Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔄 synced file(s) with upbound/sa-up #90

Merged
merged 5 commits into from
Nov 28, 2024
Merged

🔄 synced file(s) with upbound/sa-up #90

merged 5 commits into from
Nov 28, 2024

Conversation

upbound-bot
Copy link

@upbound-bot upbound-bot commented Nov 25, 2024
edited
Loading

synced local file(s) with upbound/sa-up.

Changed files
  • synced local Makefile with remote shared/configurations/Makefile
  • synced local .github/renovate.json5 with remote shared/configurations/renovate.json5
  • synced local .gitmodules with remote shared/configurations/.gitmodules
  • created local .github/CODEOWNERS from remote .github/CODEOWNERS

This PR was created automatically by the repo-file-sync-action workflow run #12067090600

@village-labs-bot Village Labs Bot
Copy link

upbound/configuration-aws-eks #90

Change Summary:

  • Comprehensive Makefile refactoring including enhanced documentation, new build targets, and improved test functionality
  • Added CODEOWNERS file assigning repository ownership to @upbound/team-customer-success
  • Enhanced renovate.json5 with package grouping rules and improved dependency management
  • Updated tool versions including UP (v0.34.0), CROSSPLANE_CLI (v1.17.1), and UPTEST (v1.1.2)

Potential Vulnerabilities:

  • File: .github/CODEOWNERS:1
  • Code: * @upbound/team-customer-success
  • Explanation: While not a direct vulnerability, blanket ownership assignment could lead to potential review bottlenecks and might affect the security review process. Consider adding more granular ownership patterns for critical paths.

Code Smells:

    • File: Makefile:123-244
    • Code: Entire Makefile documentation block
    • Explanation: While documentation is valuable, having such a large comment block in the Makefile could make maintenance more difficult. Consider moving this documentation to a separate CONTRIBUTING.md or docs/ directory.
    • File: .github/renovate.json5:42-52
    • Code:
    "customManagers": [
  {
    "customType": "regex",
    "description": "Bump providers/functions/configurations in crossplane.yaml",
    "fileMatch": ["crossplane.yaml"],
    ...
  }
]
    • Explanation: Using regex-based version management is fragile and could lead to false matches. Consider using more structured parsing methods if available.

Debug Logs:

No debug logs were found in the changes.

Unintended Consequences:

    • File: Makefile:18
    • Code: PLATFORMS ?= linux_amd64
    • Explanation: Explicitly limiting to linux_amd64 might cause issues if the configuration needs to be used in environments requiring different architectures in the future.
    • File: .github/renovate.json5:9
    • Code: "prConcurrentLimit": 5
    • Explanation: The concurrent PR limit might lead to delayed security updates if there are many dependencies needing updates simultaneously.
    • File: Makefile:141
    • Code: UPTEST_DEFAULT_TIMEOUT ?= 2400s
    • Explanation: The default timeout of 2400s might be too short for some complex test scenarios, potentially leading to false test failures in CI/CD pipelines.

Risk Score: 4

The changes are primarily maintenance and infrastructure-focused, with most modifications being to build and CI/CD configurations. The risk is moderate due to the extensive Makefile changes and potential for CI/CD disruption, but the core functionality remains largely unchanged. The CODEOWNERS addition and renovate configuration updates introduce some operational considerations but don't significantly impact the security posture of the repository.

@kaessert
Copy link
Contributor

Testing:

$> make check-examples
12:10:40 [ .. ] Checking if package versions in dependencies match examples
12:10:40 [ OK ] Package versions are sane

$> make render.test
12:10:45 [ .. ] Generating kcl composition
12:10:46 [ OK ] Generated kcl composition
12:10:52 [ .. ] Testing .cache/render/ef5f0.yaml
no test files
12:10:52 [ OK ] Success testing ".cache/render/ef5f0.yaml"!
12:10:52 [ .. ] Testing .cache/render/5fb15.yaml
no test files
12:10:52 [ OK ] Success testing ".cache/render/5fb15.yaml"!

$> make render.show
---
apiVersion: aws.platform.upbound.io/v1alpha1
kind: XEKS
metadata:
  annotations:
    render.crossplane.io/composition-path: apis/kcl/composition.yaml
    render.crossplane.io/function-path: examples/functions.yaml
  name: configuration-aws-eks-kcl
spec:
  compositionSelector:
    matchLabels:
      function: kcl
  parameters:
    id: configuration-aws-eks-kcl
    nodes:
      count: 1
      instanceType: t3.small
    region: us-west-2
    version: "1.27"
  writeConnectionSecretToRef:
    name: configuration-aws-eks-kcl-kubeconfig
    namespace: upbound-system
status:
  conditions:
  - lastTransitionTime: "2024-01-01T00:00:00Z"
    message: 'Unready resources: controlplaneRole, kubernetesCluster, and nodegroupRole'
    reason: Creating
    status: "False"
    type: Ready
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
  annotations:
    crossplane.io/composition-resource-name: controlplaneRole
  generateName: configuration-aws-eks-kcl-
  labels:
    crossplane.io/composite: configuration-aws-eks-kcl
    role: controlplane
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks-kcl
    uid: ""
spec:
  deletionPolicy: Delete
  forProvider:
    assumeRolePolicy: "{\n            \"Version\": \"2012-10-17\",\n            \"Statement\":
      [\n                {\n                    \"Effect\": \"Allow\",\n                    \"Principal\":
      {\n                        \"Service\": [\n                            \"eks.amazonaws.com\"\n
      \                       ]\n                    },\n                    \"Action\":
      [\n                        \"sts:AssumeRole\"\n                    ]\n                }\n
      \           ]\n          }\n        "
    forceDetachPolicies: true
    managedPolicyArns:
    - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
  providerConfigRef:
    name: default
---
apiVersion: eks.aws.upbound.io/v1beta2
kind: Cluster
metadata:
  annotations:
    crossplane.io/composition-resource-name: kubernetesCluster
  generateName: configuration-aws-eks-kcl-
  labels:
    crossplane.io/composite: configuration-aws-eks-kcl
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks-kcl
    uid: ""
spec:
  deletionPolicy: Delete
  forProvider:
    region: us-west-2
    roleArnSelector:
      matchControllerRef: true
      matchLabels:
        role: controlplane
    version: "1.27"
    vpcConfig:
      endpointPrivateAccess: true
      subnetIdSelector:
        matchLabels:
          access: public
          networks.aws.platform.upbound.io/network-id: configuration-aws-eks-kcl
  providerConfigRef:
    name: default
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
  annotations:
    crossplane.io/composition-resource-name: nodegroupRole
  generateName: configuration-aws-eks-kcl-
  labels:
    crossplane.io/composite: configuration-aws-eks-kcl
    role: nodegroup
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks-kcl
    uid: ""
spec:
  deletionPolicy: Delete
  forProvider:
    assumeRolePolicy: "{\n            \"Version\": \"2012-10-17\",\n            \"Statement\":
      [\n                {\n                    \"Effect\": \"Allow\",\n                    \"Principal\":
      {\n                        \"Service\": [\n                            \"ec2.amazonaws.com\"\n
      \                       ]\n                    },\n                    \"Action\":
      [\n                        \"sts:AssumeRole\"\n                    ]\n                }\n
      \           ]\n          }\n        "
    forceDetachPolicies: true
    managedPolicyArns:
    - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
    - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
    - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
    - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
  providerConfigRef:
    name: default
---
apiVersion: helm.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  annotations:
    crossplane.io/composition-resource-name: providerConfig-helm
  generateName: configuration-aws-eks-kcl-
  labels:
    crossplane.io/composite: configuration-aws-eks-kcl
  name: configuration-aws-eks-kcl
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks-kcl
    uid: ""
spec:
  credentials:
    secretRef:
      key: kubeconfig
      name: -ekscluster
      namespace: upbound-system
    source: Secret
---
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  annotations:
    crossplane.io/composition-resource-name: providerConfig-kubernetes
  generateName: configuration-aws-eks-kcl-
  labels:
    crossplane.io/composite: configuration-aws-eks-kcl
  name: configuration-aws-eks-kcl
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks-kcl
    uid: ""
spec:
  credentials:
    secretRef:
      key: kubeconfig
      name: -ekscluster
      namespace: upbound-system
    source: Secret
---
apiVersion: aws.platform.upbound.io/v1alpha1
kind: XEKS
metadata:
  annotations:
    render.crossplane.io/composition-path: apis/pat/composition.yaml
    render.crossplane.io/function-path: examples/functions.yaml
  name: configuration-aws-eks
spec:
  parameters:
    id: configuration-aws-eks
    nodes:
      count: 3
      instanceType: t3.small
    region: us-west-2
    version: "1.27"
  writeConnectionSecretToRef:
    name: configuration-aws-eks-kubeconfig
    namespace: upbound-system
status:
  conditions:
  - lastTransitionTime: "2024-01-01T00:00:00Z"
    message: 'Unready resources: controlplaneRole, kubernetesCluster, nodegroupRole,
      and 2 more'
    reason: Creating
    status: "False"
    type: Ready
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
  annotations:
    crossplane.io/composition-resource-name: controlplaneRole
  generateName: configuration-aws-eks-
  labels:
    crossplane.io/composite: configuration-aws-eks
    role: controlplane
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks
    uid: ""
spec:
  forProvider:
    assumeRolePolicy: |
      {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "Service": [
                        "eks.amazonaws.com"
                    ]
                },
                "Action": [
                    "sts:AssumeRole"
                ]
            }
        ]
      }
    forceDetachPolicies: true
    managedPolicyArns:
    - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
---
apiVersion: eks.aws.upbound.io/v1beta2
kind: Cluster
metadata:
  annotations:
    crossplane.io/composition-resource-name: kubernetesCluster
  generateName: configuration-aws-eks-
  labels:
    crossplane.io/composite: configuration-aws-eks
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks
    uid: ""
spec:
  forProvider:
    accessConfig:
      authenticationMode: API
      bootstrapClusterCreatorAdminPermissions: true
    region: us-west-2
    roleArnSelector:
      matchControllerRef: true
      matchLabels:
        role: controlplane
    version: "1.27"
    vpcConfig:
      endpointPrivateAccess: true
      endpointPublicAccess: true
      subnetIdSelector:
        matchLabels:
          access: public
          networks.aws.platform.upbound.io/network-id: configuration-aws-eks
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
  annotations:
    crossplane.io/composition-resource-name: nodegroupRole
  generateName: configuration-aws-eks-
  labels:
    crossplane.io/composite: configuration-aws-eks
    role: nodegroup
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks
    uid: ""
spec:
  forProvider:
    assumeRolePolicy: |
      {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "Service": [
                        "ec2.amazonaws.com"
                    ]
                },
                "Action": [
                    "sts:AssumeRole"
                ]
            }
        ]
      }
    forceDetachPolicies: true
    managedPolicyArns:
    - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
    - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
    - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
    - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
---
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  annotations:
    crossplane.io/composition-resource-name: providerConfig-helm
  generateName: configuration-aws-eks-
  labels:
    crossplane.io/composite: configuration-aws-eks
  name: configuration-aws-eks
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks
    uid: ""
spec:
  credentials:
    secretRef:
      key: kubeconfig
      namespace: upbound-system
    source: Secret
---
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  annotations:
    crossplane.io/composition-resource-name: providerConfig-kubernetes
  generateName: configuration-aws-eks-
  labels:
    crossplane.io/composite: configuration-aws-eks
  name: configuration-aws-eks
  ownerReferences:
  - apiVersion: aws.platform.upbound.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: XEKS
    name: configuration-aws-eks
    uid: ""
spec:
  credentials:
    secretRef:
      key: kubeconfig
      namespace: upbound-system
    source: Secret

@kaessert
Copy link
Contributor

/test-examples

@kaessert kaessert requested a review from ytsarev November 26, 2024 11:43
@kaessert kaessert mentioned this pull request Nov 26, 2024
Closed
3 tasks
@upbound-bot upbound-bot force-pushed the repo-sync/sa-up/default branch from 0188ae3 to 9f9372e Compare November 26, 2024 16:24
@kaessert kaessert force-pushed the repo-sync/sa-up/default branch from 1eada27 to a62fac7 Compare November 26, 2024 19:08
@kaessert
Copy link
Contributor

/test-examples

@upbound-bot upbound-bot force-pushed the repo-sync/sa-up/default branch from a62fac7 to 269a93a Compare November 27, 2024 09:56
@kaessert
Copy link
Contributor

/test-examples

@upbound-bot upbound-bot force-pushed the repo-sync/sa-up/default branch 2 times, most recently from d0a3f2c to 507cbdc Compare November 28, 2024 10:23
@upbound-bot upbound-bot force-pushed the repo-sync/sa-up/default branch from 507cbdc to 61bc5cd Compare November 28, 2024 10:30
@kaessert
Copy link
Contributor

/test-examples

@kaessert kaessert merged commit f9d1210 into main Nov 28, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaessert kaessert kaessert approved these changes

@ytsarev ytsarev Awaiting requested review from ytsarev

Assignees
No one assigned
Labels
sync
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@upbound-bot @kaessert