts for iam-v0.0.17
Generating common custom resource definitions
Generating custom resource definitions for iam
Generating RBAC manifests for iam
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
---
 apis/v1alpha1/ack-generate-metadata.yaml |  6 +++---
 config/controller/kustomization.yaml     |  2 +-
 go.mod                                   |  2 +-
 go.sum                                   |  4 ++--
 helm/Chart.yaml                          |  4 ++--
 helm/templates/NOTES.txt                 |  2 +-
 helm/templates/_helpers.tpl              | 10 ++++++++++
 helm/templates/deployment.yaml           | 16 ++++++++++++++++
 helm/values.schema.json                  | 15 +++++++++++++++
 helm/values.yaml                         |  9 ++++++++-
 pkg/resource/policy/manager.go           |  6 ++++++
 pkg/resource/policy/sdk.go               | 12 +++++++++---
 pkg/resource/role/manager.go             |  6 ++++++
 pkg/resource/role/sdk.go                 | 16 ++++++++++++----
 14 files changed, 92 insertions(+), 18 deletions(-)

diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
index d551b61..45029bb 100755
--- a/apis/v1alpha1/ack-generate-metadata.yaml
+++ b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2022-06-13T17:05:35Z"
-  build_hash: a133935a9a93591a9e1ba9d5ca940cb83a1353b4
+  build_date: "2022-06-17T18:03:03Z"
+  build_hash: a45f3b900849ec03c5e16ed2778c0b8e2923ffee
   go_version: go1.17.5
-  version: v0.19.0
+  version: v0.19.1
 api_directory_checksum: 7d8d584cdaec82ab61d867fc030cb9bb45ac706f
 api_version: v1alpha1
 aws_sdk_go_version: v1.42.0
diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml
index 9ecacad..e6af5e9 100644
--- a/config/controller/kustomization.yaml
+++ b/config/controller/kustomization.yaml
@@ -6,4 +6,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: public.ecr.aws/aws-controllers-k8s/iam-controller
-  newTag: v0.0.16
+  newTag: v0.0.17
diff --git a/go.mod b/go.mod
index 6632159..8bebbb5 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/aws-controllers-k8s/iam-controller
 go 1.17
 
 require (
-	github.com/aws-controllers-k8s/runtime v0.19.0
+	github.com/aws-controllers-k8s/runtime v0.19.1
 	github.com/aws/aws-sdk-go v1.42.0
 	github.com/go-logr/logr v1.2.0
 	github.com/spf13/pflag v1.0.5
diff --git a/go.sum b/go.sum
index 9caa7d5..a50085f 100644
--- a/go.sum
+++ b/go.sum
@@ -64,8 +64,8 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws-controllers-k8s/runtime v0.19.0 h1:+O5a6jBSBAd8XTNMrVCIYu4G+ZUPZe/G5eopVFO18Dc=
-github.com/aws-controllers-k8s/runtime v0.19.0/go.mod h1:oA8ML1/LL3chPn26P6SzBNu1CUI2nekB+PTqykNs0qU=
+github.com/aws-controllers-k8s/runtime v0.19.1 h1:OBV7vbIbLFRpXdAwJfoPGphhjTa7xSc3pS/kuYlKzRU=
+github.com/aws-controllers-k8s/runtime v0.19.1/go.mod h1:oA8ML1/LL3chPn26P6SzBNu1CUI2nekB+PTqykNs0qU=
 github.com/aws/aws-sdk-go v1.42.0 h1:BMZws0t8NAhHFsfnT3B40IwD13jVDG5KerlRksctVIw=
 github.com/aws/aws-sdk-go v1.42.0/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index 563c043..dd54ec1 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: iam-chart
 description: A Helm chart for the ACK service controller for AWS Identity & Access Management (IAM)
-version: v0.0.16
-appVersion: v0.0.16
+version: v0.0.17
+appVersion: v0.0.17
 home: https://github.com/aws-controllers-k8s/iam-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:
diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt
index 09072a3..1dedce1 100644
--- a/helm/templates/NOTES.txt
+++ b/helm/templates/NOTES.txt
@@ -1,5 +1,5 @@
 {{ .Chart.Name }} has been installed.
-This chart deploys "public.ecr.aws/aws-controllers-k8s/iam-controller:v0.0.16".
+This chart deploys "public.ecr.aws/aws-controllers-k8s/iam-controller:v0.0.17".
 
 Check its status by running:
   kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index 29265d7..973704c 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -36,3 +36,13 @@ If release name contains chart name it will be used as a full name.
 {{- .Release.Namespace -}}
 {{- end -}}
 {{- end -}}
+
+{{/* The mount path for the shared credentials file */}}
+{{- define "aws.credentials.secret_mount_path" -}}
+{{- "/var/run/secrets/aws" -}}
+{{- end -}}
+
+{{/* The path the shared credentials file is mounted */}}
+{{- define "aws.credentials.path" -}}
+{{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}}
+{{- end -}}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index d3a307a..9fd82f7 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -80,6 +80,16 @@ spec:
           value: {{ .Values.log.level | quote }}
         - name: ACK_RESOURCE_TAGS
           value: {{ join "," .Values.resourceTags | quote }}
+        {{- if .Values.aws.credentials.secretName }}
+        - name: AWS_SHARED_CREDENTIALS_FILE
+          value: {{ include "aws.credentials.path" . }}
+        - name: AWS_PROFILE
+          value: {{ .Values.aws.credentials.profile }}
+        volumeMounts:
+          - name: {{ .Values.aws.credentials.secretName }}
+            mountPath: {{ include "aws.credentials.secret_mount_path" . }}
+            readOnly: true
+        {{- end }}          
         securityContext:
           allowPrivilegeEscalation: false
           privileged: false
@@ -101,3 +111,9 @@ spec:
       hostIPC: false
       hostNetwork: false
       hostPID: false
+      {{ if .Values.aws.credentials.secretName -}}
+      volumes:
+        - name: {{ .Values.aws.credentials.secretName }}
+          secret:
+            secretName: {{ .Values.aws.credentials.secretName }}
+      {{ end -}}
diff --git a/helm/values.schema.json b/helm/values.schema.json
index e503248..c80422e 100644
--- a/helm/values.schema.json
+++ b/helm/values.schema.json
@@ -153,6 +153,21 @@
         },
         "endpoint": {
           "type": "string"
+        },
+        "credentials": {
+          "description": "AWS credentials information",
+          "properties": {
+            "secretName": {
+              "type": "string"
+            },
+            "secretKey": {
+              "type": "string"
+            },
+            "profile": {
+              "type": "string"
+            }
+          },
+          "type": "object"
         }
       },
       "type": "object"
diff --git a/helm/values.yaml b/helm/values.yaml
index 74c7a87..7864007 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -4,7 +4,7 @@
 
 image:
   repository: public.ecr.aws/aws-controllers-k8s/iam-controller
-  tag: v0.0.16
+  tag: v0.0.17
   pullPolicy: IfNotPresent
   pullSecrets: []
 
@@ -50,6 +50,13 @@ aws:
   # If specified, use the AWS region for AWS API calls
   region: ""
   endpoint_url: ""
+  credentials:
+    # If specified, Secret with shared credentials file to use.
+    secretName: ""
+    # Secret stringData key that contains the credentials
+    secretKey: "credentials"
+    # Profile used for AWS credentials
+    profile: "default"  
 
 # log level for the controller
 log:
diff --git a/pkg/resource/policy/manager.go b/pkg/resource/policy/manager.go
index 9e53c69..a900803 100644
--- a/pkg/resource/policy/manager.go
+++ b/pkg/resource/policy/manager.go
@@ -126,6 +126,9 @@ func (rm *resourceManager) Create(
 	}
 	created, err := rm.sdkCreate(ctx, r)
 	if err != nil {
+		if created != nil {
+			return rm.onError(created, err)
+		}
 		return rm.onError(r, err)
 	}
 	return rm.onSuccess(created)
@@ -153,6 +156,9 @@ func (rm *resourceManager) Update(
 	}
 	updated, err := rm.sdkUpdate(ctx, desired, latest, delta)
 	if err != nil {
+		if updated != nil {
+			return rm.onError(updated, err)
+		}
 		return rm.onError(latest, err)
 	}
 	return rm.onSuccess(updated)
diff --git a/pkg/resource/policy/sdk.go b/pkg/resource/policy/sdk.go
index 1731892..47806e5 100644
--- a/pkg/resource/policy/sdk.go
+++ b/pkg/resource/policy/sdk.go
@@ -54,7 +54,9 @@ func (rm *resourceManager) sdkFind(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkFind")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	// If any required fields in the input shape are missing, AWS resource is
 	// not created yet. Return NotFound here to indicate to callers that the
 	// resource isn't yet created.
@@ -204,7 +206,9 @@ func (rm *resourceManager) sdkCreate(
 ) (created *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkCreate")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newCreateRequestPayload(ctx, desired)
 	if err != nil {
 		return nil, err
@@ -355,7 +359,9 @@ func (rm *resourceManager) sdkDelete(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkDelete")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	// This is to avoid the following error:
 	//
 	// DeleteConflict: This policy has more than one version. Before you delete a
diff --git a/pkg/resource/role/manager.go b/pkg/resource/role/manager.go
index 4684ef3..52cd5b7 100644
--- a/pkg/resource/role/manager.go
+++ b/pkg/resource/role/manager.go
@@ -126,6 +126,9 @@ func (rm *resourceManager) Create(
 	}
 	created, err := rm.sdkCreate(ctx, r)
 	if err != nil {
+		if created != nil {
+			return rm.onError(created, err)
+		}
 		return rm.onError(r, err)
 	}
 	return rm.onSuccess(created)
@@ -153,6 +156,9 @@ func (rm *resourceManager) Update(
 	}
 	updated, err := rm.sdkUpdate(ctx, desired, latest, delta)
 	if err != nil {
+		if updated != nil {
+			return rm.onError(updated, err)
+		}
 		return rm.onError(latest, err)
 	}
 	return rm.onSuccess(updated)
diff --git a/pkg/resource/role/sdk.go b/pkg/resource/role/sdk.go
index 2b0f02d..3e7e231 100644
--- a/pkg/resource/role/sdk.go
+++ b/pkg/resource/role/sdk.go
@@ -54,7 +54,9 @@ func (rm *resourceManager) sdkFind(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkFind")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	// If any required fields in the input shape are missing, AWS resource is
 	// not created yet. Return NotFound here to indicate to callers that the
 	// resource isn't yet created.
@@ -211,7 +213,9 @@ func (rm *resourceManager) sdkCreate(
 ) (created *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkCreate")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newCreateRequestPayload(ctx, desired)
 	if err != nil {
 		return nil, err
@@ -377,7 +381,9 @@ func (rm *resourceManager) sdkUpdate(
 ) (updated *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkUpdate")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	input, err := rm.newUpdateRequestPayload(ctx, desired)
 	if err != nil {
 		return nil, err
@@ -437,7 +443,9 @@ func (rm *resourceManager) sdkDelete(
 ) (latest *resource, err error) {
 	rlog := ackrtlog.FromContext(ctx)
 	exit := rlog.Trace("rm.sdkDelete")
-	defer exit(err)
+	defer func() {
+		exit(err)
+	}()
 	// This causes syncPolicies to delete all associated policies from the role
 	r.ko.Spec.Policies = []*string{}
 	if err := rm.syncPolicies(ctx, r); err != nil {