Support granular managment policies

[lsviben]

Description of your changes

Updated the ObserveOnly management policy support to the new design which
incorporates granular management policies.

The main change is that instead of enum based spec.managementPolicy: FullControl/ObserveOnly/OrphanOnDelete, now we have an more granular array of actions spec.managementPolicy:["Observe", "Create", "Update", "LateInitialize", "Delete"].

So as upjet was already supporting ObserveOnly with Import, we needed to do minor changes on conditionals to make sure that spec.managementPolicy:["Observe"] is still recognized as ObserveOnly. In fact, all combinations which don't contain Create or Update actions can be handled similarly.

Furthermore, as there is now a management policy which skips late initialziation, I noticed that upjet was using late initialization for updating critical annotations on resources. Those annotations are usually set after Create, but as upjet offers async creation, and most resources use that (all in aws-provider for example), they are not set after Create, but in Observe, with using late-init to update the resource.

In this case, when late-init is off, we update the annotations manually in the Observe step. We could consider doing this in all situations and stop relying on late-init to do it for us. Or handle this differently.

Fixes #220

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.
• Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Tested it in the same process as crossplane/crossplane-runtime#456 as they are connected. More info on that issue.

[turkenh]

Thanks @lsviben, looking good!

[ulucinar]

Thank you @lsviben for the PR. Left some comments for my understanding. And thank you for bearing with me while I'm trying to understand these important changes better.

[ulucinar]

Are we sure that for a Delete operation, we are fine with not setting a required parameter? Did we validate this? I think it's not possible to have delete-only resource right, at least with the default policy sets? Looks like Delete policy always comes with the Create policy, is this correct?

If so, are we relying on the default supported policy sets?

[lsviben]

Aswered a bit here, but now I see that possibly delete wont work if we dont have required fields, not sure how Terraform reacts to that. As I mentioned I didn't test all unsupported combinations. All supported policies have Delete in a combination with either Create or Update.

[ulucinar]

... not sure how Terraform reacts to that...

This is also my concern here. I can help validating the behavior.

Another concern is the validation rules (build-time entities) are not aware of if management policies are actually enabled or not (the decision is only available at runtime). But with these "static" rules, we are conditioning whether, for instance, management policy for a resource is set to Observe.

Imagine a case where the management policy is set to Observe and the management policies feature is disabled at runtime. For now, we are relying on the crossplane-runtime to error when the management policies are not enabled but a non-default (non *) management policy is declared. I don't think this is a blocker for this PR, just trying to understand the implications so that we can maintain the new feature.

[ulucinar]

Thanks @lsviben for the detailed clarifications, lgtm.