feat(health): support for aws.crossplane.io resources (#19029)

* feat(health): support for iam.aws.crossplane.io resources

Signed-off-by: Jellyfrog <Jellyfrog@users.noreply.github.com>

* feat(health): support for bucket s3.aws.crossplane.io resource

Signed-off-by: Jellyfrog <Jellyfrog@users.noreply.github.com>

---------

Signed-off-by: Jellyfrog <Jellyfrog@users.noreply.github.com>

resource_customizations/iam.aws.crossplane.io/Policy/health.lua

@@ -0,0 +1,41 @@
+local hs = {}
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    local ready = false
+    local synced = false
+    local suspended = false
+    for i, condition in ipairs(obj.status.conditions) do
+
+      if condition.type == "Ready" then
+        ready = condition.status == "True"
+        ready_message = condition.reason
+      elseif condition.type == "Synced" then
+        synced = condition.status == "True"
+        if condition.reason == "ReconcileError" then
+          synced_message = condition.message
+        elseif condition.reason == "ReconcilePaused" then
+          suspended = true
+          suspended_message = condition.reason
+        end
+      end
+    end
+    if ready and synced then
+      hs.status = "Healthy"
+      hs.message = ready_message
+    elseif synced == false and suspended == true then
+      hs.status = "Suspended"
+      hs.message = suspended_message
+    elseif ready == false and synced == true and suspended == false then
+      hs.status = "Progressing"
+      hs.message = "Waiting for Policy to be available"
+    else
+      hs.status = "Degraded"
+      hs.message = synced_message
+    end
+    return hs
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for Policy to be created"
+return hs

resource_customizations/iam.aws.crossplane.io/Policy/health_test.yaml

@@ -0,0 +1,10 @@
+tests:
+- healthStatus:
+    status: Degraded
+    message: 'observe failed: cannot check if policy is up to date: invalid character
+      '']'' looking for beginning of value'
+  inputPath: testdata/ReconcileError.yaml
+- healthStatus:
+    status: Healthy
+    message: Available
+  inputPath: testdata/healthy.yaml

resource_customizations/iam.aws.crossplane.io/Policy/testdata/ReconcileError.yaml

@@ -0,0 +1,39 @@
+apiVersion: iam.aws.crossplane.io/v1beta1
+kind: Policy
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    description: example
+    document: "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\":
+      \"Allow\",\n      \"Action\": [\n        \"s3:*\",\n      ], \n      \"Resource\":
+      [\n          \"arn:aws:s3:::example\"\n      ]\n    }\n  ]\n}\n"
+    name: example
+    tags:
+    - key: crossplane-name
+      value: example
+    - key: crossplane-providerconfig
+      value: provider-aws
+    - key: crossplane-kind
+      value: policy.iam.aws.crossplane.io
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    arn: arn:aws:iam::123:policy/example
+    attachmentCount: 1
+    defaultVersionId: v1
+    isAttachable: true
+    policyId: ABC
+  conditions:
+  - lastTransitionTime: "2024-07-11T11:01:01Z"
+    reason: Available
+    status: "True"
+    type: Ready
+  - lastTransitionTime: "2024-07-11T11:01:01Z"
+    message: 'observe failed: cannot check if policy is up to date: invalid character
+      '']'' looking for beginning of value'
+    reason: ReconcileError
+    status: "False"
+    type: Synced

resource_customizations/iam.aws.crossplane.io/Policy/testdata/healthy.yaml

@@ -0,0 +1,45 @@
+apiVersion: iam.aws.crossplane.io/v1beta1
+kind: Policy
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    description: example
+    document: |
+      {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": ["s3:ListBucket"],
+              "Resource": ["arn:aws:s3:::examples"]
+            }
+          ]
+      }
+    name: examples-s3-hello-s3
+    tags:
+    - key: crossplane-name
+      value: example
+    - key: crossplane-providerconfig
+      value: provider-aws
+    - key: crossplane-kind
+      value: policy.iam.aws.crossplane.io
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    arn: arn:aws:iam::123:policy/examples-s3-hello-s3
+    attachmentCount: 1
+    defaultVersionId: v2
+    isAttachable: true
+    policyId: 123
+  conditions:
+  - lastTransitionTime: "2024-07-11T08:18:16Z"
+    reason: Available
+    status: "True"
+    type: Ready
+  - lastTransitionTime: "2024-07-11T08:18:07Z"
+    reason: ReconcileSuccess
+    status: "True"
+    type: Synced

resource_customizations/iam.aws.crossplane.io/Role/health.lua

@@ -0,0 +1,41 @@
+local hs = {}
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    local ready = false
+    local synced = false
+    local suspended = false
+    for i, condition in ipairs(obj.status.conditions) do
+
+      if condition.type == "Ready" then
+        ready = condition.status == "True"
+        ready_message = condition.reason
+      elseif condition.type == "Synced" then
+        synced = condition.status == "True"
+        if condition.reason == "ReconcileError" then
+          synced_message = condition.message
+        elseif condition.reason == "ReconcilePaused" then
+          suspended = true
+          suspended_message = condition.reason
+        end
+      end
+    end
+    if ready and synced then
+      hs.status = "Healthy"
+      hs.message = ready_message
+    elseif synced == false and suspended == true then
+      hs.status = "Suspended"
+      hs.message = suspended_message
+    elseif ready == false and synced == true and suspended == false then
+      hs.status = "Progressing"
+      hs.message = "Waiting for Role to be available"
+    else
+      hs.status = "Degraded"
+      hs.message = synced_message
+    end
+    return hs
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for Role to be created"
+return hs

resource_customizations/iam.aws.crossplane.io/Role/health_test.yaml

@@ -0,0 +1,10 @@
+tests:
+- healthStatus:
+    status: Degraded
+    message: 'connect failed: cannot get referenced Provider: ProviderConfig.aws.crossplane.io
+      "provider-aws1" not found'
+  inputPath: testdata/ReconcileError.yaml
+- healthStatus:
+    status: Healthy
+    message: Available
+  inputPath: testdata/healthy.yaml

resource_customizations/iam.aws.crossplane.io/Role/testdata/ReconcileError.yaml

@@ -0,0 +1,54 @@
+apiVersion: iam.aws.crossplane.io/v1beta1
+kind: Role
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    assumeRolePolicyDocument: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "",
+                "Effect": "Allow",
+                "Principal": {
+                    "Federated": "arn:aws:iam::123:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/123ABC"
+                },
+                "Action": "sts:AssumeRoleWithWebIdentity",
+                "Condition": {
+                    "StringEquals": {
+                        "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:sub": "system:serviceaccount:ABC:example",
+                        "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:aud": "sts.amazonaws.com"
+                    }
+                }
+            }
+        ]
+      }
+    description: example
+    maxSessionDuration: 3600
+    path: /
+    tags:
+    - key: crossplane-kind
+      value: role.iam.aws.crossplane.io
+    - key: crossplane-name
+      value: example
+    - key: crossplane-providerconfig
+      value: provider-aws
+  providerConfigRef:
+    name: provider-aws1
+status:
+  atProvider:
+    arn: arn:aws:iam::123:role/examples-s31
+    roleID: ABC123
+  conditions:
+  - lastTransitionTime: "2024-07-11T13:51:47Z"
+    reason: Available
+    status: "True"
+    type: Ready
+  - lastTransitionTime: "2024-07-11T13:54:11Z"
+    message: 'connect failed: cannot get referenced Provider: ProviderConfig.aws.crossplane.io
+      "provider-aws1" not found'
+    reason: ReconcileError
+    status: "False"
+    type: Synced

resource_customizations/iam.aws.crossplane.io/Role/testdata/healthy.yaml

@@ -0,0 +1,52 @@
+apiVersion: iam.aws.crossplane.io/v1beta1
+kind: Role
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    assumeRolePolicyDocument: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "",
+                "Effect": "Allow",
+                "Principal": {
+                    "Federated": "arn:aws:iam::123:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/123ABC"
+                },
+                "Action": "sts:AssumeRoleWithWebIdentity",
+                "Condition": {
+                    "StringEquals": {
+                        "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:sub": "system:serviceaccount:ABC:example",
+                        "oidc.eks.eu-north-1.amazonaws.com/id/123ABC:aud": "sts.amazonaws.com"
+                    }
+                }
+            }
+        ]
+      }
+    description: example
+    maxSessionDuration: 3600
+    path: /
+    tags:
+    - key: crossplane-kind
+      value: role.iam.aws.crossplane.io
+    - key: crossplane-name
+      value: example
+    - key: crossplane-providerconfig
+      value: provider-aws
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    arn: arn:aws:iam::123:role/example
+    roleID: ABC123
+  conditions:
+  - lastTransitionTime: "2024-07-11T07:49:50Z"
+    reason: Available
+    status: "True"
+    type: Ready
+  - lastTransitionTime: "2024-07-11T07:49:49Z"
+    reason: ReconcileSuccess
+    status: "True"
+    type: Synced

resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health.lua

@@ -0,0 +1,41 @@
+local hs = {}
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    local ready = false
+    local synced = false
+    local suspended = false
+    for i, condition in ipairs(obj.status.conditions) do
+
+      if condition.type == "Ready" then
+        ready = condition.status == "True"
+        ready_message = condition.reason
+      elseif condition.type == "Synced" then
+        synced = condition.status == "True"
+        if condition.reason == "ReconcileError" then
+          synced_message = condition.message
+        elseif condition.reason == "ReconcilePaused" then
+          suspended = true
+          suspended_message = condition.reason
+        end
+      end
+    end
+    if ready and synced then
+      hs.status = "Healthy"
+      hs.message = ready_message
+    elseif synced == false and suspended == true then
+      hs.status = "Suspended"
+      hs.message = suspended_message
+    elseif ready == false and synced == true and suspended == false then
+      hs.status = "Progressing"
+      hs.message = "Waiting for RolePolicyAttachment to be available"
+    else
+      hs.status = "Degraded"
+      hs.message = synced_message
+    end
+    return hs
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for RolePolicyAttachment to be created"
+return hs

resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/health_test.yaml

@@ -0,0 +1,10 @@
+tests:
+- healthStatus:
+    status: Degraded
+    message: 'create failed: failed to attach the policy to role: NoSuchEntity: The
+      role with name example cannot be found.'
+  inputPath: testdata/ReconcileError.yaml
+- healthStatus:
+    status: Healthy
+    message: Available
+  inputPath: testdata/healthy.yaml

resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/ReconcileError.yaml

@@ -0,0 +1,25 @@
+apiVersion: iam.aws.crossplane.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    policyArn: arn:aws:iam::123:policy/example
+    roleName: example
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    attachedPolicyArn: ""
+  conditions:
+  - lastTransitionTime: "2024-07-11T13:44:28Z"
+    reason: Creating
+    status: "False"
+    type: Ready
+  - lastTransitionTime: "2024-07-11T13:44:28Z"
+    message: 'create failed: failed to attach the policy to role: NoSuchEntity: The
+      role with name example cannot be found.'
+    reason: ReconcileError
+    status: "False"
+    type: Synced

resource_customizations/iam.aws.crossplane.io/RolePolicyAttachment/testdata/healthy.yaml

@@ -0,0 +1,23 @@
+apiVersion: iam.aws.crossplane.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    policyArn: arn:aws:iam::123:policy/example
+    roleName: example
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    attachedPolicyArn: arn:aws:iam::123:policy/example
+  conditions:
+  - lastTransitionTime: "2024-07-11T08:19:17Z"
+    reason: Available
+    status: "True"
+    type: Ready
+  - lastTransitionTime: "2024-07-11T08:18:16Z"
+    reason: ReconcileSuccess
+    status: "True"
+    type: Synced

resource_customizations/s3.aws.crossplane.io/Bucket/health.lua

@@ -0,0 +1,41 @@
+local hs = {}
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    local ready = false
+    local synced = false
+    local suspended = false
+    for i, condition in ipairs(obj.status.conditions) do
+
+      if condition.type == "Ready" then
+        ready = condition.status == "True"
+        ready_message = condition.reason
+      elseif condition.type == "Synced" then
+        synced = condition.status == "True"
+        if condition.reason == "ReconcileError" then
+          synced_message = condition.message
+        elseif condition.reason == "ReconcilePaused" then
+          suspended = true
+          suspended_message = condition.reason
+        end
+      end
+    end
+    if ready and synced then
+      hs.status = "Healthy"
+      hs.message = ready_message
+    elseif synced == false and suspended == true then
+      hs.status = "Suspended"
+      hs.message = suspended_message
+    elseif ready == false and synced == true and suspended == false then
+      hs.status = "Progressing"
+      hs.message = "Waiting for Bucket to be available"
+    else
+      hs.status = "Degraded"
+      hs.message = synced_message
+    end
+    return hs
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for Bucket to be created"
+return hs

resource_customizations/s3.aws.crossplane.io/Bucket/health_test.yaml

@@ -0,0 +1,14 @@
+tests:
+- healthStatus:
+    status: Degraded
+    message: >-
+      delete failed: operation error S3: DeleteBucket, https response error
+      StatusCode: 409, RequestID: ABC123, HostID:
+      ABC/123/ABC=,
+      api error BucketNotEmpty: The bucket you tried to delete is not empty.
+      You must delete all versions in the bucket.
+  inputPath: testdata/ReconcileError.yaml
+- healthStatus:
+    status: Healthy
+    message: Available
+  inputPath: testdata/healthy.yaml

resource_customizations/s3.aws.crossplane.io/Bucket/testdata/ReconcileError.yaml

@@ -0,0 +1,42 @@
+apiVersion: s3.aws.crossplane.io/v1beta1
+kind: Bucket
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    locationConstraint: eu-north-1
+    objectOwnership: BucketOwnerEnforced
+    paymentConfiguration:
+      payer: BucketOwner
+    publicAccessBlockConfiguration:
+      blockPublicAcls: true
+      blockPublicPolicy: true
+      ignorePublicAcls: true
+      restrictPublicBuckets: true
+    serverSideEncryptionConfiguration:
+      rules:
+        - applyServerSideEncryptionByDefault:
+            sseAlgorithm: AES256
+    versioningConfiguration:
+      status: Suspended
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    arn: 'arn:aws:s3:::example'
+  conditions:
+    - lastTransitionTime: '2024-07-12T09:51:07Z'
+      reason: Deleting
+      status: 'False'
+      type: Ready
+    - lastTransitionTime: '2024-07-12T09:51:07Z'
+      message: >-
+        delete failed: operation error S3: DeleteBucket, https response error
+        StatusCode: 409, RequestID: ABC123, HostID:
+        ABC/123/ABC=,
+        api error BucketNotEmpty: The bucket you tried to delete is not empty.
+        You must delete all versions in the bucket.
+      reason: ReconcileError
+      status: 'False'
+      type: Synced

resource_customizations/s3.aws.crossplane.io/Bucket/testdata/healthy.yaml

@@ -0,0 +1,36 @@
+apiVersion: s3.aws.crossplane.io/v1beta1
+kind: Bucket
+metadata:
+  name: example
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    locationConstraint: eu-north-1
+    objectOwnership: BucketOwnerEnforced
+    paymentConfiguration:
+      payer: BucketOwner
+    publicAccessBlockConfiguration:
+      blockPublicAcls: true
+      blockPublicPolicy: true
+      ignorePublicAcls: true
+      restrictPublicBuckets: true
+    serverSideEncryptionConfiguration:
+      rules:
+        - applyServerSideEncryptionByDefault:
+            sseAlgorithm: AES256
+    versioningConfiguration:
+      status: Suspended
+  providerConfigRef:
+    name: provider-aws
+status:
+  atProvider:
+    arn: arn:aws:s3:::example
+  conditions:
+  - lastTransitionTime: "2024-07-12T12:50:46Z"
+    reason: Available
+    status: "True"
+    type: Ready
+  - lastTransitionTime: "2024-07-12T12:50:44Z"
+    reason: ReconcileSuccess
+    status: "True"
+    type: Synced