Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Cloudfront Origin Access Identity #929

Merged
merged 10 commits into from
Dec 14, 2021

Conversation

stevendborrelli
Copy link
Contributor

@stevendborrelli stevendborrelli commented Nov 11, 2021

Description of your changes

Work in progress. Implement Cloudfront Origin Access Identity via ACK generator.

Fixes #919

I have:

  • Read and followed Crossplane's [contribution process].
  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

  • Created an OriginAccessIdentity and successfully used it with a Cloudfront Distribution.
  • Updated Comment
  • Deleted Managed resource

@stevendborrelli stevendborrelli force-pushed the cloudfront-oai branch 2 times, most recently from 31c3880 to eef6cfc Compare November 25, 2021 01:14
@stevendborrelli stevendborrelli changed the title WIP: Implement Cloudfront Origin Access Identity Implement Cloudfront Origin Access Identity Nov 29, 2021
@negz negz self-assigned this Nov 29, 2021
@stevendborrelli stevendborrelli force-pushed the cloudfront-oai branch 2 times, most recently from 7191057 to 8102f5d Compare December 13, 2021 20:09
@stevendborrelli
Copy link
Contributor Author

I've updated the PR to rebase on the ACK updates. Some of the acm/acmpa failed check-diff as they needed to update their Copyright year to 2021.

@haarchri
Copy link
Member

@stevendborrelli this is fixed in master now - can you do a rebase again ? sorry for this =)

Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>
@stevendborrelli
Copy link
Contributor Author

@haarchri I've rebased again.

Signed-off-by: Steven Borrelli <[email protected]>
Copy link
Member

@haarchri haarchri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@haarchri haarchri merged commit f538f93 into crossplane-contrib:master Dec 14, 2021
@stevendborrelli stevendborrelli deleted the cloudfront-oai branch January 24, 2022 13:54
zjj2wry added a commit to tidbcloud/provider-aws that referenced this pull request May 17, 2022
* fix(eks-kubeconfig): eks-presignGetCallerIdentity

Signed-off-by: haarchri <[email protected]>

* Add haarchri as a maintainer

See crossplane/org#20

Signed-off-by: Nic Cope <[email protected]>

* Add support for associating an IdentityProviderConfig to an EKS cluster

Signed-off-by: Mathias Åhsberg <[email protected]>

* update signing region based on partition
Signed-off-by: smcavallo <[email protected]>

* fix(injected-identity): fix multioregion with injected identity since 0.20.0

Signed-off-by: haarchri <[email protected]>

* feat(secretsmanager): Add support for resource policies

Signed-off-by: Maximilian Blatt <[email protected]>
(external expert on behalf of DB Netz AG)

* Add EKS Addon resource (crossplane-contrib#872)

* Add EKS Addon resource
Signed-off-by: Maximilian Blatt <[email protected]>
(externel expert on behalf of DB Netz AG)

* Add custom origin example for distribution

Signed-off-by: gstramandinoli <[email protected]>

* map originSSLProtocols

Signed-off-by: Steven Borrelli <[email protected]>

* Implement Amazon MQ service (crossplane-contrib#734)

* feat(aws): add support for amazon mq
Signed-off-by: Praveen Ghuge <[email protected]>
Co-authored-by: haarchri <[email protected]>

* Tweak DynamoDb table update logic

crossplane-contrib#839

The above PR recently fixed this controller such that it was possible to
configure PAY_PER_REQUEST and SSE, but part of doing this involved potentially
making a no-op update and ignoring the resulting error. This commit avoids the
no-op update by (hopefully) improving the logic that determines which update(s)
are needed.

Signed-off-by: Nic Cope <[email protected]>

* Use camelCase connection detail keys for DynamoDB tables

There's no documented standard here, but the convention is camelCase.

Signed-off-by: Nic Cope <[email protected]>

* Added tags for iam policy

Signed-off-by: Raghav Grover <[email protected]>

* readme: add release policy

Signed-off-by: Muvaffak Onus <[email protected]>

* Implement GlobalSecondaryIndexes

Signed-off-by: sergenyalcin <[email protected]>
(cherry picked from commit 4cad963)

* dynamodb.table: add support for updating globalsecondaryindexes

Signed-off-by: Muvaffak Onus <[email protected]>

* dynamodb.table: add unit tests for global secondary index diff

Signed-off-by: Muvaffak Onus <[email protected]>

* fix s3 notificationConfiguration
Signed-off-by: smcavallo <[email protected]>

* fix s3 paymentConfiguration preventing bucket from being ready
Signed-off-by: smcavallo <[email protected]>

* observe iampolicy which already exists
Signed-off-by: smcavallo <[email protected]>

* upgrade to aws-sdk-go-v2 - 2021-11-06
Signed-off-by: smcavallo <[email protected]>

* feat(cw): added loggroup

Signed-off-by: haarchri <[email protected]>

* use getCallerIdentity to determine policy arn
Signed-off-by: smcavallo <[email protected]>

* consider policy with path
Signed-off-by: smcavallo <[email protected]>

* add path to examples
Signed-off-by: smcavallo <[email protected]>

* policy ext-name should return better exception
Signed-off-by: smcavallo <[email protected]>

* kms.alias: make it manually-written because removing parameters cause empty spec which makes the for loops in conversion functions throw compile errors since there is nothing to process and variables end up unused

Signed-off-by: Muvaffak Onus <[email protected]>

* kms.key: assume the key is removed once it is in pendingdeletion state otherwise it will not go away for days.

Signed-off-by: Muvaffak Onus <[email protected]>

* kms.alias: filter the alias list with alias name

Signed-off-by: Muvaffak Onus <[email protected]>

* github: add release issue

Signed-off-by: Muvaffak Onus <[email protected]>

* Manually late-init CloudFront Distributions

CloudFront Distributions and CachePolicies were built to use a generic reflect
based late initialization library that can match two similar structs. While this
approach is probably good for simpler APIs and is much more scalable than hand
writing code as I've done here, we found that it was tricky to debug and
customise the late-init logic and the IsUpToDate functions that use it.

Notably, the Distribution API seems to:

* Always return CloudFrontDefaultCertificate: nil, which causes false positives
  in IsUpToDate.
* Not return slices in the order they were supplied, making it impossible to
  late init slices of structs based on index alone.
* Require some slices of structs (e.g. Origins) to be late initialized.

I believe the reflect based late-init library attempts to late init slices under
the assumption that the actual and desired elements will be in the same order.
It also appears to append actual elements to the desired slice when the actual
slice is longer than the desired slice, which would prevent us from removing
elements from the desired slice (since they'd be late-init-ed right back in
during Observe, resetting the desired state).

This manual implementation follows our typical pattern of only late-initing nil
slices which avoids the above problem. However in some cases we _must_ late init
elements of slices (e.g. late init the Origin structs) in order to be able to
perform an update. The Distribution API requires a create, read, then update
flow where many of the fields that are optional at create time are defaulted
and subsequently required at update time. In order to handle this we special
case Origins, matching them on their (unique) ID fields. We may need to do this
for other slices of structs such as OriginGroups.

At a glance the CachePolicy API appears simpler and thus hopefully doesn't
suffer from many of these issues, but it probably warrants a closer look in
future to be sure.

Signed-off-by: Nic Cope <[email protected]>

* Move reflect based late init implementation to CachePolicy

This is now the only controller that consumes it.

Signed-off-by: Nic Cope <[email protected]>

* iam.rolepolicyattachment: clean up old code that relies on functionality that already exists in runtime

Signed-off-by: Muvaffak Onus <[email protected]>

* iam: clean up old code that duplicates functionality from runtime

Signed-off-by: Muvaffak Onus <[email protected]>

* Review comments

Signed-off-by: Raghav Grover <[email protected]>

* Fix some Distribution late-init logic, test some of the nil checks

We had a few places where we tested whether a parent struct was nil, but then
tried to set fields of that parent struct outside the if-not-nil clause. I've
added partial tests for these cases too.

Signed-off-by: Nic Cope <[email protected]>

* Remove gomega from S3 tests

We're attempting to remove all usage of gomega, in favor of using just cmp.

https://github.com/golang/go/wiki/TestComments#assert-libraries

Signed-off-by: Nic Cope <[email protected]>

* :s/s3Testing/s3testing/g in package imports

We typically aim for import aliases that would also be valid package names.

Signed-off-by: Nic Cope <[email protected]>

* s3 replicationConfiguration with delete marker enabled and fixes
Signed-off-by: smcavallo <[email protected]>

* feat(route53resolver): added postObserve status

Signed-off-by: haarchri <[email protected]>

* ec2.securitygroup: add security group resolver (crossplane-contrib#592)

Signed-off-by: Carl Henrik Lunde <[email protected]>

* ec2.securitygroup: fix add, implement revoke/update ingress and egress rules

When adding a rule, we should not send the complete rule set, only the
new rule.

When updating a rule, we must first delete it. And with that done, we
also support deleting rules.

Fixes crossplane-contrib#503
Fixes crossplane-contrib#300

Signed-off-by: Carl Henrik Lunde <[email protected]>

* ec2.securitygroup: remove late init of rules

Rules are keyless arrays. The code to late-init them often corrupted
data by copying data between rules.

Signed-off-by: Carl Henrik Lunde <[email protected]>

* ec2.securitygroup: GroupID/GroupName is a valid key

Signed-off-by: Carl Henrik Lunde <[email protected]>

* ec2.securitygroup: Ignore slice order in tests

Signed-off-by: Carl Henrik Lunde <[email protected]>

* Adding back the auto generated iampolicy crd

Signed-off-by: Raghav Grover <[email protected]>

* Allow explicitly specifying DynamoDB table billingMode: PROVISIONED

Previously specifying billingMode: PROVISIONED would result in a constant
update loop, because the DynamoDB DescribeTable API omits the billing mode
from its response when it's set to PROVISIONED.

Signed-off-by: Nic Cope <[email protected]>

* Allow explicitly specifying DynamoDB Table streamEnabled: false

This is another case where DescribeTableOutput has an 'implied' default
value of false. That value differing from our explicit value of false was
causing Crossplane to think it needed to make an update when it did not.

Signed-off-by: Nic Cope <[email protected]>

* identity.iampolicy: Disable gocyclo after two merges broke CI

CI tests for two individual PRs were OK, but after the merge, CI fails
due to the combined cyclomatic complexity of the function.

Since every PR from master at this point will fail until it is fixed, I
think the lowest risk now is to disable this lint check.

Signed-off-by: Carl Henrik Lunde <[email protected]>

* rdsinstance: Use ResourceLateInitialized from crossplane-runtime

When creating a new database, late init would trigger a kubernetes
update in the Observe method, which in turn would trigger an error in
crossplane-runtime:

	2021-09-12T15:29:23.921+0200	ERROR	controller-runtime.manager.controller.managed/rdsinstance.database.aws.crossplane.io	Reconciler error	{"reconciler group": "database.aws.crossplane.io", "reconciler kind": "RDSInstance", "name": "example-rds", "namespace": "", "error": "cannot update managed resource status: Operation cannot be fulfilled on rdsinstances.database.aws.crossplane.io \"example-rds\": the object has been modified; please apply your changes to the latest version and try again", "errorVerbose": "Operation cannot be fulfilled on rdsinstances.database.aws.crossplane.io \"example-rds\": the object has been modified; please apply your changes to the latest version and try again\ncannot update managed resource status\n...."}

Prevent this error by instead setting ResourceLateInitialized for
crossplane, which will make crossplane-runtime do the update call instead,
and avoid the error message.

Signed-off-by: Carl Henrik Lunde <[email protected]>

* fix(nat): tags and tagspecification

Signed-off-by: haarchri <[email protected]>

* feat(bottlerocket): added informations for eks-bottlerocket-nodegroup

Signed-off-by: haarchri <[email protected]>

* add basic install command

Signed-off-by: Nic Grayson <[email protected]>

* Add make target to identify the go build cache directory

The build submodule currently overrides XDG_CACHE_HOME in
order to force the Helm 3 to use the .work/helm directory. This causes Go on
Linux machines to use that directory as the build cache as well. We should
adjust this behavior in the build submodule because it is also causing Linux
users to duplicate their build cache, but for now we just make it easier to
identify its location in CI so that we cache between builds.

Signed-off-by: hasheddan <[email protected]>

* Consume go.cachedir in CI workflow

Updates CI workflow to cache based on go.cachedir to work around the
fact that we override the GOCACHE in our make context due to the
inclusion of helm.mk.

Signed-off-by: hasheddan <[email protected]>

* feat(rds): crossplane-contrib#984 added ref and selector for *parameterGroup

Signed-off-by: haarchri <[email protected]>

* move storage of operationid into annotations

Signed-off-by: Steven Borrelli <[email protected]>

* Update apis/servicediscovery/v1alpha1/custom_types.go

group import statements

Co-authored-by: muvaffak onuş <[email protected]>
Signed-off-by: Steven Borrelli <[email protected]>

* fix(fmt): crossplane-contrib#988 fix gofmt-servicediscovery

Signed-off-by: haarchri <[email protected]>

* Fixing constantly update requests problem of replicationgroup

Signed-off-by: Sergen Yalçın <[email protected]>

* glue.crawler: ignore problematic field in and set its value in handwritten code

Signed-off-by: Muvaffak Onus <[email protected]>

* lambda.function: ignore problematic field in and set its value in handwritten code

Signed-off-by: Muvaffak Onus <[email protected]>

* ack regenerate

Signed-off-by: Muvaffak Onus <[email protected]>

* Bumping CODE_GENERATOR_COMMIT to capture fix for Issue 876

Signed-off-by: Aaron Eaton <[email protected]>

* code-generator: bump code-generator to the latest commit that has fixes to make it work with Crossplane again

Signed-off-by: Muvaffak Onus <[email protected]>
(cherry picked from commit 0d2ea7e)

* ec2.vpccidrblock: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* ecr.repository: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* ecr.repositorypolicy: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* eks.fargateprofile: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* examples: update for new v1beta1 CRDs

Signed-off-by: Muvaffak Onus <[email protected]>

* ec2.vpccidrblock: use angryjet reference resolver generator

Signed-off-by: Muvaffak Onus <[email protected]>

* Generating code with latest code-generator

Signed-off-by: Aaron Eaton <[email protected]>

* acm.certificate: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* acm.certificate: remove renew certificate action since it is imperative and hard to get right in declarative fashion and add tagger

Signed-off-by: Muvaffak Onus <[email protected]>

* acmcpa.certificateauthority: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* acm.certificate: change the schema in v1beta1 to conform to the shape of the corresponding type in SDK

Signed-off-by: Muvaffak Onus <[email protected]>

* acmpca.certificatepermission: upgrade to v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* fix(cleanup): rerun generator after crossplane-contrib#920 merge

Signed-off-by: haarchri <[email protected]>

* feat(rds): added rds-apply-immediately field

Signed-off-by: haarchri <[email protected]>

* feat(addedStsAssumeRole) added assumeRoleArn

Signed-off-by: haarchri <[email protected]>

* iam: rename identity group to iam but keep v1beta1 ones intact to give users time to migrate

Signed-off-by: Muvaffak Onus <[email protected]>

* iam: move all kinds in identity.v1alpha1 to iam.v1beta1

Signed-off-by: Muvaffak Onus <[email protected]>

* iam: update examples

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.accesskey: rename IAMAccessKey to AccessKey

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.role: rename IAMRole to Role

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.grouppolicyattachment: rename IAMGroupPolicyAttachment to GroupPolicyAttachment

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.groupusermembership: rename IAMGroupUserMembership to GroupUserMembership

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.userpolicyattachment: rename IAMUserPolicyAttachment to UserPolicyAttachment

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.user: rename IAMUser to User

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.group: rename IAMGroup to Group

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.policy: rename IAMPolicy to Policy

Signed-off-by: Muvaffak Onus <[email protected]>

* iam.rolepolicyattachment: rename IAMRolePolicyAttachment to RolePolicyAttachment

Signed-off-by: Muvaffak Onus <[email protected]>

* identity.iamrole and identity.iamrolepolicyattachment: remove CRDs and their controllers similar to v1alpha1 ones to reduce the risk of something going wrong during migration

Signed-off-by: Muvaffak Onus <[email protected]>

* upgrade: add upgrade guide for IAM resources

Signed-off-by: Muvaffak Onus <[email protected]>

* upgrade guide: add composition instructions

Signed-off-by: Muvaffak Onus <[email protected]>

* Implement Cloudfront Origin Access Identity (crossplane-contrib#929)

* Implement Cloudfront Origin Access Identity (crossplane-contrib#929)
Signed-off-by: Steven Borrelli <[email protected]>

* feat(volume): ec2 volume

Signed-off-by: haarchri <[email protected]>

* feat(tgw): added ec2 transitgateway & transitgateway vpc attachment

Signed-off-by: haarchri <[email protected]>

* update doc links

Signed-off-by: Steven Borrelli <[email protected]>

* Add IOT/Thing Managed Resource

Signed-off-by: sergenyalcin <[email protected]>

* added external crossplane tags by default on iam.Role

Signed-off-by: Cecilia Bernardi <[email protected]>

* Add instructions to use kube2iam authentication

This PR aims to clarify the configuration needed to use kube2iam to authenticate to AWS in a non-EKS cluster
(cf. Slack discussion [here](https://crossplane.slack.com/archives/CEG3T90A1/p1639651106294400?thread_ts=1639591534.284400&cid=CEG3T90A1)

Signed-off-by: yogeek <[email protected]>

* feat(glue): followup cleanup cr.name to external.name

Signed-off-by: haarchri <[email protected]>

* feat(resolvers) added more s3 resolvers and changed to generated.resolvers

Signed-off-by: haarchri <[email protected]>

* add iamrole shortname
Signed-off-by: smcavallo <[email protected]>

* add ec2 route api & controller

Signed-off-by: Dkaykay <[email protected]>

* fix sync and ready states not being shown by kubectl

Signed-off-by: Dkaykay <[email protected]>

* reset ec2 route crd

Signed-off-by: Dkaykay <[email protected]>

* feat(ec2-route): rebase master & added create,observe,delete & resolvers

Signed-off-by: haarchri <[email protected]>

* feat(athena-workgroup): added athena workgroup object

Signed-off-by: haarchri <[email protected]>

* fix(docs): fix docs to current aws-go-sdk 1.37.10 for code-gen

Signed-off-by: haarchri <[email protected]>

* feat(ram): added ram

Signed-off-by: haarchri <[email protected]>

* fix(tagger): tagger fixed for tgw/tgwvpcattachment

Signed-off-by: haarchri <[email protected]>

* Remove inaccurate deprecation warning from v1beta1 type

Removes the deprecation warning from certificate authority permission
v1beta1 as it should only exist on v1alpha1.

Signed-off-by: hasheddan <[email protected]>

* Add Ipv6CIDRBlock support in VPC

Signed-off-by: vaspahomov <[email protected]>

* Add Ipv6Pool support in VPC

Signed-off-by: vaspahomov <[email protected]>

* feat(printcolumn) added ipv6CIDRBlock as printcolumn

Signed-off-by: haarchri <[email protected]>

* feat(kafka): added kafka configurations & kafka server refs,selectors

Signed-off-by: haarchri <[email protected]>

* feat: implement VPC Endpoint for AWS Provider

Signed-off-by: Darryl Sw <[email protected]>

* feat(ec2): rebased, set generated resolvers, cleanup

Signed-off-by: haarchri <[email protected]>

* Restoring build submodule

Signed-off-by: Aaron Eaton <[email protected]>

* Add elbv2 resources

Adds the Loadbalancer, Listener, and TargetGroup resources from the
elbv2 api.

Signed-off-by: EdgeJ <[email protected]>

* feat(elbv2): changed examples to fits after last cleanup

Signed-off-by: haarchri <[email protected]>

* Launch Template and Luanch Template Version resources added

Signed-off-by: Tanuj Dwivedi <[email protected]>

* feat(ec2-launchtemplate): set referencers, skip dryRun & clientToken, set correct examples

Signed-off-by: haarchri <[email protected]>

* feat(transitgatewayroutes): added transitgatewayroutes and transitgatewayroutetable

Signed-off-by: haarchri <[email protected]>

* feat(vpcendpointserviceconfiguration) added ec2 vpcendpointserviceconfiguration

Signed-off-by: haarchri <[email protected]>

* fix(e2e-test) changed pkg.crossplane.io to v1

Signed-off-by: haarchri <[email protected]>

* fix(init): crossplane-contrib#1049 fix problem that kms-key external-name

Signed-off-by: haarchri <[email protected]>

* fix(name): fix &cr.name

Signed-off-by: haarchri <[email protected]>

* fix(glue) fix securityconfig &cr.name

Signed-off-by: haarchri <[email protected]>

* feat(stream): added kinesis stream

Signed-off-by: haarchri <[email protected]>

* Remove unuse controller

* Support vpcpeering

* Rewrite peering logic

* Rewrite peering logic

* add docker file

* fix-lint

* fix lint

* fix lint

* avoid legacy ec2 dependencies

Signed-off-by: Aylei <[email protected]>

* fix aws peering post-processing

Signed-off-by: Aylei <[email protected]>

* fix ut

Signed-off-by: Aylei <[email protected]>

* fix vpc peering deletion

Signed-off-by: Aylei <[email protected]>

* fix peering check

Signed-off-by: Aylei <[email protected]>

* format

Signed-off-by: Aylei <[email protected]>

* add building image to ci (#18)

* debug gha

* delete debug code

* Fix AWS VPC Peering Pending to Delete Issue (#20)

Co-authored-by: Yan Ou <[email protected]>

* bump alpine (base image) for security (#22)

* disable CGO_ENABLED (#23)

* Update ci.yml

* DM-2654 Clean RouteTables  (#21)

* check routes

* fix errors

* check routes by peeringID

* change func name from checkRoutes to countRoutes

* do delete() again if vpcconnections are 0 by Observer()

Co-authored-by: Yan Ou <[email protected]>

* Fix delete unready vpc peering will panic (#24)

* Reconcile EKS clusters and node groups. (#26)

The commit is slightly modified from commit d912a8b.
Changes:
- AWS controller now reconciles EKS clusters and node groups.
- AWS controller now recognizes assume-role and external-id from provider configs.

* Fix vpc connetion can not got ready (#25)

* Fix vpc connetion can not got ready

* remove debug log

* deprecated aws error

* fix ut

* address comments

* remove debug log

* fix bug

* rollback code

* fix ci (#27)

* fix ci

* Update .github/workflows/ci.yml

* Update max reconciles worker to 1 (#28)

* fix s3 paymentConfiguration preventing bucket from being ready (#29)

Signed-off-by: smcavallo <[email protected]>

Co-authored-by: smcavallo <[email protected]>

* Reduce unnecessary AWS API requests (#30)

* Reduce unnecessary AWS API requests

* add unittest

* Fix can not delete pending accept vpc peering (#33)

* Improve the duration of backoff and requeue internal (#35)

* Support internal vpc peering connection (#32)

* fix s3 paymentConfiguration preventing bucket from being ready
Signed-off-by: smcavallo <[email protected]>

* Reduce unnecessary AWS API requests

* add unittest

* Support internal vpc peering connection

* Fix unittest failed

* Add unittest

* rebase

* add unittest when delete vpc peering

* Refactor code to support cross region

* remove unused client

* address comments

* fix unittest

Co-authored-by: smcavallo <[email protected]>

* add failed and rejected status to vpc peering filter (#36)

* add failed and rejected status to vpc peering filter

* add unittest

* Aviod call modify vpc peering option

* Update kernel security base image (#34)

* Update kernel security base image

* Update Dockerfile

* Update Dockerfile

* Make it buildable

* rebase

* register eksmanualv1alpha1 api

* rebase

* Add support for external ID when assume role

Signed-off-by: Hanlin Shi <[email protected]>

* fix(lables): eks-nodegroup

Signed-off-by: haarchri <[email protected]>

Co-authored-by: haarchri <[email protected]>
Co-authored-by: muvaffak onuş <[email protected]>
Co-authored-by: Nic Cope <[email protected]>
Co-authored-by: Mathias Åhsberg <[email protected]>
Co-authored-by: smcavallo <[email protected]>
Co-authored-by: Maximilian Blatt <[email protected]>
Co-authored-by: MisterMX <[email protected]>
Co-authored-by: gstramandinoli <[email protected]>
Co-authored-by: Steven Borrelli <[email protected]>
Co-authored-by: Praveen Ghuge <[email protected]>
Co-authored-by: Nic Cope <[email protected]>
Co-authored-by: Raghav Grover <[email protected]>
Co-authored-by: sergenyalcin <[email protected]>
Co-authored-by: Carl Henrik Lunde <[email protected]>
Co-authored-by: Nic Grayson <[email protected]>
Co-authored-by: hasheddan <[email protected]>
Co-authored-by: Daniel Mangum <[email protected]>
Co-authored-by: Steven Borrelli <[email protected]>
Co-authored-by: Alper Rifat Ulucinar <[email protected]>
Co-authored-by: Aaron Eaton <[email protected]>
Co-authored-by: Cecilia Bernardi <[email protected]>
Co-authored-by: Guillaume Dupin <[email protected]>
Co-authored-by: Dkaykay <[email protected]>
Co-authored-by: vaspahomov <[email protected]>
Co-authored-by: Darryl Sw <[email protected]>
Co-authored-by: EdgeJ <[email protected]>
Co-authored-by: Tanuj Dwivedi <[email protected]>
Co-authored-by: qiffang <[email protected]>
Co-authored-by: Aylei <[email protected]>
Co-authored-by: Hoshea Jiang <[email protected]>
Co-authored-by: Yan-Ou <[email protected]>
Co-authored-by: Yan Ou <[email protected]>
Co-authored-by: Xuecheng Zhang <[email protected]>
Co-authored-by: Jiajin Zheng <[email protected]>
Co-authored-by: rajeshwerrao madoori <[email protected]>
Co-authored-by: Jiajin Zheng <[email protected]>
Co-authored-by: Hanlin Shi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add support for Cloudfront Origin Access Identity
3 participants