Remove inline_policy from Movetostatus and add example role with inli…

…ne_policy
crossplane-contrib · Jun 20, 2023 · b60c10e · b60c10e
1 parent 1cfb677
commit b60c10e
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 1 deletion.
diff --git a/apis/iam/v1beta1/zz_generated.deepcopy.go b/apis/iam/v1beta1/zz_generated.deepcopy.go
diff --git a/apis/iam/v1beta1/zz_role_types.go b/apis/iam/v1beta1/zz_role_types.go
diff --git a/config/iam/config.go b/config/iam/config.go
@@ -35,7 +35,7 @@ func Configure(p *config.Provider) {
 		// aws_iam_policy_attachment
 		// aws_iam_role_policy_attachment
 		// aws_iam_role_policy
-		config.MoveToStatus(r.TerraformResource, "inline_policy", "managed_policy_arns")
+		config.MoveToStatus(r.TerraformResource, "managed_policy_arns")
 	})
 
 	p.AddResourceConfigurator("aws_iam_instance_profile", func(r *config.Resource) {

diff --git a/examples/iam/role-with-inline-policy.yaml b/examples/iam/role-with-inline-policy.yaml
@@ -0,0 +1,36 @@
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Role
+metadata:
+  annotations:
+    meta.upbound.io/example-id: iam/v1beta1/role
+  labels:
+    testing.upbound.io/example-name: role
+  name: role-with-inline-policy
+spec:
+  forProvider:
+    assumeRolePolicy: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Principal": {
+              "Service": "eks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+          }
+        ]
+      }
+    inlinePolicy: 
+      - name: "my_inline_policy"
+        policy: |
+          {
+            "Version": "2012-10-17",
+            "Statement": [
+              {
+                "Effect": "Allow",
+                "Resource": "*",
+                "Action": "ec2:Describe*"
+              }
+            ]
+          }
diff --git a/package/crds/iam.aws.upbound.io_roles.yaml b/package/crds/iam.aws.upbound.io_roles.yaml
@@ -78,6 +78,21 @@ spec:
                     description: Whether to force detaching any policies the role
                       has before destroying it. Defaults to false.
                     type: boolean
+                  inlinePolicy:
+                    description: Configuration block defining an exclusive set of
+                      IAM inline policies associated with the IAM role. See below.
+                      Configuring one empty block (i.e.
+                    items:
+                      properties:
+                        name:
+                          description: Friendly name of the role. See IAM Identifiers
+                            for more information.
+                          type: string
+                        policy:
+                          description: Policy document as a JSON formatted string.
+                          type: string
+                      type: object
+                    type: array
                   maxSessionDuration:
                     description: Maximum session duration (in seconds) that you want
                       to set for the specified role. If you do not specify a value