From 8d4e94bdecdf49fe4521fd743dda1a39dfa3071c Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Thu, 21 Sep 2023 10:11:49 +1000
Subject: [PATCH 1/9] management policies addition

---
 bootstrap/terraform/providers/aws-upbound/controller-config.yaml | 1 +
 bootstrap/terraform/providers/aws/controller-config.yaml         | 1 +
 bootstrap/terraform/providers/kubernetes/controller-config.yaml  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/bootstrap/terraform/providers/aws-upbound/controller-config.yaml b/bootstrap/terraform/providers/aws-upbound/controller-config.yaml
index 6806bfd8..351d1e92 100644
--- a/bootstrap/terraform/providers/aws-upbound/controller-config.yaml
+++ b/bootstrap/terraform/providers/aws-upbound/controller-config.yaml
@@ -11,3 +11,4 @@ spec:
     fsGroup: 2000
   args:
     - --debug
+    - --enable-management-policies
diff --git a/bootstrap/terraform/providers/aws/controller-config.yaml b/bootstrap/terraform/providers/aws/controller-config.yaml
index ea416165..4fe55ff5 100644
--- a/bootstrap/terraform/providers/aws/controller-config.yaml
+++ b/bootstrap/terraform/providers/aws/controller-config.yaml
@@ -9,3 +9,4 @@ spec:
     fsGroup: 2000
   args:
     - --debug
+    - --enable-management-policies
diff --git a/bootstrap/terraform/providers/kubernetes/controller-config.yaml b/bootstrap/terraform/providers/kubernetes/controller-config.yaml
index ebb41ac7..5544bce4 100644
--- a/bootstrap/terraform/providers/kubernetes/controller-config.yaml
+++ b/bootstrap/terraform/providers/kubernetes/controller-config.yaml
@@ -6,3 +6,4 @@ spec:
   serviceAccountName: ${sa-name}
   args:
     - --debug
+    - --enable-management-policies
\ No newline at end of file

From 5289e4e9ebad0a8911189d64cad040e5440f3113 Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Thu, 21 Sep 2023 16:45:32 +1000
Subject: [PATCH 2/9] management policies removal from K8-provider

---
 .../terraform/providers/kubernetes/controller-config.yaml      | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/bootstrap/terraform/providers/kubernetes/controller-config.yaml b/bootstrap/terraform/providers/kubernetes/controller-config.yaml
index 5544bce4..17cf9465 100644
--- a/bootstrap/terraform/providers/kubernetes/controller-config.yaml
+++ b/bootstrap/terraform/providers/kubernetes/controller-config.yaml
@@ -5,5 +5,4 @@ metadata:
 spec:
   serviceAccountName: ${sa-name}
   args:
-    - --debug
-    - --enable-management-policies
\ No newline at end of file
+    - --debug
\ No newline at end of file

From b3ad66ff27358d5f89edaabfa7a26745959c293b Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Sun, 22 Oct 2023 22:47:55 +1100
Subject: [PATCH 3/9] load balancer controller addition

---
 bootstrap/terraform/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bootstrap/terraform/main.tf b/bootstrap/terraform/main.tf
index b3b3bdc5..a1c3e89c 100644
--- a/bootstrap/terraform/main.tf
+++ b/bootstrap/terraform/main.tf
@@ -147,6 +147,7 @@ module "eks_blueprints_addons" {
   enable_gatekeeper                = true
   enable_metrics_server            = true
   enable_kube_prometheus_stack     = true
+  enable_aws_load_balancer_controller = true
   kube_prometheus_stack = {
     values = [yamlencode({
       prometheus = {

From 1e0b31363777ed5abbcdf171c1696928d2717c0f Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Mon, 15 Jan 2024 23:52:47 +1100
Subject: [PATCH 4/9] updating policy to access global and local index

---
 .../upbound-aws-provider/iam-policy/dynamodb-write.yaml     | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml b/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml
index 25f85c56..6fe5182b 100644
--- a/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml
+++ b/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml
@@ -1,5 +1,5 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: MIT-0
 
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
@@ -55,6 +55,7 @@ spec:
             variables:
             - fromFieldPath: spec.resourceArn
             - fromFieldPath: spec.resourceArn
+            - fromFieldPath: spec.resourceArn
             strategy: string
             string:
               fmt: |
@@ -81,16 +82,17 @@ spec:
                                 "dynamodb:BatchGet*",
                                 "dynamodb:DescribeStream",
                                 "dynamodb:DescribeTable",
-                                "dynamodb:Get*",
                                 "dynamodb:Query",
                                 "dynamodb:Scan",
                                 "dynamodb:BatchWrite*",
                                 "dynamodb:CreateTable",
                                 "dynamodb:Delete*",
                                 "dynamodb:Update*",
+                                "dynamodb:GetItem",
                                 "dynamodb:PutItem"
                             ],
                             "Resource": [
+                              "%s/*",
                               "%s"
                             ]
                         }

From 135843626c5685ed1e5325cca99ba6cbf03d149e Mon Sep 17 00:00:00 2001
From: 7navyasa <140163168+7navyasa@users.noreply.github.com>
Date: Wed, 17 Jan 2024 10:04:40 +1100
Subject: [PATCH 5/9] Update dynamodb-write.yaml license

---
 .../upbound-aws-provider/iam-policy/dynamodb-write.yaml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml b/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml
index 6fe5182b..a061da6d 100644
--- a/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml
+++ b/compositions/upbound-aws-provider/iam-policy/dynamodb-write.yaml
@@ -1,5 +1,5 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: MIT-0
+# SPDX-License-Identifier: Apache-2.0
 
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition

From d23742a0af306ddce5a81de525fac6cd078ae28f Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Fri, 28 Jun 2024 01:37:09 +1000
Subject: [PATCH 6/9] upgrade deprecated api

---
 .../samples/sample-table-eu-west-2-pass.yaml  | 28 ++++++++----------
 .../samples/sample-table-us-east-1-fail.yaml  | 29 ++++++++-----------
 .../required-tags/samples/constraint.yaml     |  6 ++--
 .../samples/dummy-table-missing-tag-fail.yaml | 28 ++++++++----------
 .../samples/dummy-table-no-tags-fail.yaml     | 27 ++++++++---------
 .../samples/finance-table-pass.yaml           | 28 ++++++++----------
 .../gatekeeper/required-tags/template.yaml    | 23 ++++-----------
 7 files changed, 68 insertions(+), 101 deletions(-)

diff --git a/examples/gatekeeper/region-restrict/samples/sample-table-eu-west-2-pass.yaml b/examples/gatekeeper/region-restrict/samples/sample-table-eu-west-2-pass.yaml
index 6ce5d65b..f9050537 100644
--- a/examples/gatekeeper/region-restrict/samples/sample-table-eu-west-2-pass.yaml
+++ b/examples/gatekeeper/region-restrict/samples/sample-table-eu-west-2-pass.yaml
@@ -1,23 +1,19 @@
-apiVersion: dynamodb.aws.crossplane.io/v1alpha1
+apiVersion: dynamodb.aws.upbound.io/v1beta1
 kind: Table
 metadata:
+  annotations:
+    meta.upbound.io/example-id: dynamodb/v1beta1/globaltable
   name: sample-table
 spec:
-  deletionPolicy: Delete
+  providerConfigRef:
+    name: aws-provider-config
   forProvider:
+    attribute:
+      - name: myAttribute
+        type: S
+    hashKey: myAttribute
+    readCapacity: 1
+    writeCapacity: 1
     region: eu-west-2
-    attributeDefinitions:
-      - attributeName: id
-        attributeType: S
-    keySchema:
-      - attributeName: id
-        keyType: HASH
-    billingMode: PROVISIONED
-    provisionedThroughput:
-      readCapacityUnits: 1
-      writeCapacityUnits: 1
     tags:
-      - key: "owner"
-        value: "finance"
-  providerConfigRef:
-    name: aws-provider-config
\ No newline at end of file
+      owner: finance
\ No newline at end of file
diff --git a/examples/gatekeeper/region-restrict/samples/sample-table-us-east-1-fail.yaml b/examples/gatekeeper/region-restrict/samples/sample-table-us-east-1-fail.yaml
index 211eb5a4..3628a6fb 100644
--- a/examples/gatekeeper/region-restrict/samples/sample-table-us-east-1-fail.yaml
+++ b/examples/gatekeeper/region-restrict/samples/sample-table-us-east-1-fail.yaml
@@ -1,24 +1,19 @@
-apiVersion: dynamodb.aws.crossplane.io/v1alpha1
+apiVersion: dynamodb.aws.upbound.io/v1beta1
 kind: Table
 metadata:
+  annotations:
+    meta.upbound.io/example-id: dynamodb/v1beta1/globaltable
   name: failing-table
 spec:
-  deletionPolicy: Delete
+  providerConfigRef:
+    name: aws-provider-config
   forProvider:
+    attribute:
+      - name: myAttribute
+        type: S
+    hashKey: myAttribute
+    readCapacity: 1
+    writeCapacity: 1
     region: us-east-1
-    attributeDefinitions:
-      - attributeName: id
-        attributeType: S
-    keySchema:
-      - attributeName: id
-        keyType: HASH
-    billingMode: PROVISIONED
-    provisionedThroughput:
-      readCapacityUnits: 1
-      writeCapacityUnits: 1
     tags:
-      - key: "owner"
-        value: "finance"
-
-  providerConfigRef:
-    name: aws-provider-config
\ No newline at end of file
+      owner: finance
\ No newline at end of file
diff --git a/examples/gatekeeper/required-tags/samples/constraint.yaml b/examples/gatekeeper/required-tags/samples/constraint.yaml
index 228bc4f6..f3fa5d9f 100644
--- a/examples/gatekeeper/required-tags/samples/constraint.yaml
+++ b/examples/gatekeeper/required-tags/samples/constraint.yaml
@@ -5,7 +5,7 @@ metadata:
 spec:
   match:
     kinds:
-      - apiGroups: ["*"]
-        kinds: ["*"]
+      - apiGroups: ["dynamodb.aws.upbound.io"]
+        kinds: ["Table"]
   parameters:
-    tags: ["owner"]
\ No newline at end of file
+    tag: "owner"
\ No newline at end of file
diff --git a/examples/gatekeeper/required-tags/samples/dummy-table-missing-tag-fail.yaml b/examples/gatekeeper/required-tags/samples/dummy-table-missing-tag-fail.yaml
index 683f3c01..ee1505ad 100644
--- a/examples/gatekeeper/required-tags/samples/dummy-table-missing-tag-fail.yaml
+++ b/examples/gatekeeper/required-tags/samples/dummy-table-missing-tag-fail.yaml
@@ -1,23 +1,19 @@
-apiVersion: dynamodb.aws.crossplane.io/v1alpha1
+apiVersion: dynamodb.aws.upbound.io/v1beta1
 kind: Table
 metadata:
+  annotations:
+    meta.upbound.io/example-id: dynamodb/v1beta1/globaltable
   name: dummy-table
 spec:
-  deletionPolicy: Delete
+  providerConfigRef:
+    name: aws-provider-config
   forProvider:
+    attribute:
+      - name: myAttribute
+        type: S
+    hashKey: myAttribute
+    readCapacity: 1
+    writeCapacity: 1
     region: eu-west-2
-    attributeDefinitions:
-      - attributeName: id
-        attributeType: S
-    keySchema:
-      - attributeName: id
-        keyType: HASH
-    billingMode: PROVISIONED
-    provisionedThroughput:
-      readCapacityUnits: 1
-      writeCapacityUnits: 1
     tags:
-      - key: "aaa"
-        value: "finance"
-  providerConfigRef:
-    name: aws-provider-config
\ No newline at end of file
+      aaa: finance
diff --git a/examples/gatekeeper/required-tags/samples/dummy-table-no-tags-fail.yaml b/examples/gatekeeper/required-tags/samples/dummy-table-no-tags-fail.yaml
index ecbc4a64..bfaa9e79 100644
--- a/examples/gatekeeper/required-tags/samples/dummy-table-no-tags-fail.yaml
+++ b/examples/gatekeeper/required-tags/samples/dummy-table-no-tags-fail.yaml
@@ -1,20 +1,17 @@
-apiVersion: dynamodb.aws.crossplane.io/v1alpha1
+apiVersion: dynamodb.aws.upbound.io/v1beta1
 kind: Table
 metadata:
+  annotations:
+    meta.upbound.io/example-id: dynamodb/v1beta1/globaltable
   name: dummy-table
 spec:
-  deletionPolicy: Delete
-  forProvider:
-    region: eu-west-2
-    attributeDefinitions:
-      - attributeName: id
-        attributeType: S
-    keySchema:
-      - attributeName: id
-        keyType: HASH
-    billingMode: PROVISIONED
-    provisionedThroughput:
-      readCapacityUnits: 1
-      writeCapacityUnits: 1
   providerConfigRef:
-    name: aws-provider-config
\ No newline at end of file
+    name: aws-provider-config
+  forProvider:
+    attribute:
+      - name: myAttribute
+        type: S
+    hashKey: myAttribute
+    readCapacity: 1
+    writeCapacity: 1
+    region: eu-west-2
\ No newline at end of file
diff --git a/examples/gatekeeper/required-tags/samples/finance-table-pass.yaml b/examples/gatekeeper/required-tags/samples/finance-table-pass.yaml
index 29e4c5da..56ed7741 100644
--- a/examples/gatekeeper/required-tags/samples/finance-table-pass.yaml
+++ b/examples/gatekeeper/required-tags/samples/finance-table-pass.yaml
@@ -1,23 +1,19 @@
-apiVersion: dynamodb.aws.crossplane.io/v1alpha1
+apiVersion: dynamodb.aws.upbound.io/v1beta1
 kind: Table
 metadata:
+  annotations:
+    meta.upbound.io/example-id: dynamodb/v1beta1/globaltable
   name: finance-table
 spec:
-  deletionPolicy: Delete
+  providerConfigRef:
+    name: aws-provider-config
   forProvider:
+    attribute:
+      - name: myAttribute
+        type: S
+    hashKey: myAttribute
+    readCapacity: 1
+    writeCapacity: 1
     region: eu-west-2
-    attributeDefinitions:
-      - attributeName: id
-        attributeType: S
-    keySchema:
-      - attributeName: id
-        keyType: HASH
-    billingMode: PROVISIONED
-    provisionedThroughput:
-      readCapacityUnits: 1
-      writeCapacityUnits: 1
     tags:
-      - key: "owner"
-        value: "finance"
-  providerConfigRef:
-    name: aws-provider-config
\ No newline at end of file
+      owner: finance
\ No newline at end of file
diff --git a/examples/gatekeeper/required-tags/template.yaml b/examples/gatekeeper/required-tags/template.yaml
index b48bee7e..06dd61f8 100644
--- a/examples/gatekeeper/required-tags/template.yaml
+++ b/examples/gatekeeper/required-tags/template.yaml
@@ -8,31 +8,18 @@ spec:
       names:
         kind: AwsRequiredTags
       validation:
-        # Schema for the `parameters` field
         openAPIV3Schema:
           type: object
           properties:
-            tags:
-              type: array
-              items:
-                type: string
+            tag:
+              type: string
   targets:
     - target: admission.k8s.gatekeeper.sh
       rego: |
         package awsrequiredtags
-        import future.keywords.every
         
         violation[{"msg": msg}] {
-          endswith(input.review.kind.group, "aws.crossplane.io")
-          not startswith(input.review.kind.kind, "ProviderConfig")
-          not input.review.object.spec.forProvider.tags
-          msg := sprintf("Attempting to provision a resource without tags, the following tags are required '%v'", [input.parameters.tags])
-        }
-
-        violation[{"msg": msg}] {
-          some requested_tag in input.parameters.tags
-          every i in input.review.object.spec.forProvider.tags {
-              requested_tag != i.key
-          }
-          msg := sprintf("Attempting to provision a resource with the following tags '%v', one or more of the required tags '%v' is missing", [input.review.object.spec.forProvider.tags, input.parameters.tags])
+          input.review.kind.group == "dynamodb.aws.upbound.io"
+          not input.review.object.spec.forProvider.tags[input.parameters.tag]
+          msg := sprintf("Attempting to provision a resource without the required tag '%v'", [input.parameters.tag])
         }
\ No newline at end of file

From c8a4c51f3e58af46e0e50a35036d5833a0776cd0 Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Fri, 28 Jun 2024 17:03:43 +1000
Subject: [PATCH 7/9] PR review fix

---
 .../gatekeeper/required-tags/samples/constraint.yaml |  2 +-
 examples/gatekeeper/required-tags/template.yaml      | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/examples/gatekeeper/required-tags/samples/constraint.yaml b/examples/gatekeeper/required-tags/samples/constraint.yaml
index f3fa5d9f..59df4952 100644
--- a/examples/gatekeeper/required-tags/samples/constraint.yaml
+++ b/examples/gatekeeper/required-tags/samples/constraint.yaml
@@ -8,4 +8,4 @@ spec:
       - apiGroups: ["dynamodb.aws.upbound.io"]
         kinds: ["Table"]
   parameters:
-    tag: "owner"
\ No newline at end of file
+    tags: ["owner"]
\ No newline at end of file
diff --git a/examples/gatekeeper/required-tags/template.yaml b/examples/gatekeeper/required-tags/template.yaml
index 06dd61f8..30a5a77f 100644
--- a/examples/gatekeeper/required-tags/template.yaml
+++ b/examples/gatekeeper/required-tags/template.yaml
@@ -11,8 +11,10 @@ spec:
         openAPIV3Schema:
           type: object
           properties:
-            tag:
-              type: string
+            tags:
+              type: array
+              items:
+                type: string
   targets:
     - target: admission.k8s.gatekeeper.sh
       rego: |
@@ -20,6 +22,8 @@ spec:
         
         violation[{"msg": msg}] {
           input.review.kind.group == "dynamodb.aws.upbound.io"
-          not input.review.object.spec.forProvider.tags[input.parameters.tag]
-          msg := sprintf("Attempting to provision a resource without the required tag '%v'", [input.parameters.tag])
+          some i
+          required_tag := input.parameters.tags[i]
+          not input.review.object.spec.forProvider.tags[required_tag]
+          msg := sprintf("Attempting to provision a resource without the required tag '%v'", [required_tag])
         }
\ No newline at end of file

From 1f97a70936f996e6beb8d628856150117bceaca7 Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Fri, 12 Jul 2024 17:13:32 +1000
Subject: [PATCH 8/9] gatekeeper example api upgrade

---
 .../duplicate-s3/samples/allowed-bucket.yaml       |  2 +-
 .../duplicate-s3/samples/constraint.yaml           |  2 +-
 .../duplicate-s3/samples/existing-buckets.yaml     |  2 +-
 .../duplicate-s3/samples/not-allowed-bucket.yaml   |  2 +-
 examples/gatekeeper/duplicate-s3/syncset.yaml      |  2 +-
 examples/gatekeeper/duplicate-s3/template.yaml     | 14 +++++++-------
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml b/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
index e2531e19..44aaa628 100644
--- a/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
@@ -1,4 +1,4 @@
-apiVersion: s3.aws.crossplane.io/v1beta1
+apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
diff --git a/examples/gatekeeper/duplicate-s3/samples/constraint.yaml b/examples/gatekeeper/duplicate-s3/samples/constraint.yaml
index b2575698..06f5b38d 100644
--- a/examples/gatekeeper/duplicate-s3/samples/constraint.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/constraint.yaml
@@ -7,5 +7,5 @@ spec:
     kinds:
       - apiGroups: ["awsblueprints.io"]
         kinds: ["ObjectStorage"]
-      - apiGroups: ["s3.aws.crossplane.io"]
+      - apiGroups: ["s3.aws.upbound.io"]
         kinds: ["Bucket"]
diff --git a/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml b/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
index 18ede933..8d4ea5be 100644
--- a/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
@@ -1,4 +1,4 @@
-apiVersion: s3.aws.crossplane.io/v1beta1
+apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
diff --git a/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml b/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
index 2d79f53a..546cafac 100644
--- a/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
@@ -1,4 +1,4 @@
-apiVersion: s3.aws.crossplane.io/v1beta1
+apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
diff --git a/examples/gatekeeper/duplicate-s3/syncset.yaml b/examples/gatekeeper/duplicate-s3/syncset.yaml
index 08a0bf2d..f39d35ab 100644
--- a/examples/gatekeeper/duplicate-s3/syncset.yaml
+++ b/examples/gatekeeper/duplicate-s3/syncset.yaml
@@ -4,6 +4,6 @@ metadata:
   name: s3-syncset
 spec:
   gvks:
-    - group: "s3.aws.crossplane.io"
+    - group: "s3.aws.upbound.io"
       version: "v1beta1"
       kind: "Bucket"
diff --git a/examples/gatekeeper/duplicate-s3/template.yaml b/examples/gatekeeper/duplicate-s3/template.yaml
index 2b01e736..014437f8 100644
--- a/examples/gatekeeper/duplicate-s3/template.yaml
+++ b/examples/gatekeeper/duplicate-s3/template.yaml
@@ -20,8 +20,8 @@ spec:
         #}
 
         sameClaim(obj, review) {
-            obj.metadata.labels["crossplane.io/claim-namespace"] == review.object.metadata.namespace
-            obj.metadata.labels["crossplane.io/claim-name"] == review.object.metadata.name
+            obj.metadata.labels["upbound.io/claim-namespace"] == review.object.metadata.namespace
+            obj.metadata.labels["upbound.io/claim-name"] == review.object.metadata.name
         }
 
         sameBucketMR(obj, review) {
@@ -32,12 +32,12 @@ spec:
         violation[{"msg": msg}] {
             review := input.review
             review.object.kind == "ObjectStorage"
-            obj := data.inventory.cluster["s3.aws.crossplane.io/v1beta1"].Bucket[_]
+            obj := data.inventory.cluster["s3.aws.upbound.io/v1beta1"].Bucket[_]
             not sameClaim(obj, review)
             claimName := review.object.metadata.name
             claimNameSpace := review.object.metadata.namespace
             bucket := review.object.spec.resourceConfig.name
-            bucket == obj.metadata.annotations["crossplane.io/external-name"]
+            bucket == obj.metadata.annotations["upbound.io/external-name"]
 
             msg := sprintf(
               "Claim %v in namespace %v requesting Bucket %v is already managed by Bucket MR %v",
@@ -48,10 +48,10 @@ spec:
         violation[{"msg": msg}] {
             review := input.review
             review.object.kind == "Bucket"
-            obj := data.inventory.cluster["s3.aws.crossplane.io/v1beta1"].Bucket[_]
+            obj := data.inventory.cluster["s3.aws.upbound.io/v1beta1"].Bucket[_]
             not sameBucketMR(obj, review)
-            newBucket := review.object.metadata.annotations["crossplane.io/external-name"]
-            existingBucket := obj.metadata.annotations["crossplane.io/external-name"]
+            newBucket := review.object.metadata.annotations["upbound.io/external-name"]
+            existingBucket := obj.metadata.annotations["upbound.io/external-name"]
             newBucket == existingBucket
 
             msg := sprintf(

From fc8e519e1b74953cf56ccf61cc00935e92a98466 Mon Sep 17 00:00:00 2001
From: 7navyasa <navyasa@amazon.com>
Date: Fri, 12 Jul 2024 20:54:04 +1000
Subject: [PATCH 9/9] gatekeeper s3 exampleyaml update

---
 .../duplicate-s3/samples/allowed-bucket.yaml  | 22 ++++++-------------
 .../samples/existing-buckets.yaml             | 22 ++++++-------------
 .../samples/not-allowed-bucket.yaml           | 22 ++++++-------------
 3 files changed, 21 insertions(+), 45 deletions(-)

diff --git a/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml b/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
index 44aaa628..f8ac7ed7 100644
--- a/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
@@ -2,25 +2,17 @@ apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
-    crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
-    crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
-    crossplane.io/external-name: my-bucket-456-$ACCOUNT_ID
+    upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
+    upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
+    upbound.io/external-name: my-bucket-456-$ACCOUNT_ID
   labels:
-    crossplane.io/claim-name: standard-object-storage
-    crossplane.io/claim-namespace: default
-    crossplane.io/composite: standard-object-storage-xwghv
+    upbound.io/claim-name: standard-object-storage
+    upbound.io/claim-namespace: default
+    upbound.io/composite: standard-object-storage-xwghv
   name: standard-object-storage-new
 spec:
   deletionPolicy: Delete
   forProvider:
-    locationConstraint: us-west-2
-    objectOwnership: BucketOwnerEnforced
-    paymentConfiguration:
-      payer: BucketOwner
-    publicAccessBlockConfiguration:
-      blockPublicAcls: true
-      blockPublicPolicy: true
-      ignorePublicAcls: true
-      restrictPublicBuckets: true
+    region: us-west-2
   providerConfigRef:
     name: aws-provider-config
\ No newline at end of file
diff --git a/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml b/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
index 8d4ea5be..414f4292 100644
--- a/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
@@ -2,25 +2,17 @@ apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
-    crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
-    crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
-    crossplane.io/external-name: my-bucket-123-$ACCOUNT_ID
+    upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
+    upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
+    upbound.io/external-name: my-bucket-123-$ACCOUNT_ID
   labels:
-    crossplane.io/claim-name: standard-object-storage
-    crossplane.io/claim-namespace: default
-    crossplane.io/composite: standard-object-storage-xwghv
+    upbound.io/claim-name: standard-object-storage
+    upbound.io/claim-namespace: default
+    upbound.io/composite: standard-object-storage-xwghv
   name: standard-object-storage-exist
 spec:
   deletionPolicy: Delete
   forProvider:
-    locationConstraint: us-west-2
-    objectOwnership: BucketOwnerEnforced
-    paymentConfiguration:
-      payer: BucketOwner
-    publicAccessBlockConfiguration:
-      blockPublicAcls: true
-      blockPublicPolicy: true
-      ignorePublicAcls: true
-      restrictPublicBuckets: true
+    region: us-west-2
   providerConfigRef:
     name: aws-provider-config
\ No newline at end of file
diff --git a/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml b/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
index 546cafac..c309f261 100644
--- a/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
+++ b/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
@@ -2,25 +2,17 @@ apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
-    crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
-    crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
-    crossplane.io/external-name: my-bucket-123-$ACCOUNT_ID
+    upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
+    upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
+    upbound.io/external-name: my-bucket-123-$ACCOUNT_ID
   labels:
-    crossplane.io/claim-name: standard-object-storage
-    crossplane.io/claim-namespace: default
-    crossplane.io/composite: standard-object-storage-xwghv
+    upbound.io/claim-name: standard-object-storage
+    upbound.io/claim-namespace: default
+    upbound.io/composite: standard-object-storage-xwghv
   name: standard-object-storage-new
 spec:
   deletionPolicy: Delete
   forProvider:
-    locationConstraint: us-west-2
-    objectOwnership: BucketOwnerEnforced
-    paymentConfiguration:
-      payer: BucketOwner
-    publicAccessBlockConfiguration:
-      blockPublicAcls: true
-      blockPublicPolicy: true
-      ignorePublicAcls: true
-      restrictPublicBuckets: true
+    region: us-west-2
   providerConfigRef:
     name: aws-provider-config
\ No newline at end of file