playing with XRDs

config/acl_token/config.go

@@ -7,7 +7,7 @@ func Configure(p *config.Provider) {
 	p.AddResourceConfigurator("acl_token", func(r *config.Resource) {
 		r.ShortGroup = "acl_token"
 		r.References["policy"] = config.Reference{
-			Type: "github.com/daanvinken/provider-consul/apis/policy/v1alpha1/v1alpha1.policy",
+			TerraformName: "acl_policy",
 		}
 	})
 }

examples-generated/acl/v1alpha1/token.yaml

@@ -11,10 +11,8 @@ spec:
     description: my test token
     local: true
     policies:
-    - ${consul_acl_policy.agent.name}
-
+    - agent
 ---
-
 apiVersion: acl.daanvinken.io/v1alpha1
 kind: Policy
 metadata:
@@ -30,3 +28,20 @@ spec:
       node_prefix "" {
         policy = "read"
       }
+---
+apiVersion: acl.daanvinken.io/v1alpha1
+kind: Role
+metadata:
+  annotations:
+    meta.upbound.io/example-id: acl/v1alpha1/role
+  labels:
+    testing.upbound.io/example-name: read
+  name: read
+spec:
+  forProvider:
+    description: bar
+    name: foo
+    policies:
+      - ${consul_acl_policy.read-policy.id}
+    serviceIdentities:
+      - serviceName: foo

examples-generated/prepared/v1alpha1/query.yaml

@@ -1,5 +1,5 @@
 apiVersion: prepared.daanvinken.io/v1alpha1
-kind: PreparedQuery
+kind: Query
 metadata:
   annotations:
     meta.upbound.io/example-id: prepared/v1alpha1/query
@@ -8,14 +8,16 @@ metadata:
   name: myapp-query
 spec:
   forProvider:
-    datacenter: dc1
+    datacenter: us-central1
     dns:
     - ttl: 30s
     failover:
     - datacenters:
-      - dc1
+      - us-west1
+      - us-east-2
+      - asia-east1
       nearestN: 3
-    name: myapp
+    name: myquery
     near: _agent
     onlyPassing: true
     service: myapp

examples/abstractions/composition.yaml

@@ -0,0 +1,119 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: consulserviceacl.composite.daanvinken
+spec:
+  compositeTypeRef:
+    apiVersion: daanvinken.io/v1
+    kind: ConsulServiceACL
+  resources:
+    # Consul ACL Policy Resource
+    - name: consul_acl_policy
+      base:
+        apiVersion: acl.daanvinken.io/v1alpha1
+        kind: Policy
+        metadata:
+          labels:
+            crossplane.io/composite: "consulserviceacl" # Simplified label
+        spec:
+          forProvider:
+            datacenters:
+              - dc1
+            rules: "" # Patch later
+
+      patches:
+        - fromFieldPath: "metadata.name"  # Use composite name as part of policy name
+          toFieldPath: "spec.forProvider.name"
+          transforms:
+            - type: string
+              string:
+                fmt: "policy-%s"
+        # Inject composite name into the `rules` field dynamically
+        - fromFieldPath: "metadata.name"
+          toFieldPath: "spec.forProvider.rules"
+          transforms:
+            - type: string
+              string:
+                fmt: |
+                  agent_prefix "" {
+                      policy = "read"
+                  }
+
+                    service_prefix "" {
+                    policy = "read"
+                  }
+
+                    service_prefix "%[1]s" {
+                    policy = "write"
+                  }
+
+                    key_prefix "%[1]s" {
+                    policy = "write"
+                  }
+
+                    key_prefix "app/%[1]s" {
+                    policy = "write"
+                  }
+
+                    session_prefix "" {
+                    policy = "write"
+                  }
+
+                    session_prefix "session/%[1]s" {
+                    policy = "write"
+                  }
+
+                    key_prefix "preloader/%[1]s" {
+                    policy = "write"
+                  }
+
+    # Consul ACL Role Resource
+    - name: consul_acl_role
+      base:
+        apiVersion: acl.daanvinken.io/v1alpha1
+        kind: Role
+        spec:
+          forProvider:
+            name: "placeholder"
+            description: "ACL Role for service"
+            serviceIdentities:
+              - serviceName: "foo"
+      patches:
+        - fromFieldPath: "spec.parameters.service"
+          toFieldPath: "spec.forProvider.name"
+          transforms:
+            - type: string
+              string:
+                fmt: "role-%s"
+        # Reference the Policy dynamically based on the unique composite name
+        - type: FromCompositeFieldPath
+          fromFieldPath: "metadata.name"
+          toFieldPath: "spec.forProvider.policies[0]"
+          transforms:
+            - type: string
+              string:
+                fmt: "policy-%s"
+
+    # Consul ACL Token Resource
+    - name: consul_acl_token
+      base:
+        apiVersion: acl.daanvinken.io/v1alpha1
+        kind: Token
+        spec:
+          forProvider:
+            description: "Generated by Crossplane"
+      patches:
+        - fromFieldPath: "spec.parameters.service"
+          toFieldPath: "spec.forProvider.name"
+          transforms:
+            - type: string
+              string:
+                fmt: "role-%s"
+        # Reference the Policy dynamically based on the unique composite name
+        - type: FromCompositeFieldPath
+          fromFieldPath: "metadata.name"
+          toFieldPath: "spec.forProvider.policies[0]"
+          transforms:
+            - type: string
+              string:
+                fmt: "policy-%s"

examples/abstractions/consulserviceacl-2.yaml

@@ -0,0 +1,7 @@
+apiVersion: daanvinken.io/v1
+kind: ConsulServiceACL
+metadata:
+  name: alb-abcdfghi1234
+spec:
+  parameters:
+    main_keys: true

examples/abstractions/consulserviceacl.yaml

@@ -0,0 +1,7 @@
+apiVersion: daanvinken.io/v1
+kind: ConsulServiceACL
+metadata:
+  name: acr-main
+spec:
+  parameters:
+    main_keys: true

examples/abstractions/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - composition.yaml
+  - consulserviceacl.yaml
+  - consulserviceacl-2.yaml
+  - xrd.yaml

examples/abstractions/xrd.yaml

@@ -0,0 +1,29 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  name: consulserviceacls.daanvinken.io
+spec:
+  group: daanvinken.io
+  names:
+    kind: ConsulServiceACL
+    plural: consulserviceacls
+  claimNames:
+    kind: ConsulServiceACL
+    plural: consulserviceacls
+  versions:
+    - name: v1
+      served: true
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                parameters:
+                  type: object
+                  properties:
+                    main_keys:
+                      type: boolean
+                      description: "Flag to include main keys in the ACL policy"

examples/policy-reference.yaml

@@ -0,0 +1,45 @@
+apiVersion: acl.daanvinken.io/v1alpha1
+kind: Token
+metadata:
+  annotations:
+    meta.upbound.io/example-id: acl/v1alpha1/token
+  name: node-token
+spec:
+  forProvider:
+    description: my test token
+    local: true
+    policies:
+      - agent
+---
+apiVersion: acl.daanvinken.io/v1alpha1
+kind: Policy
+metadata:
+  annotations:
+    meta.upbound.io/example-id: acl/v1alpha1/token
+  labels:
+    testing.upbound.io/example-name: agent
+  name: agent
+spec:
+  forProvider:
+    name: agent
+    rules: |
+      node_prefix "" {
+        policy = "read"
+      }
+---
+apiVersion: acl.daanvinken.io/v1alpha1
+kind: Role
+metadata:
+  annotations:
+    meta.upbound.io/example-id: acl/v1alpha1/role
+  labels:
+    testing.upbound.io/example-name: read
+  name: read
+spec:
+  forProvider:
+    description: bar
+    name: foo
+    policies:
+      - agent
+    serviceIdentities:
+      - serviceName: foo

go.mod

@@ -6,7 +6,7 @@ require (
 	dario.cat/mergo v1.0.0
 	github.com/crossplane/crossplane-runtime v1.16.0
 	github.com/crossplane/crossplane-tools v0.0.0-20240522174801-1ad3d4c87f21
-	github.com/crossplane/upjet v1.4.0
+	github.com/crossplane/upjet v1.4.1
 	github.com/pkg/errors v0.9.1
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	k8s.io/apimachinery v0.29.1

go.sum

@@ -34,8 +34,8 @@ github.com/crossplane/crossplane-runtime v1.16.0 h1:lz+l0wEB3qowdTmN7t0PZkfuNSvf
 github.com/crossplane/crossplane-runtime v1.16.0/go.mod h1:Pz2tdGVMF6KDGzHZOkvKro0nKc8EzK0sb/nSA7pH4Dc=
 github.com/crossplane/crossplane-tools v0.0.0-20240522174801-1ad3d4c87f21 h1:8wb7/zCbVPkeX68WbVESWJmSWQE5SZKzz0g9X4FlXRw=
 github.com/crossplane/crossplane-tools v0.0.0-20240522174801-1ad3d4c87f21/go.mod h1:cN0Y7PFGQMM8mcagXVCbeQoKtipmFWQTPZYyziCPBUI=
-github.com/crossplane/upjet v1.4.0 h1:twKCU8omU7VAA7E5fpbQkqDHjVnoTb8EXqmB805Q37o=
-github.com/crossplane/upjet v1.4.0/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g=
+github.com/crossplane/upjet v1.4.1 h1:f2HawXz8OGte1jhe3Fa+IIOca+eCsNFE3Fc5rnkF24Y=
+github.com/crossplane/upjet v1.4.1/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g=
 github.com/dave/jennifer v1.7.0 h1:uRbSBH9UTS64yXbh4FrMHfgfY762RD+C7bUPKODpSJE=
 github.com/dave/jennifer v1.7.0/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

package/crds/prepared.daanvinken.io_queries.yaml

@@ -4,18 +4,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: preparedqueries.prepared.daanvinken.io
+  name: queries.prepared.daanvinken.io
 spec:
   group: prepared.daanvinken.io
   names:
     categories:
     - crossplane
     - managed
     - consul
-    kind: PreparedQuery
-    listKind: PreparedQueryList
-    plural: preparedqueries
-    singular: preparedquery
+    kind: Query
+    listKind: QueryList
+    plural: queries
+    singular: query
   scope: Cluster
   versions:
   - additionalPrinterColumns: