add support for wafv2 webacl

crossplane-contrib · Jan 30, 2025 · 44ba5bf · 44ba5bf
1 parent cef8861
commit 44ba5bf
Show file tree

Hide file tree

Showing 22 changed files with 20,130 additions and 12 deletions.
diff --git a/apis/aws.go b/apis/aws.go
@@ -95,6 +95,7 @@ import (
 	transferv1alpha1 "github.com/crossplane-contrib/provider-aws/apis/transfer/v1alpha1"
 	awsv1alpha1 "github.com/crossplane-contrib/provider-aws/apis/v1alpha1"
 	awsv1beta1 "github.com/crossplane-contrib/provider-aws/apis/v1beta1"
+	wafv2v1alpha1 "github.com/crossplane-contrib/provider-aws/apis/wafv2/v1alpha1"
 )
 
 func init() {
@@ -175,6 +176,7 @@ func init() {
 		servicecatalogv1alpha1.SchemeBuilder.AddToScheme,
 		s3control.SchemeBuilder.AddToScheme,
 		firehosev1alpha1.SchemeBuilder.AddToScheme,
+		wafv2v1alpha1.SchemeBuilder.AddToScheme,
 	)
 }
 

diff --git a/apis/wafv2/disabled-generator-config.yaml b/apis/wafv2/disabled-generator-config.yaml
@@ -0,0 +1,69 @@
+# NOTE(teeverr): this config file was used for generation of types WAFV2 API(make services SERVICES=wafv2) via ack-code-generator v0.38.1,
+# then these types where backported to v0.28.1(current version in January 2025), and then the controller code was generated(make generate) by ack-code-generator v0.28.1.
+# The reason is that ack-code-generator support specific options(which are needed) like empty shapes and set[].ignore only since version v0.38.0, but this version
+# requires rigs.k8s.io/controller-runtime v0.18.4(current version is v0.17.0) and controller-runtime in turn requires
+# crossplane-runtime(>=1.17). But newer versions of crossplane-runtime bring a new additinal method `Disconnect()` to `external`
+# object, Delete method also has been changed(probably something else). But ack-code-generator doesn't generate it for crossplane.
+# It means ack-code-generator should be enhanced to generate relevant controller code for newer versions of crossplane-runtime
+# In addition, it is required that all manually written controllers be updated to accommodate these new methods.
+# This far away from my current story - add support for wafv2 webacl.
+---
+ignore:
+  resource_names:
+    - APIKey
+    - IPSet
+    - RegexPatternSet
+    - RuleGroup
+  field_paths:
+    - CreateWebACLInput.Name
+    - UpdateWebACLInput.Name
+    - DeleteWebACLInput.Name
+    - GetWebACLInput.Name
+    - WebACL.Rules.Statement.AndStatement
+    - WebACL.Rules.Statement.OrStatement
+    - WebACL.Rules.Statement.NotStatement
+    - WebACL.Rules.Statement.ManagedRuleGroupStatement.ScopeDownStatement
+    - WebACL.Rules.Statement.RateBasedStatement.ScopeDownStatement
+empty_shapes:
+  - All
+  - Method
+  - UriPath
+  - QueryString
+  - AllQueryArguments
+  - RateLimitIP
+  - RateLimitForwardedIP
+  - RateLimitHTTPMethod
+  - NoneAction
+operations:
+  GetWebACL:
+    output_wrapper_field_path: WebACL
+resources:
+  WebACL:
+    fields:
+      # The statements below have infinite recursion(e.g. Statement.AndStatement.Statements contains list of Statement), so it's ignored and replaced with a string. The controller expects json string for these fields.
+      Rules.Statement.AndStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.OrStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.NotStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.ManagedRuleGroupStatement.ScopeDownStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.RateBasedStatement.ScopeDownStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.ByteMatchStatement.TextTransformations.Type:
+        go_tag: json:"type,omitempty"
+    exceptions:
+      errors:
+        404:
+          code: ResourceNotFoundException