mathod/crossplane
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mathod:98b7c5712b66a048415622815265781583195f7b
Branches Tags
mathod:main
...
compare: mathod:main
Branches Tags
mathod:main

8 Commits
98b7c5712b ... main

Author SHA1 Message Date
Mathod
86f733b118 + bucket 2025-11-30 03:37:07 +01:00
Mathod
9f04b70cd9 + s3 composition 2025-11-30 01:50:18 +01:00
Mathod
e3816d8948 * scheme update 2025-11-30 01:31:03 +01:00
Mathod
49f0002fc6 * scheme update 2025-11-26 06:47:28 +01:00
Mathod
8cfdb02186 + s3 generate 2025-11-25 00:23:34 +01:00
Mathod
9dc64d5497 + providers 2025-11-24 21:54:26 +01:00
Mathod
e3571e6d74 + acm 2025-11-24 09:18:45 +01:00
Mathod
a096815aa3 + acm + rds 2025-11-24 09:18:15 +01:00
59 changed files with 1795 additions and 15 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1 +1 @@
providers/aws-credentials.txt providers/provider-family-aws/aws-credentials.txt

14
README.md
View File

@@ -1,14 +0,0 @@
- https://marketplace.upbound.io/providers/upbound/provider-family-aws/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-s3/
- https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-account/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-vpc/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-acm/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-budgets/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-elbv2/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-organizations/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-redshift/v2.2.0
- https://marketplace.upbound.io/providers/upbound/provider-aws-route53/v2.2.0

6
functions/patch-and-transform.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Function
metadata:
name: function-patch-and-transform
spec:
package: xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2

2
providers/provider-argocd/README.md Normal file
View File

@@ -0,0 +1,2 @@
- https://marketplace.upbound.io/providers/crossplane-contrib/provider-argocd/latest
- https://github.com/crossplane-contrib/provider-argocd

6
providers/provider-argocd/provider-argocd.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-contrib-provider-argocd
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.14.1

16
providers/provider-family-aws/README.md Normal file
View File

@@ -0,0 +1,16 @@
- https://marketplace.upbound.io/providers/upbound/provider-family-aws/latest
- https://github.com/crossplane-contrib/provider-upjet-aws
- https://marketplace.upbound.io/providers/upbound/provider-aws-account/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-acm/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-budgets/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-eks/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-elbv2/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-iam/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-organizations/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-rds/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-redshift/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-route53/latest
- https://marketplace.upbound.io/providers/upbound/provider-aws-s3/
- https://marketplace.upbound.io/providers/upbound/provider-aws-vpc/latest

0
providers/provider-aws-account.yaml → providers/provider-family-aws/provider-aws-account.yaml
View File

0
providers/provider-aws-acm.yaml → providers/provider-family-aws/provider-aws-acm.yaml
View File

0
providers/provider-aws-budgets.yaml → providers/provider-family-aws/provider-aws-budgets.yaml
View File

0
providers/provider-aws-ec2.yaml → providers/provider-family-aws/provider-aws-ec2.yaml
View File

0
providers/provider-aws-eks.yaml → providers/provider-family-aws/provider-aws-eks.yaml
View File

0
providers/provider-aws-elbv2.yaml → providers/provider-family-aws/provider-aws-elbv2.yaml
View File

0
providers/provider-aws-iam.yaml → providers/provider-family-aws/provider-aws-iam.yaml
View File

0
providers/provider-aws-organizations.yaml → providers/provider-family-aws/provider-aws-organizations.yaml
View File

0
providers/provider-aws-rds.yaml → providers/provider-family-aws/provider-aws-rds.yaml
View File

0
providers/provider-aws-redshift.yaml → providers/provider-family-aws/provider-aws-redshift.yaml
View File

0
providers/provider-aws-route53.yaml → providers/provider-family-aws/provider-aws-route53.yaml
View File

0
providers/provider-aws-s3.yaml → providers/provider-family-aws/provider-aws-s3.yaml
View File

0
providers/provider-aws-vpc.yaml → providers/provider-family-aws/provider-aws-vpc.yaml
View File

0
providers/provider-aws-config.yaml → providers/provider-family-aws/provider-config.yaml
View File

82
providers/provider-family-aws/resources/acm/certaws-composition.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: awscert-composition
labels:
crossplane/provider: default
crossplane/xrd: xawscerts.crossplane.evina
spec:
compositeTypeRef:
apiVersion: crossplane.evina/v1alpha1
kind: XAWSCert
patchSets:
- name: region
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- name: providerConfigRef
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
writeConnectionSecretsToNamespace: crossplane
resources:
- name: Certificate
base:
apiVersion: acm.aws.upbound.io/v1beta1
kind: Certificate
metadata:
labels:
resource: Certificate
spec:
forProvider:
validationMethod: DNS
tags:
Environment: #Environment
Project: #NomDuProject
CreatedBy: Crossplane
Team: infra
Region: eu-west-1
Service: ACM
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: providerConfigRef
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.domainName
toFieldPath: spec.forProvider.domainName
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.arn
toFieldPath: status.certificate.arn
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.domainValidationOptions
toFieldPath: status.certificate.domainValidationOptions
- name: Record
base:
apiVersion: route53.aws.upbound.io/v1beta1
kind: Record
metadata:
labels:
resource: Record
spec:
forProvider:
ttl: 300
patches:
- type: PatchSet
patchSetName: region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.zoneId
toFieldPath: spec.forProvider.zoneId
- type: FromCompositeFieldPath
fromFieldPath: status.certificate.domainValidationOptions[0].resourceRecordName
toFieldPath: spec.forProvider.name
- type: FromCompositeFieldPath
fromFieldPath: status.certificate.domainValidationOptions[0].resourceRecordValue
toFieldPath: spec.forProvider.records[0]
- type: FromCompositeFieldPath
fromFieldPath: status.certificate.domainValidationOptions[0].resourceRecordType
toFieldPath: spec.forProvider.type
policy:
fromFieldPath: Required

55
providers/provider-family-aws/resources/acm/certaws.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xawscerts.crossplane.evina
spec:
group: crossplane.evina
names:
kind: XAWSCert
plural: xawscerts
claimNames:
kind: AWSCert
plural: awscerts
defaultCompositionRef:
name: awscert-composition
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
region:
description: Region where you want to deploy your serviceLoadBalancer
type: string
domainName:
description: Name of the domain to use
type: string
zoneId:
description: Name of the hosted zone to use
type: string
providerConfigRef:
description: Name of the Kubernetes provider config
type: string
required:
- region
- domainName
- zoneId
- providerConfigRef
status:
type: object
properties:
name:
description: name managed
type: string
certificate:
description: Values generated from the ACM API.
type: object
x-kubernetes-preserve-unknown-fields: true

13
providers/provider-family-aws/resources/ec2/imported-ec2.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: ec2.aws.m.upbound.io/v1beta1
kind: Instance
metadata:
name: imported-ec2-instance
annotations:
crossplane.io/external-name: i-037556a7512bd1f4b
spec:
managementPolicies: ["Observe"]
forProvider:
region: eu-west-3
providerConfigRef:
name: default
kind: ProviderConfig

17
providers/provider-family-aws/resources/ec2/test.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: ec2.aws.m.upbound.io/v1beta1
kind: Instance
metadata:
name: imported-ec2-instance
annotations:
crossplane.io/external-name: i-037556a7512bd1f4b
spec:
managementPolicies: ["*"]
forProvider:
region: eu-west-3
tags:
company: mathod
project: app1
environment: production
providerConfigRef:
name: default
kind: ProviderConfig

0
services/iam/user.yaml → providers/provider-family-aws/resources/iam/user.yaml
View File

0
services/iam/user2.yaml → providers/provider-family-aws/resources/iam/user2.yaml
View File

0
services/organization/README.md → providers/provider-family-aws/resources/organization/README.md
View File

70
providers/provider-family-aws/resources/organization/accounts.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Account
metadata:
name: aws-prod
namespace: aws-organization
labels:
environment: production
managed-by: crossplane
spec:
forProvider:
name: aws-prod
# IMPORTANT: Must be a unique email address
email: aws-prod@yourdomain.com
parentIdRef:
name: production-ou
roleName: OrganizationAccountAccessRole
tags:
Environment: Production
ManagedBy: Crossplane
CostCenter: Production
providerConfigRef:
name: org-config
---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Account
metadata:
name: aws-dev
namespace: aws-organization
labels:
environment: development
managed-by: crossplane
spec:
forProvider:
name: aws-dev
email: aws-dev@yourdomain.com # Must be unique
parentIdRef:
name: non-production-ou
roleName: OrganizationAccountAccessRole
tags:
Environment: Development
ManagedBy: Crossplane
CostCenter: NonProduction
providerConfigRef:
name: org-config
---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Account
metadata:
name: aws-qa
namespace: aws-organization
labels:
environment: qa
managed-by: crossplane
spec:
forProvider:
name: aws-qa
email: aws-qa@yourdomain.com # Must be unique
parentIdRef:
name: non-production-ou
roleName: OrganizationAccountAccessRole
tags:
Environment: QA
ManagedBy: Crossplane
CostCenter: NonProduction
providerConfigRef:
name: org-config
---

7
providers/provider-family-aws/resources/organization/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: aws-organization
labels:
managed-by: crossplane
purpose: aws-organization-management

21
providers/provider-family-aws/resources/organization/oragnization.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Organization
metadata:
name: my-organization
namespace: aws-organization
labels:
managed-by: crossplane
spec:
forProvider:
awsServiceAccessPrincipals:
- cloudtrail.amazonaws.com
- config.amazonaws.com
- sso.amazonaws.com
- account.amazonaws.com
- ram.amazonaws.com
enabledPolicyTypes:
- SERVICE_CONTROL_POLICY
- TAG_POLICY
featureSet: ALL
providerConfigRef:
name: org-config

48
providers/provider-family-aws/resources/organization/organizational-unites.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: OrganizationalUnit
metadata:
name: production-ou
namespace: aws-organization
labels:
environment: production
managed-by: crossplane
spec:
forProvider:
name: Production
# IMPORTANT: Replace r-xxxx with your actual root ID
# Get it with: kubectl get organization my-organization -n aws-organization -o jsonpath='{.status.atProvider.roots[0].id}'
parentId: "r-xxxx"
providerConfigRef:
name: org-config
---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: OrganizationalUnit
metadata:
name: non-production-ou
namespace: aws-organization
labels:
environment: non-production
managed-by: crossplane
spec:
forProvider:
name: NonProduction
parentId: "r-xxxx" # Replace with your root ID
providerConfigRef:
name: org-config
---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: OrganizationalUnit
metadata:
name: management-ou
namespace: aws-organization
labels:
environment: management
managed-by: crossplane
spec:
forProvider:
name: Management
parentId: "r-xxxx" # Replace with your root ID
providerConfigRef:
name: org-config

43
providers/provider-family-aws/resources/organization/policy-attachments.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: PolicyAttachment
metadata:
name: leave-org-policy-prod
namespace: aws-organization
spec:
forProvider:
policyIdRef:
name: deny-leave-organization
targetIdRef:
name: production-ou
providerConfigRef:
name: org-config
---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: PolicyAttachment
metadata:
name: leave-org-policy-nonprod
namespace: aws-organization
spec:
forProvider:
policyIdRef:
name: deny-leave-organization
targetIdRef:
name: non-production-ou
providerConfigRef:
name: org-config
---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: PolicyAttachment
metadata:
name: region-policy-nonprod
namespace: aws-organization
spec:
forProvider:
policyIdRef:
name: deny-non-approved-regions
targetIdRef:
name: non-production-ou
providerConfigRef:
name: org-config

27
providers/provider-family-aws/resources/organization/scp-deny-leave-org.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Policy
metadata:
name: deny-leave-organization
namespace: aws-organization
labels:
policy-type: scp
purpose: security
spec:
forProvider:
name: DenyLeaveOrganization
description: Prevent accounts from leaving the organization
type: SERVICE_CONTROL_POLICY
content: |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyLeaveOrg",
"Effect": "Deny",
"Action": "organizations:LeaveOrganization",
"Resource": "*"
}
]
}
providerConfigRef:
name: org-config

42
providers/provider-family-aws/resources/organization/scp-restrict-regions.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Policy
metadata:
name: deny-non-approved-regions
namespace: aws-organization
labels:
policy-type: scp
purpose: compliance
spec:
forProvider:
name: DenyNonApprovedRegions
description: Only allow specific AWS regions for compliance
type: SERVICE_CONTROL_POLICY
content: |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyNonApprovedRegions",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": [
"eu-west-1",
"us-east-1",
"us-west-2"
]
},
"ArnNotLike": {
"aws:PrincipalArn": [
"arn:aws:iam::*:role/OrganizationAccountAccessRole",
"arn:aws:iam::*:role/Admin*"
]
}
}
}
]
}
providerConfigRef:
name: org-config

13
providers/provider-family-aws/resources/organization/secret.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: aws-credentials
namespace: aws-organization
type: Opaque
stringData:
credentials: |
[default]
aws_access_key_id = YOUR_ACCESS_KEY_HERE
aws_secret_access_key = YOUR_SECRET_KEY_HERE
# Optional: Add region if needed
# region = us-east-1

90
providers/provider-family-aws/resources/rds/README.md Normal file
View File

@@ -0,0 +1,90 @@
# Best Practices
1) Name scheming
Nom des resources = <kind>-<app>-<environment>
2) Tagging
# Providers
| Name | Version |
|---|---|
| [provider-aws-rds](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | 1.2.1 |
| [provider-aws-iam](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.2.1) | 1.2.1 |
| [provider-aws-ec2](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1) | 1.2.1 |
# CompositeResources
| Provider | Kind |
|---|---|
| [IAM](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.2.1) | [Role](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.2.1/resources/iam.aws.upbound.io/Role/v1beta1) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/Cluster/v1beta1) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [ClusterRoleAssociation](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/ClusterRoleAssociation/v1beta1) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [SubnetGroup](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/SubnetGroup/v1beta1) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [ClusterInstance](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/ClusterInstance/v1beta1) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [Instance](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/Instance/v1beta2) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [ClusterParameterGroup](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/ClusterParameterGroup/v1beta1) |
| [RDS](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1) | [ParameterGroup](https://marketplace.upbound.io/providers/upbound/provider-aws-rds/v1.2.1/resources/rds.aws.upbound.io/ParameterGroup/v1beta1) |
| [EC2](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1) | [SecurityGroup](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1/resources/ec2.aws.upbound.io/SecurityGroup/v1beta1) |
| [EC2](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1) | [SecurityGroupRule](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1/resources/ec2.aws.upbound.io/SecurityGroupRule/v1beta1) |
| [EC2](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1) | [SecurityGroupIngressRule](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1/resources/ec2.aws.upbound.io/SecurityGroupIngressRule/v1beta1) |
| [EC2](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1) | [SecurityGroupEgressRule](https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.2.1/resources/ec2.aws.upbound.io/SecurityGroupEgressRule/v1beta1) |
# Claim example
```yaml
apiVersion: crossplane.evina/v1alpha1
kind: RDS
metadata:
namespace: crossplane-system
name: claimed-
spec:
compositionRef:
name: rds-composition
parameters:
region:
app:
environment:
engine:
```
## Inputs
| Name | Description | Value |Required |
|---|---|---|---|
| region | AWS Region where the provider will operate | eu-west-1 | Required |
| app | Name of the app (Used for Tagging/Naming) | dcbprotect / karpenter / brandprotect / grafana | Required |
| environment | Environment where the claim will operate (Used for Tag/Naming) | dev / staging / production | Required |
| account | Environment where the claim will operate (Used for Tagging) | 169590266381 | Recommended |
| engineVersion | The engine version to use | 5.7.mysql_aurora.2.11.2 | Required |
| providerConfigRef | Target a specific account | provider-aws-config.yaml | Required |
| instanceClass | Instance used to host the database | db.t3.medium | Required |
# Outputs
# TODO
- [x] Import and observe all resources from terraform
- [ ] Create a managed resources with crossplane
- [x] IAM
- [x] Role
- [x] RDS
- [ ] Cluster
- [x] SubnetGroup
- [ ] ClusterInstance
- [x] Instance
- [x] ClusterParameterGroup
- [x] ParameterGroup
- [x] EC2
- [x] SecurityGroup
- [ ] SecurityGroupRule (Générer une managedResources pour faire le lien entre une compo RDS et APP)
- [ ] SecurityGroupIngressRule (Générer une managedResources pour faire le lien entre une compo RDS et APP)
- [x] SecurityGroupEgressRule
- [ ] Check Tags
- [ ] Check when to use Refs
- [ ] How to create more instances from claim
- [ ] Create a certIdentifier ?
- [ ] Ajouter une resource roleAssociation for RDS and IAM role created
- [ ] Ajoute automatiquement la description "Managed by terraform" SubnetGroup ??
- [ ] Create composition and definition

289
providers/provider-family-aws/resources/rds/composition.yaml.stop Normal file
View File

@@ -0,0 +1,289 @@
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: rds-composition
labels:
crossplane/provider: default
crossplane/xrd: xrdss.crossplane.evina
spec:
compositeTypeRef:
apiVersion: crossplane.evina/v1alpha1
kind: XRDS
patchSets:
- name: region
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- name: providerConfigRef
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigRef
toFieldPath: spec.providerConfigRef.name
writeConnectionSecretsToNamespace: crossplane
resources:
###################################################################################################
- name: Role
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
labels:
claim: rds
provider: iam
kind: role
app: mathodprotect
environment: dev
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "rds.amazonaws.com"
}
}
]
}
tags:
region: eu-west-1
app: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: role
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.app
- fromFieldPath: spec.parameters.environment
strategy: string
string:
fmt: "rds-iam-role-%s-%s"
toFieldPath: "metadata.annotations[crossplane.io/external-name]"
###################################################################################################
# - name: Cluster
# base:
# apiVersion: rds.aws.upbound.io/v1beta1
# kind: Cluster
# metadata:
# name: cluster-mathodprotect-dev
# labels:
# resources: Cluster
# spec:
# forProvider:
# availabilityZones:
# - eu-west-1a
# - eu-west-1b
# - eu-west-1c
# engine: aurora-mysql
# engineMode: provisioned
# engineVersion: 5.7.mysql_aurora.2.11.2
# databaseName: mathodProtect
# autoGeneratePassword: true
# masterPasswordSecretRef:
# key: tropsecure
# name: cluster-mathodprotect-dev-password
# namespace: crossplane-system
# port: 3306
# dbClusterParameterGroupName: clusterparametergroup-mathodprotect-dev
# # iamRoles:
# # - arn:aws:iam::453702081005:role/IAM-Role-Aurora
# # vpcSecurityGroupIds:
# # - sg-0292740ac642cbce9
# vpcSecurityGroupIdRefs:
# - name: securitygroup-mathodprotect-dev
# masterUsername: mathod
# copyTagsToSnapshot: true
# finalSnapshotIdentifier: test-final
# dbSubnetGroupName: subnetgroup-mathodprotect-dev
# # dbSubnetGroupNameRef:
# backupRetentionPeriod: 1
# preferredBackupWindow: 23:48-00:18
# preferredMaintenanceWindow: tue:22:51-tue:23:21
# tags:
# region: eu-west-1
# project: mathodprotect
# environment: dev
# account: "169590266381"
# composition: rds
# managedResources: cluster
# writeConnectionSecretToRef:
# name: rds-mathod-protect-password
# namespace: crossplane-system
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef
###################################################################################################
# - name: SubnetGroup
# base:
# apiVersion: rds.aws.upbound.io/v1beta1
# kind: SubnetGroup
# metadata:
# name: subnetgroup-mathodprotect-dev
# labels:
# resource: SubnetGroup
# spec:
# forProvider:
# subnetIds: # Replace to use subnetIdRefs
# - subnet-0c0a38354f2a028c8
# - subnet-06dc47da5b4eae974
# - subnet-0f3ee2a757ce85ad1
# # subnetIdRefs:
# tags:
# region: eu-west-1
# project: mathodprotect
# environment: dev
# account: "169590266381"
# composition: rds
# managedResources: subnetgroup
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef
###################################################################################################
# - name: ClusterInstance
# base:
# apiVersion: rds.aws.upbound.io/v1beta1
# kind: ClusterInstance
# metadata:
# name: clusterinstance-mathodprotect-dev
# labels:
# resources: ClusterInstance
# spec:
# forProvider:
# # clusterIdentifier: cluster-mathodprotect-dev
# # id: backoffice-staging-eu-west-1-aurora-cluster-instance-0
# clusterIdentifierRef:
# name: cluster-mathodprotect-dev
# engine: aurora-mysql
# instanceClass: db.t3.medium
# publiclyAccessible: false
# caCertIdentifier: rds-ca-2019
# # dbParameterGroupName:
# dbParameterGroupNameRef:
# name: parametergroup-mathodprotect-dev
# # dbSubnetGroupName:
# dbSubnetGroupNameRef:
# name: subnetgroup-mathodprotect-dev
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef
###################################################################################################
# - name: ClusterParameterGroup
# base:
# apiVersion: rds.aws.upbound.io/v1beta1
# kind: ClusterParameterGroup
# metadata:
# name: clusterparametergroup-mathodprotect-dev
# labels:
# resources: ClusterParameterGroup
# spec:
# forProvider:
# family: aurora-mysql5.7
# parameter:
# - applyMethod: immediate
# name: aurora_load_from_s3_role
# value: arn:aws:iam::169590266381:role/role-mathodprotect-dev
# - applyMethod: immediate
# name: aurora_select_into_s3_role
# value: arn:aws:iam::169590266381:role/role-mathodprotect-dev
# - applyMethod: immediate
# name: aws_default_s3_role
# value: arn:aws:iam::169590266381:role/role-mathodprotect-dev
# - applyMethod: immediate
# name: innodb_online_alter_log_max_size
# value: "21474836480"
# - applyMethod: immediate
# name: slow_query_log
# value: "1"
# tags:
# region: eu-west-1
# app: mathodprotect
# environment: dev
# account: "169590266381"
# composition: rds
# managedResources: clusterparametergroup
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef
###################################################################################################
# - name: ParameterGroup
# base:
# apiVersion: rds.aws.upbound.io/v1beta1
# kind: ParameterGroup
# metadata:
# name: parametergroup-mathodprotect-dev
# labels:
# resources: ParameterGroup
# spec:
# forProvider:
# family: aurora-mysql5.7
# tags:
# region: eu-west-1
# app: mathodprotect
# environment: dev
# account: "169590266381"
# composition: rds
# managedResources: parametergroup
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef
###################################################################################################
# - name: SecurityGroup
# base:
# apiVersion: ec2.aws.upbound.io/v1beta1
# kind: SecurityGroup
# metadata:
# name: securitygroup-mathodprotect-dev
# spec:
# forProvider:
# name: securitygroup-mathodprotect-dev
# vpcId: vpc-029aa16a171ccb018
# # vpcIdRef:
# tags:
# region: eu-west-1
# app: mathodprotect
# environment: dev
# account: "169590266381"
# composition: rds
# managedResources: securitygroup
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef
###################################################################################################
# - name: SecurityGroupEgressRule
# base:
# apiVersion: ec2.aws.upbound.io/v1beta1
# kind: SecurityGroupEgressRule
# metadata:
# name: securitygroupegressrule-mathodprotect-dev
# spec:
# forProvider:
# cidrIpv4: 0.0.0.0/0
# ipProtocol: "-1"
# securityGroupIdRef:
# name: securitygroup-mathodprotect-dev
# patches:
# - type: PatchSet
# patchSetName: region
# - type: PatchSet
# patchSetName: providerConfigRef

49
providers/provider-family-aws/resources/rds/definition.yaml.stop Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xrdss.crossplane.evina
spec:
group: crossplane.evina
names:
kind: XRDS
plural: xrdss
claimNames:
kind: RDS
plural: rdss
defaultCompositionRef:
name: rds-composition
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
region:
description: AWS Region where the provider will operate
type: string
app:
description:
type: string
environment:
description:
type: string
engineVersion:
description:
type: string
providerConfigRef:
description: Name of the Kubernetes provider config
type: string
required:
- region
- app
- environment
# - engineVersion
- providerConfigRef

221
providers/provider-family-aws/resources/rds/managedResources.yaml.stop Normal file
View File

@@ -0,0 +1,221 @@
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
name: role-mathodprotect-dev
labels:
resource: Role
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "rds.amazonaws.com"
}
}
]
}
tags:
region: eu-west-1
app: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: role
providerConfigRef:
name: dev
---
apiVersion: rds.aws.upbound.io/v1beta1
kind: SubnetGroup
metadata:
name: subnetgroup-mathodprotect-dev
labels:
resource: SubnetGroup
spec:
forProvider:
region: eu-west-1
subnetIds: # Replace to use subnetIdRefs
- subnet-0c0a38354f2a028c8
- subnet-06dc47da5b4eae974
- subnet-0f3ee2a757ce85ad1
# subnetIdRefs:
tags:
region: eu-west-1
project: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: subnetgroup
providerConfigRef:
name: dev
---
apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
name: cluster-mathodprotect-dev
labels:
resources: Cluster
spec:
forProvider:
region: eu-west-1
availabilityZones:
- eu-west-1a
- eu-west-1b
- eu-west-1c
engine: aurora-mysql
engineMode: provisioned
engineVersion: 5.7.mysql_aurora.2.11.2
databaseName: mathodProtect
autoGeneratePassword: true
masterPasswordSecretRef:
key: tropsecure
name: cluster-mathodprotect-dev-password
namespace: crossplane-system
port: 3306
dbClusterParameterGroupName: clusterparametergroup-mathodprotect-dev
# iamRoles:
# - arn:aws:iam::453702081005:role/IAM-Role-Aurora
# vpcSecurityGroupIds:
# - sg-0292740ac642cbce9
vpcSecurityGroupIdRefs:
- name: securitygroup-mathodprotect-dev
masterUsername: mathod
copyTagsToSnapshot: true
finalSnapshotIdentifier: test-final
dbSubnetGroupName: subnetgroup-mathodprotect-dev
# dbSubnetGroupNameRef:
backupRetentionPeriod: 1
preferredBackupWindow: 23:48-00:18
preferredMaintenanceWindow: tue:22:51-tue:23:21
tags:
region: eu-west-1
project: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: cluster
writeConnectionSecretToRef:
name: rds-mathod-protect-password
namespace: crossplane-system
providerConfigRef:
name: dev
---
apiVersion: rds.aws.upbound.io/v1beta1
kind: ClusterInstance
metadata:
name: clusterinstance-mathodprotect-dev
labels:
resources: ClusterInstance
spec:
forProvider:
region: eu-west-1
# clusterIdentifier: cluster-mathodprotect-dev
# id: backoffice-staging-eu-west-1-aurora-cluster-instance-0
clusterIdentifierRef:
name: cluster-mathodprotect-dev
engine: aurora-mysql
instanceClass: db.t3.medium
publiclyAccessible: false
caCertIdentifier: rds-ca-2019
# dbParameterGroupName:
dbParameterGroupNameRef:
name: parametergroup-mathodprotect-dev
# dbSubnetGroupName:
dbSubnetGroupNameRef:
name: subnetgroup-mathodprotect-dev
providerConfigRef:
name: dev
---
apiVersion: rds.aws.upbound.io/v1beta1
kind: ClusterParameterGroup
metadata:
name: clusterparametergroup-mathodprotect-dev
labels:
resources: ClusterParameterGroup
spec:
forProvider:
region: eu-west-1
family: aurora-mysql5.7
parameter:
- applyMethod: immediate
name: aurora_load_from_s3_role
value: arn:aws:iam::169590266381:role/role-mathodprotect-dev
- applyMethod: immediate
name: aurora_select_into_s3_role
value: arn:aws:iam::169590266381:role/role-mathodprotect-dev
- applyMethod: immediate
name: aws_default_s3_role
value: arn:aws:iam::169590266381:role/role-mathodprotect-dev
- applyMethod: immediate
name: innodb_online_alter_log_max_size
value: "21474836480"
- applyMethod: immediate
name: slow_query_log
value: "1"
tags:
region: eu-west-1
app: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: clusterparametergroup
providerConfigRef:
name: dev
---
apiVersion: rds.aws.upbound.io/v1beta1
kind: ParameterGroup
metadata:
name: parametergroup-mathodprotect-dev
labels:
resources: ParameterGroup
spec:
forProvider:
region: eu-west-1
family: aurora-mysql5.7
tags:
region: eu-west-1
app: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: parametergroup
providerConfigRef:
name: dev
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroup
metadata:
name: securitygroup-mathodprotect-dev
spec:
forProvider:
region: eu-west-1
name: securitygroup-mathodprotect-dev
vpcId: vpc-029aa16a171ccb018
# vpcIdRef:
tags:
region: eu-west-1
app: mathodprotect
environment: dev
account: "169590266381"
composition: rds
managedResources: securitygroup
providerConfigRef:
name: dev
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupEgressRule
metadata:
name: securitygroupegressrule-mathodprotect-dev
spec:
forProvider:
region: eu-west-1
cidrIpv4: 0.0.0.0/0
ipProtocol: "-1"
securityGroupIdRef:
name: securitygroup-mathodprotect-dev
providerConfigRef:
name: dev

184
providers/provider-family-aws/resources/s3/compositions/composition.yaml Normal file
View File

@@ -0,0 +1,184 @@
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: s3bucket.aws.mathod.io
labels:
provider: aws
type: s3
spec:
compositeTypeRef:
apiVersion: mathod.io/v1alpha1
kind: XObjectStorage
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
resources:
# Bucket S3
- name: s3-bucket
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: Bucket
spec:
forProvider:
region: eu-west-1
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: metadata.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.arn
toFieldPath: status.bucketArn
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.bucketDomainName
toFieldPath: status.bucketDomain
# Configuration du versioning
- name: bucket-versioning
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketVersioning
spec:
forProvider:
region: eu-west-1
bucketRef:
name: ""
versioningConfiguration:
status: Disabled
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: spec.forProvider.bucketRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.versioning
toFieldPath: spec.forProvider.versioningConfiguration.status
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": Enabled
"false": Suspended
# Configuration du chiffrement
- name: bucket-encryption
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketServerSideEncryptionConfiguration
spec:
forProvider:
region: eu-west-1
bucketRef:
name: ""
rule:
- applyServerSideEncryptionByDefault:
sseAlgorithm: AES256
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: spec.forProvider.bucketRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.encryption
toFieldPath: spec.forProvider.rule[0].applyServerSideEncryptionByDefault.sseAlgorithm
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": AES256
"false": ""
# Bloquer l'accès public
- name: bucket-public-access-block
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketPublicAccessBlock
spec:
forProvider:
region: eu-west-1
bucketRef:
name: ""
blockPublicAcls: true
blockPublicPolicy: true
ignorePublicAcls: true
restrictPublicBuckets: true
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: spec.forProvider.bucketRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.blockPublicAcls
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.blockPublicPolicy
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.ignorePublicAcls
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.restrictPublicBuckets
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true

54
providers/provider-family-aws/resources/s3/compositions/definition.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: apiextensions.crossplane.io/v2
kind: CompositeResourceDefinition
metadata:
name: xobjectstorages.mathod.io
spec:
scope: Namespaced
group: mathod.io
names:
kind: XObjectStorage
plural: xobjectstorages
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
bucketName:
type: string
description: "Nom du bucket S3"
region:
type: string
description: "Région AWS"
default: "eu-west-1"
versioning:
type: boolean
description: "Activer le versioning"
default: false
encryption:
type: boolean
description: "Activer le chiffrement"
default: true
publicAccess:
type: boolean
description: "Autoriser l'accès public"
default: false
required:
- bucketName
required:
- parameters
status:
type: object
properties:
bucketArn:
type: string
bucketDomain:
type: string

15
providers/provider-family-aws/resources/s3/compositions/objectstorage.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: mathod.io/v1alpha1
kind: XObjectStorage
metadata:
name: my-s3-bucket-example
namespace: crossplane-system
spec:
parameters:
bucketName: app1-bucket-mathod-93150
region: eu-west-1
versioning: true
encryption: true
publicAccess: false
crossplane:
compositionRef:
name: s3bucket.aws.mathod.io

16
providers/provider-family-aws/resources/s3/objects/bucket-generate.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: Bucket
metadata:
generateName: app1-bucket-mathod-
namespace: crossplane-system
spec:
forProvider:
region: eu-west-3
tags:
company: mathod
project: app1
environment: production
providerConfigRef:
name: default
kind: ProviderConfig

0
services/s3/bucket.yaml → providers/provider-family-aws/resources/s3/objects/bucket.yaml
View File

18
providers/provider-family-aws/resources/template/composite-resources.yaml Normal file
View File

@@ -0,0 +1,18 @@
# =============================================================================
# EXEMPLE D'UTILISATION
# Crée une instance de la ressource composite
# =============================================================================
apiVersion: mathod.io/v1alpha1
kind: X<ResourceName>
metadata:
name: <instance-name>
namespace: default
spec:
parameters:
<paramName>: <value>
<boolParam>: true
<intParam>: 200
crossplane:
compositionRef:
name: <resource>.<provider>.mathod.io

137
providers/provider-family-aws/resources/template/composition.yaml Normal file
View File

@@ -0,0 +1,137 @@
# =============================================================================
# COMPOSITION
# Configure comment créer les ressources réelles
# =============================================================================
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
# Format: <resource>.<provider>.<group>
# Exemple: database.aws.mathod.io, network.gcp.mathod.io
name: <resource>.<provider>.mathod.io
labels:
provider: <provider_name>
type: <resource_type>
spec:
# Référence vers le XRD
compositeTypeRef:
apiVersion: mathod.io/v1alpha1
kind: X<ResourceName>
# Mode Pipeline (recommandé pour Crossplane v2)
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
resources:
# =============================================
# RESSOURCE MANAGÉE #1
# =============================================
- name: <resource-name>
base:
# API de la ressource (provider specific)
apiVersion: <provider>.aws.upbound.io/v1beta1
kind: <ResourceKind>
spec:
forProvider:
# Configuration de base
<field>: <value>
# Référence au ProviderConfig
providerConfigRef:
name: aws-provider
patches:
# -------------------------------------
# FromCompositeFieldPath
# Copie depuis le XR vers la ressource
# -------------------------------------
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.<paramName>
toFieldPath: spec.forProvider.<targetField>
# -------------------------------------
# ToCompositeFieldPath
# Copie depuis la ressource vers le XR
# -------------------------------------
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.<sourceField>
toFieldPath: status.<outputField>
# -------------------------------------
# Transform - Map
# Transforme une valeur avec un mapping
# -------------------------------------
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.<boolParam>
toFieldPath: spec.forProvider.<targetField>
transforms:
- type: map
map:
"true": Enabled
"false": Disabled
# -------------------------------------
# Transform - String
# Formate une string
# -------------------------------------
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.<paramName>
toFieldPath: spec.forProvider.<targetField>
transforms:
- type: string
string:
fmt: "prefix-%s-suffix"
# -------------------------------------
# Transform - Math
# Opération mathématique
# -------------------------------------
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.<intParam>
toFieldPath: spec.forProvider.<targetField>
transforms:
- type: math
math:
multiply: 2
# -------------------------------------
# CombineFromComposite
# Combine plusieurs champs
# -------------------------------------
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.<param1>
- fromFieldPath: spec.parameters.<param2>
strategy: string
string:
fmt: "%s-%s"
toFieldPath: spec.forProvider.<targetField>
# =============================================
# RESSOURCE MANAGÉE #2 (avec référence)
# =============================================
- name: <related-resource>
base:
apiVersion: <provider>.aws.upbound.io/v1beta1
kind: <RelatedResourceKind>
spec:
forProvider:
# Référence vers une autre ressource
<parent>Ref:
name: ""
providerConfigRef:
name: aws-provider
patches:
# Patch la référence
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.<paramName>
toFieldPath: spec.forProvider.<parent>Ref.name
---

98
providers/provider-family-aws/resources/template/definition.yaml Normal file
View File

@@ -0,0 +1,98 @@
# =============================================================================
# XRD (Composite Resource Definition)
# Définit le schéma de ton API personnalisée
# =============================================================================
apiVersion: apiextensions.crossplane.io/v2
kind: CompositeResourceDefinition
metadata:
# Format: x<pluriel>.<group>
# Exemple: xdatabases.mathod.io, xnetworks.mathod.io
name: x<RESOURCE_PLURAL>s.mathod.io
spec:
scope: Namespaced
# Le groupe de ton API (doit matcher le suffix du name)
group: mathod.io
names:
# Nom au singulier (PascalCase) - Commence par X
kind: X<ResourceName>
# Nom au pluriel (lowercase)
plural: x<resource_name>s
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
# ========================================
# Paramètres string
# ========================================
<paramName>:
type: string
description: "<Description du paramètre>"
default: "<valeur_par_defaut>"
# ========================================
# Paramètres boolean
# ========================================
<boolParam>:
type: boolean
description: "<Description du paramètre>"
default: false
# ========================================
# Paramètres integer
# ========================================
<intParam>:
type: integer
description: "<Description du paramètre>"
default: 100
# ========================================
# Paramètres array
# ========================================
<arrayParam>:
type: array
description: "<Description du paramètre>"
items:
type: string
default: []
# ========================================
# Paramètres object
# ========================================
<objectParam>:
type: object
description: "<Description du paramètre>"
properties:
<subField>:
type: string
# Paramètres obligatoires
required:
- <paramName>
required:
- parameters
# ========================================
# Status - Informations retournées
# ========================================
status:
type: object
properties:
<outputField>:
type: string
description: "<Description de la sortie>"
---

2
providers/provider-gitlab/README.md Normal file
View File

@@ -0,0 +1,2 @@
- https://marketplace.upbound.io/providers/crossplane-contrib/provider-gitlab/latest
- https://github.com/crossplane-contrib/provider-gitlab

6
providers/provider-gitlab/provider-gitlab.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-contrib-provider-gitlab
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.14.0

2
providers/provider-helm/README.md Normal file
View File

@@ -0,0 +1,2 @@
- https://marketplace.upbound.io/providers/upbound/provider-helm/latest
- https://github.com/crossplane-contrib/provider-helm

6
providers/provider-helm/provider-helm.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: upbound-provider-helm
spec:
package: xpkg.upbound.io/upbound/provider-helm:v1.0.4

2
providers/provider-kubernetes/README.md Normal file
View File

@@ -0,0 +1,2 @@
- https://marketplace.upbound.io/providers/upbound/provider-kubernetes/latest
- https://github.com/crossplane-contrib/provider-kubernetes

6
providers/provider-kubernetes/provider-kubernetes.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: upbound-provider-kubernetes
spec:
package: xpkg.upbound.io/upbound/provider-kubernetes:v1.1.0

2
providers/provider-opentofu/README.md Normal file
View File

@@ -0,0 +1,2 @@
- https://marketplace.upbound.io/providers/upbound/provider-opentofu/latest
- https://github.com/upbound/provider-opentofu

6
providers/provider-opentofu/provider-opentofu.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: upbound-provider-opentofu
spec:
package: xpkg.upbound.io/upbound/provider-opentofu:v1.0.1

11
providers/provider-opentofu/resources/objects/test/02-secret-gitea-credentials.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-credentials
namespace: crossplane-system
type: Opaque
stringData:
credentials: |
credentials "gitea.mathod.fr" {
token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

44
providers/provider-opentofu/resources/objects/test/03-providerconfig.yaml Normal file
View File

@@ -0,0 +1,44 @@
apiVersion: opentofu.m.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: gitea-tofu-config
namespace: crossplane-system
spec:
configuration: |
terraform {
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "~> 0.20.0"
}
}
// Modules _must_ use remote state. The provider does not persist state.
backend "kubernetes" {
secret_suffix = "providerconfig-gitea"
namespace = "crossplane-system"
in_cluster_config = true
}
}
provider "gitea" {
base_url = var.gitea_url
token = var.gitea_token
}
variable "gitea_url" {
type = string
}
variable "gitea_token" {
type = string
sensitive = true
}
pluginCache: true
credentials:
- filename: .tofurc
source: Secret
secretRef:
name: gitea-provider-creds
namespace: crossplane-system
key: credentials

68
providers/provider-opentofu/resources/objects/test/04-workspace-user.yaml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: opentofu.m.upbound.io/v1beta1
kind: Workspace
metadata:
name: gitea-user
namespace: crossplane-system
spec:
forProvider:
source: Inline
module: |
resource "gitea_user" "developer" {
username = var.username
login_name = var.login_name
email = var.email
password = var.password
must_change_password = var.must_change_password
admin = var.admin
}
output "user_id" {
value = gitea_user.developer.id
}
output "username" {
value = gitea_user.developer.username
}
variable "username" {
type = string
}
variable "login_name" {
type = string
}
variable "email" {
type = string
}
variable "password" {
type = string
sensitive = true
}
variable "must_change_password" {
type = bool
default = true
}
variable "admin" {
type = bool
default = false
}
vars:
- key: username
value: "dev-user"
- key: login_name
value: "dev-user"
- key: email
value: "dev@example.com"
- key: password
value: "ChangeMe123!"
- key: must_change_password
value: "true"
- key: admin
value: "false"
providerConfigRef:
kind: ProviderConfig
name: gitea-tofu-config

0
providers/provider-opentofu/resources/objects/test/05-workspace-repo.yaml Normal file
View File