diff --git a/examples/abstractions/composition.yaml b/examples/abstractions/composition.yaml index 0ec38b4..350b2f7 100644 --- a/examples/abstractions/composition.yaml +++ b/examples/abstractions/composition.yaml @@ -93,7 +93,6 @@ spec: - type: string string: fmt: "policy-%s" - # Consul ACL Token Resource - name: consul_acl_token base: diff --git a/examples/abstractionsv2/consulAgentACL/.gitignore b/examples/abstractionsv2/consulAgentACL/.gitignore new file mode 100644 index 0000000..10face5 --- /dev/null +++ b/examples/abstractionsv2/consulAgentACL/.gitignore @@ -0,0 +1 @@ +composition.yaml \ No newline at end of file diff --git a/examples/abstractionsv2/consulAgentACL/composition.yaml b/examples/abstractionsv2/consulAgentACL/composition.yaml new file mode 100644 index 0000000..464300c --- /dev/null +++ b/examples/abstractionsv2/consulAgentACL/composition.yaml @@ -0,0 +1,182 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: consulagentacl.composite.daanvinken +spec: + compositeTypeRef: + apiVersion: daanvinken.io/v1alpha1 + kind: ConsulAgentACL + resources: + # Consul ACL Policy + - name: consul_acl_policy + base: + apiVersion: acl.daanvinken.io/v1alpha1 + kind: Policy + metadata: + generateName: "policy-" + spec: + forProvider: + name: "" + rules: "" + patches: + - fromFieldPath: "spec.parameters.escaped_certname" + toFieldPath: "spec.forProvider.name" + transforms: + - type: string + string: + fmt: "acl_agent_%[1]s" + - fromFieldPath: "spec.parameters.realhostname" + toFieldPath: "spec.forProvider.rules" + transforms: + - type: string + string: + fmt: | + node "%[1]s" { + policy = "write" + } + agent "%[1]s" { + policy = "write" + } + service "node-exporter" { + policy = "write" + } + service_prefix "%[1]s" { + policy = "write" + } + node_prefix "" { + policy = "read" + } + session_prefix "" { + policy = "write" + } + operator = "read" + + # Consul ACL Role + - name: consul_acl_role + base: + apiVersion: acl.daanvinken.io/v1alpha1 + kind: Role + metadata: + generateName: "role-" + spec: + forProvider: + description: "Consul agent role" + policies: + - "" + patches: + - fromFieldPath: "spec.parameters.escaped_certname" + toFieldPath: "spec.forProvider.name" + transforms: + - type: string + string: + fmt: "role_agent_%[1]s" + - fromFieldPath: "spec.parameters.escaped_certname" + toFieldPath: "spec.forProvider.policies[0]" + transforms: + - type: string + string: + fmt: "acl_agent_%[1]s" + + # Consul ACL Token + - name: consul_acl_token + base: + apiVersion: acl.daanvinken.io/v1alpha1 + kind: Token + patches: + metadata: + generateName: "token-" + spec: + forProvider: + description: "Consul agent token" + roles: + - "" + patches: + - type: ToCompositeFieldPath + fromFieldPath: "status.atProvider.accessorId" + toFieldPath: "spec.parameters.auth_accessor" + - fromFieldPath: "spec.parameters.escaped_certname" + toFieldPath: "spec.forProvider.roles[0]" + transforms: + - type: string + string: + fmt: "role_agent_%[1]s" + + # Vault Cert Auth Backend Role + - name: vault_cert_auth_backend_role + base: + apiVersion: cert.vault.upbound.io/v1alpha1 + kind: AuthBackendRole + metadata: + generateName: "cert-auth-role-" + spec: + forProvider: + name: "" + backend: "puppet" + certificate: | + -----BEGIN CERTIFICATE----- + allowed_common_names: + - "" + token_ttl: 86400 + token_max_ttl: 86400 + token_policies: [] + patches: + - fromFieldPath: "spec.parameters.escaped_certname" + toFieldPath: "spec.forProvider.name" + - fromFieldPath: "spec.parameters.certname" + toFieldPath: "spec.forProvider.allowed_common_names[0]" + - fromFieldPath: "metadata.name" + toFieldPath: "spec.forProvider.token_policies[0]" + transforms: + - type: string + string: + fmt: "policy_vault_agent_metadata_templated" + - fromFieldPath: "spec.parameters.role" + toFieldPath: "spec.forProvider.token_policies[1]" + transforms: + - type: string + string: + fmt: "policy_vault_agent_allow_child" + + # Vault Identity Entity + - name: vault_identity_entity + base: + apiVersion: identity.vault.upbound.io/v1alpha1 + kind: Entity + metadata: + generateName: "identity-entity-" + spec: + forProvider: + name: "" + metadata: {} + patches: + - fromFieldPath: "spec.parameters.escaped_certname" + toFieldPath: "spec.forProvider.name" + - fromFieldPath: "spec.parameters.clustername" + toFieldPath: "spec.forProvider.metadata.clustername" + - fromFieldPath: "spec.parameters.role" + toFieldPath: "spec.forProvider.metadata.role" + - fromFieldPath: "spec.parameters.datacenter" + toFieldPath: "spec.forProvider.metadata.dc" + - fromFieldPath: "spec.parameters.certname" + toFieldPath: "spec.forProvider.metadata.certname" + + # Vault Identity Entity Alias + - name: vault_identity_entity_alias + base: + apiVersion: identity.vault.upbound.io/v1alpha1 + kind: EntityAlias + metadata: + generateName: "entity-alias-" + spec: + forProvider: + name: "" # Set by patch + mountAccessor: "auth_cert_c2609068" # Set by patch + canonicalId: "" # Set by patch + patches: + - fromFieldPath: "spec.parameters.certname" + toFieldPath: "spec.forProvider.name" + - fromFieldPath: "vault_identity_entity.status.atProvider.id" + toFieldPath: "spec.forProvider.canonicalId" +# - type: "FromCompositeFieldPath" +# fromFieldPath: "spec.parameters.auth_accessor" +# toFieldPath: "spec.forProvider.mountAccessor" diff --git a/examples/abstractionsv2/consulAgentACL/consulagentacl.yaml b/examples/abstractionsv2/consulAgentACL/consulagentacl.yaml new file mode 100644 index 0000000..48b3335 --- /dev/null +++ b/examples/abstractionsv2/consulAgentACL/consulagentacl.yaml @@ -0,0 +1,13 @@ +apiVersion: daanvinken.io/v1alpha1 +kind: ConsulAgentACL +metadata: + name: daanvi-test +spec: + parameters: + realhostname: "daanvi.example.com" + escaped_certname: "daanvi-example-com" + puppet_ca: "/path/to/puppet/ca.pem" + certname: "daanvi.example.com" + role: "example-role" + auth_accessor: "auth-accessor-id" + datacenter: "AMS2" diff --git a/examples/abstractionsv2/consulAgentACL/consulagentacl2.yaml b/examples/abstractionsv2/consulAgentACL/consulagentacl2.yaml new file mode 100644 index 0000000..c4a5768 --- /dev/null +++ b/examples/abstractionsv2/consulAgentACL/consulagentacl2.yaml @@ -0,0 +1,12 @@ +apiVersion: daanvinken.io/v1alpha1 +kind: ConsulAgentACL +metadata: + name: vidaan-test +spec: + parameters: + realhostname: "vidaan.example.com" + escaped_certname: "vidaan-example-com" + puppet_ca: "/path/to/puppet/ca.pem" + certname: "vidaan.example.com" + role: "example-role-2" + datacenter: "AMS2" diff --git a/examples/abstractionsv2/consulAgentACL/xrd.yaml b/examples/abstractionsv2/consulAgentACL/xrd.yaml new file mode 100644 index 0000000..ed98728 --- /dev/null +++ b/examples/abstractionsv2/consulAgentACL/xrd.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: consulagentacls.daanvinken.io +spec: + group: daanvinken.io + names: + kind: ConsulAgentACL + plural: consulagentacls + claimNames: + kind: ConsulAgentACL + plural: consulagentacls + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + parameters: + type: object + properties: + realhostname: + type: string + description: "The real hostname of the agent node." + escaped_certname: + type: string + description: "The escaped certificate name for the agent." + puppet_ca: + type: string + description: "Path to the Puppet CA certificate for the Vault Cert Auth Backend Role." + certname: + type: string + description: "Common name for allowed certificates in Vault Cert Auth Backend Role." + role: + type: string + description: "The role assigned to the agent." + auth_accessor: + type: string + description: "The accessor ID for the Vault Identity Entity Alias." + datacenter: + type: string + description: "The datacenter where the agent is located." + status: + type: object + properties: + accessorID: + type: string + description: "The accessor ID from Consul ACL Token." + + additionalPrinterColumns: + - name: Hostname + type: string + description: "The real hostname of the agent node." + jsonPath: ".spec.parameters.realhostname" + - name: Role + type: string + description: "The role assigned to the agent." + jsonPath: ".spec.parameters.role" + - name: Datacenter + type: string + description: "The datacenter where the agent is located." + jsonPath: ".spec.parameters.datacenter" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/examples/abstractionsv2/serviceACL/example.yaml b/examples/abstractionsv2/serviceACL/example.yaml index fd95eab..05a2e81 100644 --- a/examples/abstractionsv2/serviceACL/example.yaml +++ b/examples/abstractionsv2/serviceACL/example.yaml @@ -1,7 +1,7 @@ apiVersion: daanvinken.io/v1alpha1 kind: ConsulServiceACL metadata: - name: system-logsearch + name: system-logging spec: parameters: consul_backend_path: "consul" diff --git a/examples/openstack/abstractions/adyencompute.yaml b/examples/openstack/abstractions/adyencompute.yaml index 7443b53..c837d38 100644 --- a/examples/openstack/abstractions/adyencompute.yaml +++ b/examples/openstack/abstractions/adyencompute.yaml @@ -1,10 +1,10 @@ apiVersion: daanvinken.io/v1alpha1 kind: AdyenCompute metadata: - name: adyencompute-example-mvp + name: adyencompute-example-daan spec: parameters: - computeInstanceName: "crossplane-instance-mvp" + computeInstanceName: "crossplane-instance-daan" imageName: "cirros" flavorName: "1C-500M-1G-STG1-CIRROS" network: @@ -12,8 +12,9 @@ spec: securityGroups: - default consulServices: - - serviceName: service3 + - serviceName: acr-staging main_keys: true - - serviceName: service4 + - serviceName: artifacts-something main_keys: false + consultAgent: true providerConfigName: "openstack-ams2-nonprod" diff --git a/examples/vault/authbackend.yaml b/examples/vault/authbackend.yaml new file mode 100644 index 0000000..65f96d6 --- /dev/null +++ b/examples/vault/authbackend.yaml @@ -0,0 +1,10 @@ +apiVersion: auth.vault.upbound.io/v1alpha1 +kind: Backend +metadata: + annotations: + meta.upbound.io/example-id: auth/v1alpha1/backend + name: puppet-cert +spec: + forProvider: + path: puppet + type: cert \ No newline at end of file diff --git a/examples/vault/authbackendrole.yaml b/examples/vault/authbackendrole.yaml new file mode 100644 index 0000000..e8f30b1 --- /dev/null +++ b/examples/vault/authbackendrole.yaml @@ -0,0 +1,16 @@ +apiVersion: cert.vault.upbound.io/v1alpha1 +kind: AuthBackendRole +metadata: + name: "cert-auth-role" +spec: + forProvider: + name: "puppet-test-cert-role" # Name of the role in Vault + backend: "puppet" # Specifies the cert auth backend path + certificate: | + + allowedCommonNames: + - "puppet-client" + tokenTtl: 86400 + tokenMaxTtl: 86400 + tokenPolicies: + - "puppet-policy" \ No newline at end of file