Gatekeeper S3 Example API Upgrade (#209)

* management policies addition * management policies removal from K8-provider * load balancer controller addition * updating policy to access global and local index * Update dynamodb-write.yaml license * upgrade deprecated api * PR review fix * gatekeeper example api upgrade * gatekeeper s3 exampleyaml update
awslabs · Jul 12, 2024 · 92739e6 · 92739e6
1 parent eb47c4c
commit 92739e6
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 57 deletions.
diff --git a/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml b/examples/gatekeeper/duplicate-s3/samples/allowed-bucket.yaml
@@ -1,26 +1,18 @@
-apiVersion: s3.aws.crossplane.io/v1beta1
+apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
-    crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
-    crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
-    crossplane.io/external-name: my-bucket-456-$ACCOUNT_ID
+    upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
+    upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
+    upbound.io/external-name: my-bucket-456-$ACCOUNT_ID
   labels:
-    crossplane.io/claim-name: standard-object-storage
-    crossplane.io/claim-namespace: default
-    crossplane.io/composite: standard-object-storage-xwghv
+    upbound.io/claim-name: standard-object-storage
+    upbound.io/claim-namespace: default
+    upbound.io/composite: standard-object-storage-xwghv
   name: standard-object-storage-new
 spec:
   deletionPolicy: Delete
   forProvider:
-    locationConstraint: us-west-2
-    objectOwnership: BucketOwnerEnforced
-    paymentConfiguration:
-      payer: BucketOwner
-    publicAccessBlockConfiguration:
-      blockPublicAcls: true
-      blockPublicPolicy: true
-      ignorePublicAcls: true
-      restrictPublicBuckets: true
+    region: us-west-2
   providerConfigRef:
     name: aws-provider-config
diff --git a/examples/gatekeeper/duplicate-s3/samples/constraint.yaml b/examples/gatekeeper/duplicate-s3/samples/constraint.yaml
@@ -7,5 +7,5 @@ spec:
     kinds:
       - apiGroups: ["awsblueprints.io"]
         kinds: ["ObjectStorage"]
-      - apiGroups: ["s3.aws.crossplane.io"]
+      - apiGroups: ["s3.aws.upbound.io"]
         kinds: ["Bucket"]
diff --git a/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml b/examples/gatekeeper/duplicate-s3/samples/existing-buckets.yaml
@@ -1,26 +1,18 @@
-apiVersion: s3.aws.crossplane.io/v1beta1
+apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
-    crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
-    crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
-    crossplane.io/external-name: my-bucket-123-$ACCOUNT_ID
+    upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
+    upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
+    upbound.io/external-name: my-bucket-123-$ACCOUNT_ID
   labels:
-    crossplane.io/claim-name: standard-object-storage
-    crossplane.io/claim-namespace: default
-    crossplane.io/composite: standard-object-storage-xwghv
+    upbound.io/claim-name: standard-object-storage
+    upbound.io/claim-namespace: default
+    upbound.io/composite: standard-object-storage-xwghv
   name: standard-object-storage-exist
 spec:
   deletionPolicy: Delete
   forProvider:
-    locationConstraint: us-west-2
-    objectOwnership: BucketOwnerEnforced
-    paymentConfiguration:
-      payer: BucketOwner
-    publicAccessBlockConfiguration:
-      blockPublicAcls: true
-      blockPublicPolicy: true
-      ignorePublicAcls: true
-      restrictPublicBuckets: true
+    region: us-west-2
   providerConfigRef:
     name: aws-provider-config
diff --git a/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml b/examples/gatekeeper/duplicate-s3/samples/not-allowed-bucket.yaml
@@ -1,26 +1,18 @@
-apiVersion: s3.aws.crossplane.io/v1beta1
+apiVersion: s3.aws.upbound.io/v1beta1
 kind: Bucket
 metadata:
   annotations:
-    crossplane.io/external-create-pending: "2023-06-15T21:17:04Z"
-    crossplane.io/external-create-succeeded: "2023-06-15T21:17:05Z"
-    crossplane.io/external-name: my-bucket-123-$ACCOUNT_ID
+    upbound.io/external-create-pending: "2023-06-15T21:17:04Z"
+    upbound.io/external-create-succeeded: "2023-06-15T21:17:05Z"
+    upbound.io/external-name: my-bucket-123-$ACCOUNT_ID
   labels:
-    crossplane.io/claim-name: standard-object-storage
-    crossplane.io/claim-namespace: default
-    crossplane.io/composite: standard-object-storage-xwghv
+    upbound.io/claim-name: standard-object-storage
+    upbound.io/claim-namespace: default
+    upbound.io/composite: standard-object-storage-xwghv
   name: standard-object-storage-new
 spec:
   deletionPolicy: Delete
   forProvider:
-    locationConstraint: us-west-2
-    objectOwnership: BucketOwnerEnforced
-    paymentConfiguration:
-      payer: BucketOwner
-    publicAccessBlockConfiguration:
-      blockPublicAcls: true
-      blockPublicPolicy: true
-      ignorePublicAcls: true
-      restrictPublicBuckets: true
+    region: us-west-2
   providerConfigRef:
     name: aws-provider-config
diff --git a/examples/gatekeeper/duplicate-s3/syncset.yaml b/examples/gatekeeper/duplicate-s3/syncset.yaml
@@ -4,6 +4,6 @@ metadata:
   name: s3-syncset
 spec:
   gvks:
-    - group: "s3.aws.crossplane.io"
+    - group: "s3.aws.upbound.io"
       version: "v1beta1"
       kind: "Bucket"
diff --git a/examples/gatekeeper/duplicate-s3/template.yaml b/examples/gatekeeper/duplicate-s3/template.yaml
@@ -20,8 +20,8 @@ spec:
         #}
 
         sameClaim(obj, review) {
-            obj.metadata.labels["crossplane.io/claim-namespace"] == review.object.metadata.namespace
-            obj.metadata.labels["crossplane.io/claim-name"] == review.object.metadata.name
+            obj.metadata.labels["upbound.io/claim-namespace"] == review.object.metadata.namespace
+            obj.metadata.labels["upbound.io/claim-name"] == review.object.metadata.name
         }
 
         sameBucketMR(obj, review) {
@@ -32,12 +32,12 @@ spec:
         violation[{"msg": msg}] {
             review := input.review
             review.object.kind == "ObjectStorage"
-            obj := data.inventory.cluster["s3.aws.crossplane.io/v1beta1"].Bucket[_]
+            obj := data.inventory.cluster["s3.aws.upbound.io/v1beta1"].Bucket[_]
             not sameClaim(obj, review)
             claimName := review.object.metadata.name
             claimNameSpace := review.object.metadata.namespace
             bucket := review.object.spec.resourceConfig.name
-            bucket == obj.metadata.annotations["crossplane.io/external-name"]
+            bucket == obj.metadata.annotations["upbound.io/external-name"]
 
             msg := sprintf(
               "Claim %v in namespace %v requesting Bucket %v is already managed by Bucket MR %v",
@@ -48,10 +48,10 @@ spec:
         violation[{"msg": msg}] {
             review := input.review
             review.object.kind == "Bucket"
-            obj := data.inventory.cluster["s3.aws.crossplane.io/v1beta1"].Bucket[_]
+            obj := data.inventory.cluster["s3.aws.upbound.io/v1beta1"].Bucket[_]
             not sameBucketMR(obj, review)
-            newBucket := review.object.metadata.annotations["crossplane.io/external-name"]
-            existingBucket := obj.metadata.annotations["crossplane.io/external-name"]
+            newBucket := review.object.metadata.annotations["upbound.io/external-name"]
+            existingBucket := obj.metadata.annotations["upbound.io/external-name"]
             newBucket == existingBucket
 
             msg := sprintf(