Allow creation of ProviderConfig from SA token (#164)

Closes #138
Also adds more OSS tests!

.github/workflows/ci.yml

@@ -302,6 +302,4 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
-      - run: make e2e
-        env:
-          UPTEST_EXAMPLE_LIST: examples/oss/v1alpha1/dashboard.yaml
+      - run: make e2e-oss

Makefile

@@ -178,6 +178,9 @@ local-deploy: build controlplane.up local.xpkg.deploy.provider.$(PROJECT_NAME)
 
 e2e: local-deploy uptest
 
+e2e-oss:
+	@find examples/oss -name '*.yaml' -exec make e2e UPTEST_EXAMPLE_LIST={} \;
+
 .PHONY: cobertura submodules fallthrough run crds.clean
 
 # ====================================================================================

apis/v1beta1/types.go

@@ -12,6 +12,15 @@ import (
 
 // A ProviderConfigSpec defines the desired state of a ProviderConfig.
 type ProviderConfigSpec struct {
+	// Override the Grafana URL from the credentials reference attribute.
+	URL string `json:"url,omitempty"`
+	// Override the Grafana Cloud API URL from the credentials reference attribute.
+	CloudAPIURL string `json:"cloudApiUrl,omitempty"`
+	// Override the OnCall API URL from the credentials reference attribute.
+	OnCallURL string `json:"oncallUrl,omitempty"`
+	// Override the Synthetic Monitoring API URL from the credentials reference attribute.
+	SMURL string `json:"smUrl,omitempty"`
+
 	// Credentials required to authenticate to this provider.
 	Credentials ProviderCredentials `json:"credentials"`
 }

examples/oss/v1alpha1/serviceaccounttoken.yaml

@@ -0,0 +1,82 @@
+# Note: Resources are inverted in this file so that the dashboard is deleted first,
+# it will fail to delete if the SA token is deleted first.
+# Creation order doesn't matter because Crossplane is eventually consistent
+
+# Create a new dashboard using the new provider
+apiVersion: oss.grafana.crossplane.io/v1alpha1
+kind: Dashboard
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/serviceaccounttoken
+  labels:
+    testing.upbound.io/example-name: test-sa-token
+  name: test-dashboard-from-sa
+spec:
+  forProvider:
+    configJson: |-
+      {
+        "title" : "My Dashboard From SA Token",
+        "uid" : "dashboard-from-sa"
+      }
+  providerConfigRef:
+    name: sa-grafana-provider
+
+---
+
+# Create a new provider from the created secret
+apiVersion: grafana.crossplane.io/v1beta1
+kind: ProviderConfig
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/serviceaccounttoken
+  labels:
+    testing.upbound.io/example-name: test-sa-token
+  name: sa-grafana-provider
+spec:
+  url: http://grafana.grafana.svc.cluster.local # Same as the grafana-provider URL
+  credentials:
+    source: Secret
+    secretRef:
+      name: test-sa-token
+      namespace: upbound-system
+      key: instanceCredentials
+
+---
+
+apiVersion: oss.grafana.crossplane.io/v1alpha1
+kind: ServiceAccountToken
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/serviceaccounttoken
+    uptest.upbound.io/disable-import: "true"
+  labels:
+    testing.upbound.io/example-name: test-sa-token
+  name: test-sa-token
+spec:
+  forProvider:
+    name: test-sa-token
+    serviceAccountSelector:
+      matchLabels:
+        testing.upbound.io/example-name: test-sa-token
+  writeConnectionSecretToRef:
+    name: test-sa-token
+    namespace: upbound-system
+  providerConfigRef:
+    name: grafana-provider
+
+---
+
+apiVersion: oss.grafana.crossplane.io/v1alpha1
+kind: ServiceAccount
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/serviceaccounttoken
+  labels:
+    testing.upbound.io/example-name: test-sa-token
+  name: test-sa
+spec:
+  forProvider:
+    name: test-sa
+    role: Admin
+  providerConfigRef:
+    name: grafana-provider

examples/oss/v1alpha1/team.yaml

@@ -0,0 +1,52 @@
+apiVersion: oss.grafana.crossplane.io/v1alpha1
+kind: Team
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/team
+  labels:
+    testing.upbound.io/example-name: test-team
+  name: test-team
+spec:
+  forProvider:
+    email: [email protected]
+    memberRefs:
+    - name: viewer
+    name: Test Team
+  providerConfigRef:
+    name: grafana-provider
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/team
+  labels:
+    testing.upbound.io/example-name: test-team
+  name: example-secret
+  namespace: upbound-system
+data:
+  example-key: ZXhhbXBsZS1wYXNzd29yZA==
+
+---
+
+apiVersion: oss.grafana.crossplane.io/v1alpha1
+kind: User
+metadata:
+  annotations:
+    meta.upbound.io/example-id: oss/v1alpha1/team
+  labels:
+    testing.upbound.io/example-name: test-team
+  name: viewer
+spec:
+  forProvider:
+    email: [email protected]
+    login: viewer
+    name: Viewer
+    passwordSecretRef:
+      name: example-secret
+      namespace: upbound-system
+      key: example-key
+  providerConfigRef:
+    name: grafana-provider

internal/clients/grafana.go

@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 	"github.com/crossplane/upjet/pkg/terraform"
 	grafanaProvider "github.com/grafana/terraform-provider-grafana/v3/pkg/provider"
@@ -77,7 +78,33 @@ func TerraformSetupBuilder() terraform.SetupFn {
 				ps.Configuration[k] = v
 			}
 		}
-		return ps, errors.Wrap(configureNoForkGrafanaClient(ctx, &ps), "failed to configure the no-fork Azure client")
+
+		if pc.Spec.URL != "" {
+			ps.Configuration["url"] = pc.Spec.URL
+		}
+		if pc.Spec.CloudAPIURL != "" {
+			ps.Configuration["cloud_api_url"] = pc.Spec.CloudAPIURL
+		}
+		if pc.Spec.OnCallURL != "" {
+			ps.Configuration["oncall_url"] = pc.Spec.OnCallURL
+		}
+		if pc.Spec.SMURL != "" {
+			ps.Configuration["sm_url"] = pc.Spec.SMURL
+		}
+
+		if err := configureNoForkGrafanaClient(ctx, &ps); err != nil {
+			return ps, errors.Wrap(err, "failed to configure the no-fork Grafana client")
+		}
+
+		// Set Ready condition to true and write back the status.
+		if len(pc.Status.Conditions) == 0 {
+			pc.Status.SetConditions(v1.Available())
+			if err := client.Status().Update(ctx, pc); err != nil {
+				return ps, errors.Wrap(err, "cannot update ProviderConfig status")
+			}
+		}
+
+		return ps, nil
 	}
 }
 

package/crds/grafana.crossplane.io_providerconfigs.yaml

@@ -51,6 +51,10 @@ spec:
           spec:
             description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
             properties:
+              cloudApiUrl:
+                description: Override the Grafana Cloud API URL from the credentials
+                  reference attribute.
+                type: string
               credentials:
                 description: Credentials required to authenticate to this provider.
                 properties:
@@ -107,6 +111,18 @@ spec:
                 required:
                 - source
                 type: object
+              oncallUrl:
+                description: Override the OnCall API URL from the credentials reference
+                  attribute.
+                type: string
+              smUrl:
+                description: Override the Synthetic Monitoring API URL from the credentials
+                  reference attribute.
+                type: string
+              url:
+                description: Override the Grafana URL from the credentials reference
+                  attribute.
+                type: string
             required:
             - credentials
             type: object