feat: AWS cluster config patch

AWS cluster config is marked as required and region is defaulted via OpenAPI
definition.

Author: jimmidyson

README.md

@@ -45,6 +45,22 @@ stringData:
 EOF
 ```
 
+If you are using an `AWS_PROFILE` to log in use the following:
+
+```shell
+kubectl apply --server-side -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "aws-quick-start-creds"
+  namespace: capa-system
+stringData:
+ AccessKeyID: $(aws configure get aws_access_key_id)
+ SecretAccessKey: $(aws configure get aws_secret_access_key)
+ SessionToken: $(aws configure get aws_session_token)
+EOF
+```
+
 To create a cluster, update `clusterConfig` variable and run:
 
 ```shell

api/v1alpha1/aws_clusterconfig_types.go

@@ -0,0 +1,119 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/variables"
+)
+
+//+kubebuilder:object:root=true
+
+// AWSClusterConfig is the Schema for the awsclusterconfigs API.
+type AWSClusterConfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec AWSClusterConfigSpec `json:"spec,omitempty"`
+}
+
+// AWSClusterConfigSpec defines the desired state of AWSClusterConfig.
+type AWSClusterConfigSpec struct {
+	// +optional
+	Region *Region `json:"region,omitempty"`
+}
+
+func (AWSClusterConfigSpec) VariableSchema() clusterv1.VariableSchema {
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Description: "AWS Cluster configuration",
+			Type:        "object",
+			Properties: map[string]clusterv1.JSONSchemaProps{
+				"region": Region("").VariableSchema().OpenAPIV3Schema,
+			},
+			Required: []string{"region"},
+		},
+	}
+}
+
+type Region string
+
+const (
+	RegionAFSouth1     Region = "af-south-1"
+	RegionAPEast1      Region = "ap-east-1"
+	RegionAPNorthEast1 Region = "ap-northeast-1"
+	RegionAPNorthEast2 Region = "ap-northeast-2"
+	RegionAPNorthEast3 Region = "ap-northeast-3"
+	RegionAPSouth1     Region = "ap-south-1"
+	RegionAPSouth2     Region = "ap-south-2"
+	RegionAPSouthEast1 Region = "ap-southeast-1"
+	RegionAPSouthEast2 Region = "ap-southeast-2"
+	RegionAPSouthEast3 Region = "ap-southeast-3"
+	RegionAPSouthEast4 Region = "ap-southeast-4"
+	RegionCACentral1   Region = "ca-central-1"
+	RegionEUCentral1   Region = "eu-central-1"
+	RegionEUCentral2   Region = "eu-central-2"
+	RegionEUNorth1     Region = "eu-north-1"
+	RegionEUSouth1     Region = "eu-south-1"
+	RegionEUSouth2     Region = "eu-south-2"
+	RegionEUWest1      Region = "eu-west-1"
+	RegionEUWest2      Region = "eu-west-2"
+	RegionEUWest3      Region = "eu-west-3"
+	RegionILCentral1   Region = "il-central-1"
+	RegionMECentral1   Region = "me-central-1"
+	RegionMESouth1     Region = "me-south-1"
+	RegionSAEast1      Region = "sa-east-1"
+	RegionUSEast1      Region = "us-east-1"
+	RegionUSEast2      Region = "us-east-2"
+	RegionUSWest1      Region = "us-west-1"
+	RegionUSWest2      Region = "us-west-2"
+)
+
+func (Region) VariableSchema() clusterv1.VariableSchema {
+	allRegions := []Region{
+		RegionAFSouth1,
+		RegionAPEast1,
+		RegionAPNorthEast1,
+		RegionAPNorthEast2,
+		RegionAPNorthEast3,
+		RegionAPSouth1,
+		RegionAPSouth2,
+		RegionAPSouthEast1,
+		RegionAPSouthEast2,
+		RegionAPSouthEast3,
+		RegionAPSouthEast4,
+		RegionCACentral1,
+		RegionEUCentral1,
+		RegionEUCentral2,
+		RegionEUNorth1,
+		RegionEUSouth1,
+		RegionEUSouth2,
+		RegionEUWest1,
+		RegionEUWest2,
+		RegionEUWest3,
+		RegionILCentral1,
+		RegionMECentral1,
+		RegionMESouth1,
+		RegionSAEast1,
+		RegionUSEast1,
+		RegionUSEast2,
+		RegionUSWest1,
+		RegionUSWest2,
+	}
+
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Type:        "string",
+			Enum:        variables.MustMarshalValuesToEnumJSON(allRegions...),
+			Default:     variables.MustMarshal(RegionUSWest2),
+			Description: "AWS region to create cluster in",
+		},
+	}
+}
+
+func init() {
+	SchemeBuilder.Register(&AWSClusterConfig{})
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -27,7 +27,9 @@ import (
 	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers"
 	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
 	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/server"
-	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/clusterconfig"
+	awsclusterconfig "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/aws/clusterconfig"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/aws/mutation/region"
+	genericclusterconfig "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/clusterconfig"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/lifecycle/cni/calico"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/lifecycle/nfd"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/lifecycle/servicelbgc"
@@ -117,12 +119,12 @@ func main() {
 	}
 
 	// Handlers for lifecycle hooks.
-	lifeCycleHandlers := []handlers.Named{
+	genericLifeCycleHandlers := []handlers.Named{
 		servicelbgc.New(mgr.GetClient()),
 	}
 	// Handlers that apply patches to the Cluster object and its objects.
 	// Used by CAPI's GeneratePatches hook.
-	patchHandlers := []handlers.Named{
+	genericPatchHandlers := []handlers.Named{
 		httpproxy.NewPatch(mgr.GetClient()),
 		extraapiservercertsans.NewPatch(),
 		auditpolicy.NewPatch(),
@@ -132,34 +134,45 @@ func main() {
 	// Handlers used by CAPI's DiscoverVariables hook.
 	// It's ok that this does not match patchHandlers.
 	// Some of those handlers may always get applied and not have a corresponding variable.
-	variableHandlers := []handlers.Named{
+	genericVariableHandlers := []handlers.Named{
 		httpproxy.NewVariable(),
 		extraapiservercertsans.NewVariable(),
 		kubernetesimagerepository.NewVariable(),
 	}
-	// This metaPatchHandlers combines all other patch and variable handlers under a single handler.
+	// This genericMetaPatchHandlers combines all other patch and variable handlers under a single handler.
 	// It allows to specify configuration under a single variable.
-	metaPatchHandlers := []mutation.MetaMutater{
+	genericMetaPatchHandlers := []mutation.MetaMutater{
 		httpproxy.NewMetaPatch(mgr.GetClient()),
 		extraapiservercertsans.NewMetaPatch(),
 		auditpolicy.NewPatch(),
 		kubernetesimagerepository.NewMetaPatch(),
 		etcd.NewMetaPatch(),
 	}
-	metaHandlers := []handlers.Named{
+	genericMetaHandlers := []handlers.Named{
 		// This Calico handler relies on a variable but does not generate a patch.
 		// Instead it creates other resources in the API.
 		calico.NewMetaHandler(mgr.GetClient(), calicoCNIConfig),
 		nfd.NewMetaHandler(mgr.GetClient(), nfdConfig),
-		clusterconfig.NewVariable(),
-		mutation.NewMetaGeneratePatchesHandler("clusterConfigPatch", metaPatchHandlers...),
+		genericclusterconfig.NewVariable(),
+		mutation.NewMetaGeneratePatchesHandler("clusterConfigPatch", genericMetaPatchHandlers...),
+	}
+
+	// This awsMetaPatchHandlers combines all AWS patch and variable handlers under a single handler.
+	// It allows to specify configuration under a single variable.
+	awsMetaPatchHandlers := []mutation.MetaMutater{
+		region.NewMetaPatch(),
+	}
+	awsMetaHandlers := []handlers.Named{
+		awsclusterconfig.NewVariable(),
+		mutation.NewMetaGeneratePatchesHandler("awsClusterConfigPatch", awsMetaPatchHandlers...),
 	}
 
 	var allHandlers []handlers.Named
-	allHandlers = append(allHandlers, lifeCycleHandlers...)
-	allHandlers = append(allHandlers, patchHandlers...)
-	allHandlers = append(allHandlers, variableHandlers...)
-	allHandlers = append(allHandlers, metaHandlers...)
+	allHandlers = append(allHandlers, genericLifeCycleHandlers...)
+	allHandlers = append(allHandlers, genericPatchHandlers...)
+	allHandlers = append(allHandlers, genericVariableHandlers...)
+	allHandlers = append(allHandlers, genericMetaHandlers...)
+	allHandlers = append(allHandlers, awsMetaHandlers...)
 
 	runtimeWebhookServer := server.NewServer(runtimeWebhookServerOpts, allHandlers...)
 

cmd/main.go

@@ -4,6 +4,7 @@
 package selectors
 
 import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
 	controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1"
@@ -46,3 +47,19 @@ func AllWorkersSelector() clusterv1.PatchSelector {
 		},
 	}
 }
+
+// InfrastructureCluster selector matches against infrastructure clusters.
+// Passing in the API version (not the API group) is required because different providers could support different API
+// versions. This also allows for a oatch to select multiple infrastructure versions for the same provider.
+func InfrastructureCluster(capiInfrastructureAPIVersion, kind string) clusterv1.PatchSelector {
+	return clusterv1.PatchSelector{
+		APIVersion: schema.GroupVersion{
+			Group:   "infrastructure.cluster.x-k8s.io",
+			Version: capiInfrastructureAPIVersion,
+		}.String(),
+		Kind: kind,
+		MatchResources: clusterv1.PatchSelectorMatch{
+			InfrastructureCluster: true,
+		},
+	}
+}

common/pkg/capi/clustertopology/patches/selectors/selectors.go

@@ -15,9 +15,9 @@ import (
 	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/capitest/serializer"
 )
 
-// requestItem returns a GeneratePatchesRequestItem with the given variables and object.
-func requestItem(
-	object any,
+// NewRequestItem returns a GeneratePatchesRequestItem with the given variables and object.
+func NewRequestItem(
+	object runtime.Object,
 	holderRef *runtimehooksv1.HolderReference,
 	uid types.UID,
 ) runtimehooksv1.GeneratePatchesRequestItem {
@@ -35,7 +35,7 @@ func requestItem(
 }
 
 func NewKubeadmConfigTemplateRequestItem(uid types.UID) runtimehooksv1.GeneratePatchesRequestItem {
-	return requestItem(
+	return NewRequestItem(
 		&bootstrapv1.KubeadmConfigTemplate{
 			TypeMeta: metav1.TypeMeta{
 				Kind:       "KubeadmConfigTemplate",
@@ -60,7 +60,7 @@ func NewKubeadmConfigTemplateRequestItem(uid types.UID) runtimehooksv1.GenerateP
 func NewKubeadmControlPlaneTemplateRequestItem(
 	uid types.UID,
 ) runtimehooksv1.GeneratePatchesRequestItem {
-	return requestItem(
+	return NewRequestItem(
 		&controlplanev1.KubeadmControlPlaneTemplate{
 			TypeMeta: metav1.TypeMeta{
 				Kind:       "KubeadmControlPlaneTemplate",

common/pkg/testutils/capitest/request/items.go

@@ -6,10 +6,21 @@ package serializer
 import (
 	"bytes"
 	"encoding/json"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
 func ToJSON(v any) []byte {
-	data, err := json.Marshal(v)
+	var (
+		data []byte
+		err  error
+	)
+	if u, ok := v.(*unstructured.Unstructured); ok {
+		data, err = u.MarshalJSON()
+	} else {
+		data, err = json.Marshal(v)
+	}
+
 	if err != nil {
 		panic(err)
 	}

common/pkg/testutils/capitest/serializer/tojson.go

@@ -29,6 +29,7 @@ func ValidateDiscoverVariables[T mutation.DiscoverVariables](
 	t *testing.T,
 	variableName string,
 	variableSchema *clusterv1.VariableSchema,
+	variableRequired bool,
 	handlerCreator func() T,
 	variableTestDefs ...VariableTestDef,
 ) {
@@ -57,7 +58,7 @@ func ValidateDiscoverVariables[T mutation.DiscoverVariables](
 			variable := resp.Variables[0]
 			g.Expect(variable).To(gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{
 				"Name":     gomega.Equal(variableName),
-				"Required": gomega.BeFalse(),
+				"Required": gomega.Equal(variableRequired),
 				"Schema":   gomega.Equal(*variableSchema),
 			}))