temp

Author: michaelhtm

apis/core/v1alpha1/iam_role_selector.go

@@ -25,7 +25,7 @@ type LabelSelector struct {
 
 // IAMRoleSelectorSpec defines the desired state of IAMRoleSelector
 type NamespaceSelector struct {
-	Names         []string      `json:"name"`
+	Names         []string      `json:"names"`
 	LabelSelector LabelSelector `json:"labelSelector,omitempty"`
 }
 
@@ -40,6 +40,7 @@ type IAMRoleSelectorStatus struct{}
 // IAMRoleSelector is the schema for the IAMRoleSelector API.
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster
 type IAMRoleSelector struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

apis/core/v1alpha1/resource_metadata.go

@@ -32,4 +32,11 @@ type ResourceMetadata struct {
 	OwnerAccountID *AWSAccountID `json:"ownerAccountID"`
 	// Region is the AWS region in which the resource exists or will exist.
 	Region *AWSRegion `json:"region"`
+
+	IAMRoleSelector *SelectedIAMRole `json:"iamRoleSelector"`
+}
+
+type SelectedIAMRole struct {
+	SelectorName    string `json:"selectorName"`
+	ResourceVersion string `json:"resourceVersion"`
 }

apis/core/v1alpha1/zz_generated.deepcopy.go

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.2
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: iamroleselectors.services.k8s.aws
 spec:
   group: services.k8s.aws
@@ -12,7 +12,7 @@ spec:
     listKind: IAMRoleSelectorList
     plural: iamroleselectors
     singular: iamroleselector
-  scope: Namespaced
+  scope: Cluster
   versions:
   - name: v1alpha1
     schema:
@@ -53,12 +53,12 @@ spec:
                     required:
                     - matchLabels
                     type: object
-                  name:
+                  names:
                     items:
                       type: string
                     type: array
                 required:
-                - name
+                - names
                 type: object
               resourceTypeSelector:
                 items:

config/crd/bases/services.k8s.aws_iamroleselectors.yaml

@@ -14,7 +14,6 @@
 package iamroleselector
 
 import (
-	"context"
 	"fmt"
 	"sync"
 
@@ -204,7 +203,7 @@ func (c *Cache) ListSelectors() []*ackv1alpha1.IAMRoleSelector {
 
 // Matches returns a list of IAMRoleSelectors that match the given resource. This function
 // should only be called after the cache has been started and synced.
-func (c *Cache) Matches(ctx context.Context, resource runtime.Object) ([]*ackv1alpha1.IAMRoleSelector, error) {
+func (c *Cache) Matches(resource runtime.Object) ([]*ackv1alpha1.IAMRoleSelector, error) {
 	// Extract metadata from the resource
 	metaObj, err := meta.Accessor(resource)
 	if err != nil {

pkg/runtime/iamroleselector/cache.go

@@ -216,6 +216,7 @@ func (r *resourceReconciler) Reconcile(ctx context.Context, req ctrlrt.Request)
 		}
 		return ctrlrt.Result{}, err
 	}
+	latest := desired.DeepCopy()
 
 	rlog := ackrtlog.NewResourceLogger(
 		r.log, desired,
@@ -272,7 +273,6 @@ func (r *resourceReconciler) Reconcile(ctx context.Context, req ctrlrt.Request)
 		// are any matching IAMRoleSelectors for this resource. If there are, we
 		// override the roleARN from CARM (if any) with the one from the selector.
 		selectors, err := r.irsCache.Matches(
-			ctx,
 			desired.RuntimeObject(),
 		)
 		if err != nil {
@@ -349,7 +349,7 @@ func (r *resourceReconciler) Reconcile(ctx context.Context, req ctrlrt.Request)
 	if err != nil {
 		return ctrlrt.Result{}, err
 	}
-	latest, err := r.reconcile(ctx, rm, desired)
+	latest, err = r.reconcile(ctx, rm, desired)
 	return r.HandleReconcileError(ctx, desired, latest, err)
 }
 
@@ -374,7 +374,7 @@ func (r *resourceReconciler) regionDrifted(desired acktypes.AWSResource) bool {
 
 	// look for default region in namespace metadata annotations
 	ns := desired.MetaObject().GetNamespace()
-	nsRegion, ok := r.cache.Namespaces.GetDefaultRegion(ns)
+	nsRegion, ok := r.carmCache.Namespaces.GetDefaultRegion(ns)
 	if ok {
 		return ackv1alpha1.AWSRegion(nsRegion) != *currentRegion
 	}
@@ -1225,6 +1225,7 @@ func (r *resourceReconciler) getAWSResource(
 	if err := r.apiReader.Get(ctx, req.NamespacedName, ro); err != nil {
 		return nil, err
 	}
+	ro.GetObjectKind().SetGroupVersionKind(r.rd.GroupVersionKind())
 	return r.rd.ResourceFromRuntimeObject(ro), nil
 }
 

pkg/runtime/reconciler.go

@@ -331,7 +331,7 @@ func TestReconcilerReadOnlyResource(t *testing.T) {
 	rm.On("IsSynced", ctx, latest).Return(true, nil)
 	rmf, rd := managedResourceManagerFactoryMocks(desired, latest)
 	rd.On("Delta", desired, latest).Return(ackcompare.NewDelta())
-	
+
 	r, kc, scmd := reconcilerMocks(rmf)
 	rm.On("EnsureTags", ctx, desired, scmd).Return(nil)
 	statusWriter := &ctrlrtclientmock.SubResourceWriter{}
@@ -1914,12 +1914,12 @@ func TestReconcile_AccountDrifted(t *testing.T) {
 	// Create reconciler with namespace cache
 	r := &resourceReconciler{
 		reconciler: reconciler{
-			kc:      kc,
-			sc:      sc,
-			log:     fakeLogger,
-			cfg:     ackcfg.Config{AccountID: "333333333333"},
-			cache:   caches,
-			metrics: ackmetrics.NewMetrics("test"),
+			kc:        kc,
+			sc:        sc,
+			log:       fakeLogger,
+			cfg:       ackcfg.Config{AccountID: "333333333333"},
+			carmCache: caches,
+			metrics:   ackmetrics.NewMetrics("test"),
 		},
 		rmf: rmf,
 		rd:  rd,