Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gatekeeper S3 Example API Upgrade #209

Merged
merged 18 commits into from
Jul 12, 2024
Merged

Gatekeeper S3 Example API Upgrade #209

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
8d4e94b
management policies addition
7navyasa Sep 21, 2023
3369a43
Merge branch 'awslabs:main' into main
7navyasa Sep 21, 2023
5289e4e
management policies removal from K8-provider
7navyasa Sep 21, 2023
9c0738c
Merge branch 'awslabs:main' into main
7navyasa Sep 25, 2023
b3ad66f
load balancer controller addition
7navyasa Oct 22, 2023
226b52f
Merge branch 'awslabs:main' into main
7navyasa Oct 22, 2023
6680218
Merge branch 'awslabs:main' into main
7navyasa Nov 16, 2023
d1bc5cc
Merge branch 'awslabs:main' into main
7navyasa Jan 15, 2024
1e0b313
updating policy to access global and local index
7navyasa Jan 15, 2024
1358436
Update dynamodb-write.yaml license
7navyasa Jan 16, 2024
2a45128
Merge branch 'awslabs:main' into main
7navyasa Mar 21, 2024
5c6888d
Merge branch 'awslabs:main' into main
7navyasa May 7, 2024
3f51072
Merge branch 'awslabs:main' into main
7navyasa Jun 27, 2024
d23742a
upgrade deprecated api
7navyasa Jun 27, 2024
c8a4c51
PR review fix
7navyasa Jun 28, 2024
b4fc52d
Merge branch 'awslabs:main' into gatekeeper-upgrade
7navyasa Jul 12, 2024
1f97a70
gatekeeper example api upgrade
7navyasa Jul 12, 2024
fc8e519
gatekeeper s3 exampleyaml update
7navyasa Jul 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 8 additions & 16 deletions examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,18 @@
apiVersion: s3.aws.crossplane.io/v1beta1
apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
crossplane.io/external-name: my-bucket-456-$ACCOUNT_ID
upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
upbound.io/external-name: my-bucket-456-$ACCOUNT_ID
labels:
crossplane.io/claim-name: standard-object-storage
crossplane.io/claim-namespace: default
crossplane.io/composite: standard-object-storage-xwghv
upbound.io/claim-name: standard-object-storage
upbound.io/claim-namespace: default
upbound.io/composite: standard-object-storage-xwghv
name: standard-object-storage-new
spec:
deletionPolicy: Delete
forProvider:
locationConstraint: us-west-2
objectOwnership: BucketOwnerEnforced
paymentConfiguration:
payer: BucketOwner
publicAccessBlockConfiguration:
blockPublicAcls: true
blockPublicPolicy: true
ignorePublicAcls: true
restrictPublicBuckets: true
region: us-west-2
providerConfigRef:
name: aws-provider-config
2 changes: 1 addition & 1 deletion examples/gatekeeper/duplicate-s3/samples/constraint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ spec:
kinds:
- apiGroups: ["awsblueprints.io"]
kinds: ["ObjectStorage"]
- apiGroups: ["s3.aws.crossplane.io"]
- apiGroups: ["s3.aws.upbound.io"]
kinds: ["Bucket"]
24 changes: 8 additions & 16 deletions examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,18 @@
apiVersion: s3.aws.crossplane.io/v1beta1
apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
crossplane.io/external-name: my-bucket-123-$ACCOUNT_ID
upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
upbound.io/external-name: my-bucket-123-$ACCOUNT_ID
labels:
crossplane.io/claim-name: standard-object-storage
crossplane.io/claim-namespace: default
crossplane.io/composite: standard-object-storage-xwghv
upbound.io/claim-name: standard-object-storage
upbound.io/claim-namespace: default
upbound.io/composite: standard-object-storage-xwghv
name: standard-object-storage-exist
spec:
deletionPolicy: Delete
forProvider:
locationConstraint: us-west-2
objectOwnership: BucketOwnerEnforced
paymentConfiguration:
payer: BucketOwner
publicAccessBlockConfiguration:
blockPublicAcls: true
blockPublicPolicy: true
ignorePublicAcls: true
restrictPublicBuckets: true
region: us-west-2
providerConfigRef:
name: aws-provider-config
24 changes: 8 additions & 16 deletions examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,18 @@
apiVersion: s3.aws.crossplane.io/v1beta1
apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
crossplane.io/external-name: my-bucket-123-$ACCOUNT_ID
upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
upbound.io/external-name: my-bucket-123-$ACCOUNT_ID
labels:
crossplane.io/claim-name: standard-object-storage
crossplane.io/claim-namespace: default
crossplane.io/composite: standard-object-storage-xwghv
upbound.io/claim-name: standard-object-storage
upbound.io/claim-namespace: default
upbound.io/composite: standard-object-storage-xwghv
name: standard-object-storage-new
spec:
deletionPolicy: Delete
forProvider:
locationConstraint: us-west-2
objectOwnership: BucketOwnerEnforced
paymentConfiguration:
payer: BucketOwner
publicAccessBlockConfiguration:
blockPublicAcls: true
blockPublicPolicy: true
ignorePublicAcls: true
restrictPublicBuckets: true
region: us-west-2
providerConfigRef:
name: aws-provider-config
2 changes: 1 addition & 1 deletion examples/gatekeeper/duplicate-s3/syncset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ metadata:
name: s3-syncset
spec:
gvks:
- group: "s3.aws.crossplane.io"
- group: "s3.aws.upbound.io"
version: "v1beta1"
kind: "Bucket"
14 changes: 7 additions & 7 deletions examples/gatekeeper/duplicate-s3/template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ spec:
#}

sameClaim(obj, review) {
obj.metadata.labels["crossplane.io/claim-namespace"] == review.object.metadata.namespace
obj.metadata.labels["crossplane.io/claim-name"] == review.object.metadata.name
obj.metadata.labels["upbound.io/claim-namespace"] == review.object.metadata.namespace
obj.metadata.labels["upbound.io/claim-name"] == review.object.metadata.name
}

sameBucketMR(obj, review) {
Expand All @@ -32,12 +32,12 @@ spec:
violation[{"msg": msg}] {
review := input.review
review.object.kind == "ObjectStorage"
obj := data.inventory.cluster["s3.aws.crossplane.io/v1beta1"].Bucket[_]
obj := data.inventory.cluster["s3.aws.upbound.io/v1beta1"].Bucket[_]
not sameClaim(obj, review)
claimName := review.object.metadata.name
claimNameSpace := review.object.metadata.namespace
bucket := review.object.spec.resourceConfig.name
bucket == obj.metadata.annotations["crossplane.io/external-name"]
bucket == obj.metadata.annotations["upbound.io/external-name"]

msg := sprintf(
"Claim %v in namespace %v requesting Bucket %v is already managed by Bucket MR %v",
Expand All @@ -48,10 +48,10 @@ spec:
violation[{"msg": msg}] {
review := input.review
review.object.kind == "Bucket"
obj := data.inventory.cluster["s3.aws.crossplane.io/v1beta1"].Bucket[_]
obj := data.inventory.cluster["s3.aws.upbound.io/v1beta1"].Bucket[_]
not sameBucketMR(obj, review)
newBucket := review.object.metadata.annotations["crossplane.io/external-name"]
existingBucket := obj.metadata.annotations["crossplane.io/external-name"]
newBucket := review.object.metadata.annotations["upbound.io/external-name"]
existingBucket := obj.metadata.annotations["upbound.io/external-name"]
newBucket == existingBucket

msg := sprintf(
Expand Down
Loading