Merge branch 'aws-controllers-k8s:main' into main

Author: anbaig

.github/workflows/issue-response.yml

@@ -0,0 +1,43 @@
+name: Issue Responder
+
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  issues: write
+
+jobs:
+  add-sla-comment:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if issue opener is an org member
+        id: check_membership
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const authorAssociation = context.payload.issue.author_association;
+            console.log("Author association:", authorAssociation);
+            
+            // Check if user is a MEMBER or OWNER
+            const isMember = ['OWNER', 'MEMBER'].includes(authorAssociation);
+            console.log("Is member:", isMember);
+            return isMember;
+      - name: Add SLA Comment if Not Org Member
+        if: steps.check_membership.outputs.result == 'false'
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const issue = context.payload.issue;
+            const issueNumber = issue.number;
+            const username = issue.user.login;
+            
+            const slaMessage = `Hello @${username} 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.\n\nWe encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our [Contribution](https://github.com/aws-controllers-k8s/community/blob/main/CONTRIBUTING.md) and [Code of Conduct](https://github.com/aws-controllers-k8s/community/blob/main/CODE_OF_CONDUCT.md) guidelines.\n\nYou can find more information about ACK on our [website](https://aws-controllers-k8s.github.io/community/).`;
+            
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issueNumber,
+              body: slaMessage
+            });

docs/content/docs/user-docs/adopted-resource.md

@@ -10,8 +10,10 @@ weight: 66
 toc: true
 ---
 
-**WARNING** This is no longer the recommended approach for adopting resources.
-The recommended feature can be found [HERE](features#resourceadoption)
+{{% hint type="warning" title="Warning" %}}
+This is no longer the recommended approach for adopting resources in ACK. The
+recommended feature can be found [HERE](https://aws-controllers-k8s.github.io/community/docs/user-docs/features/#resourceadoption)
+{{% /hint %}}
 
 The ACK controllers are intended to manage the complete lifecycle of an AWS
 resource, from creation through deletion. However, you may already be

docs/content/docs/user-docs/features.md

@@ -11,9 +11,14 @@ toc: true
 ---
 
 Currently we support 4 feature gates for our controllers.
+To use these feature, ensure you enable the [feature gates](https://github.com/aws-controllers-k8s/ec2-controller/blob/b6dff777c35d03335ebb0c3ffca5ee7577e70f18/helm/values.yaml#L164-L172) during helm install, as they are disabled by default.
 
 ### ResourceAdoption
-This feature allows users to adopt AWS resources by specifying the adoption policy as an annotation `services.k8s.aws/adoption-policyy` (currently only supporting `adopt` as a value), and providing the fields required for a read operation in an annotation called `services.k8s.aws/adoption-fields` in json format, and an empty spec.
+This feature allows users to adopt AWS resources by specifying the adoption policy as an annotation `services.k8s.aws/adoption-policy`.
+This annotation currently supports two values, `adopt` and `adopt-or-create`.
+`adopt` adoption policy strictly adopts resources as they are in AWS, and it is highly recommended to provide an empty spec (as it will be overriden
+if adoption is successful) and `services.k8s.aws/adoption-fields` annotation with all the fields necessary to retrieve the resource from AWS 
+(this would be the `name` for EKS cluster, `queueURL` for SQS queues, `vpcID` for VPCs, or `arn` for SNS Topic, etc.)
 Here's an example for how to adopt an EKS cluster:
 
 ```yaml
@@ -29,8 +34,54 @@ metadata:
         }
 ```
 Applying the above manifest allows users to adopt an existing EKS cluster named `my-cluster`.
-After reconciliation, all the fields in the spec and status will be filled by the controleler.
-This feature is currently available for the s3 controller, and we'll see more releases in the future for other controllers
+After reconciliation, all the fields in the spec and status will be populated by the controller.
+
+When you want the controller to create resources if they don't exist, you can set
+`adopt-or-create` adoption policy. With this policy, as the name suggests, the controller
+will adopt the resource if it exists, or create it if it doesn't.
+For `adopt-or-create` the controller expects the spec to be populated by the user with all the 
+fields necessary for a find/create. If the read operation required field is in the status
+the `adoption-fields` annotation will be used to retrieve such fields.
+If the adoption is successful for `adopt-or-create`, the controller will attempt updating
+your AWS resource, to ensure your ACK manifest is the source of truth. 
+Here are some sample manifests:
+EKS Cluster
+```yaml
+apiVersion: eks.services.k8s.aws/v1alpha1
+kind: Cluster
+metadata:
+  name: my-cluster
+  annotations:
+    services.k8s.aws/adoption-policy: "adopt-or-create"
+spec:
+  name: my-cluster
+  roleARN: arn:role:123456789/myrole
+  version: "1.32"
+  resourcesVPCConfig:
+    endpointPrivateAccess: true
+    endpointPublicAccess: true
+    subnetIDs:
+      - subnet-312ensdj2313dnsa2
+      - subnet-1e323124ewqe43213
+
+```
+VPC
+```yaml
+apiVersion: ec2.services.k8s.aws/v1alpha1
+kind: VPC
+metadata:
+  name: hello
+  annotations:
+    services.k8s.aws/adoption-policy: adopt-or-create
+    services.k8s.aws/adoption-fields: |
+      {"vpcID": "vpc-123456789012"}
+spec:
+  cidrBlocks: 
+  - "2.0.0.0/16"
+  tags:
+  - key: k1
+    value: v1
+```
 
 ### ReadOnlyResources
 This feature allows users to mark a resource as read only, as in, it would ensure that the resource will not call any update operation, and will not be patching anything in the spec, but instead, it will be reconciling the status and ensuring it matches the resource it points to.
@@ -100,4 +151,4 @@ data:
   team-a: "arn:aws:iam::111111111111:role/team-a-global-role"
   s3.team-a: "arn:aws:iam::111111111111:role/team-a-s3-role"
   dynamodb.team-a: "arn:aws:iam::111111111111:role/team-a-dynamodb-role"
-```
+```

docs/content/docs/user-docs/openshift.md

@@ -75,6 +75,7 @@ ACK_RESOURCE_TAGS=hellofromocp
 ENABLE_LEADER_ELECTION=true
 LEADER_ELECTION_NAMESPACE=
 RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS=1
+FEATURE_FLAGS=
 ```
 
 Now use `config.txt` to create a `ConfigMap` in your OpenShift cluster:

docs/content/docs/user-docs/resource-crud.md

@@ -73,7 +73,83 @@ kubectl delete -f bucket.yaml
 kubectl get bucket/$BUCKET_NAME
 ```
 
+
+## Understanding ACK Controller Conditons
+
+
+ACK controllers use conditions to indicate the state of custom resources and their corresponding AWS service resources. These conditions are exposed in the `Status.Conditions` collection of each custom resource.
+
+### Condition Types
+
+#### ACK.Adopted
+
+Indicates that an adopted resource custom resource has been successfully reconciled and the target has been created.
+
+* **True**: Resource has been successfully adopted
+* **False**: Resource adoption failed
+* **Unknown**: Resource adoption status cannot be determined
+
+#### ACK.ResourceSynced
+
+Indicates whether the state of the resource in the backend AWS service is in sync with the ACK service controller.
+
+* **True**: Resource is fully synced
+* **False**: Resource is out of sync
+* **Unknown**: Sync status cannot be determined
+
+#### ACK.Terminal
+
+Indicates that the custom resource Spec needs to be updated before any further sync can occur.
+
+* **True**: Resource is in terminal state
+* **False**: Resource is not in terminal state
+* **Unknown**: Terminal state cannot be determined
+
+Possible Causes:
+* Invalid arguments in input YAML
+* Resource creation failed in AWS
+
+#### ACK.Recoverable
+
+Indicates errors that may be resolved without updating the custom resource spec.
+
+* **True**: Error is recoverable
+* **False**: Error is not recoverable
+* **Unknown**: Recovery status cannot be determined
+
+Possible Causes:
+* Transient AWS service unavailability
+* Access denied exceptions requiring credential updates
+
+#### ACK.Advisory
+
+Indicates advisory information present in the resource.
+
+* **True**: Advisory condition exists
+* **False**: No advisory condition
+* **Unknown**: Advisory status cannot be determined
+
+Possible Causes:
+* Attempting to modify an immutable field after resource creation
+
+#### ACK.LateInitialized
+
+Indicates the status of late initialization of fields.
+
+* **True**: Late initialization completed
+* **False**: Late initialization in progress
+* Not present: No late initialization needed
+
+#### ACK.ReferencesResolved
+
+Indicates whether all AWSResourceReference type references have been resolved.
+
+* **True**: All references resolved
+* **False**: Reference resolution failed
+* **Unknown**: Resolution status cannot be determined
+* Not present: No references to resolve
+
 ## Next Steps
 
 Now that you have verified ACK service controller functionality, [checkout ACK
-functionality for creating resources in multiple AWS regions.](../multi-region-resource-management)
+functionality for creating resources in multiple AWS regions.](../multi-region-resource-management)

docs/requirements.txt

@@ -1,3 +1,3 @@
-acktools @ git+https://github.com/aws-controllers-k8s/test-infra.git@0585d0671b593e1b1a1d070614af41eb022c695a#subdirectory=tools
+acktools @ git+https://github.com/aws-controllers-k8s/test-infra.git@817a75417079e595b394e175c1463ebcec958f97#subdirectory=tools
 PyGitHub==1.55
 Jinja2==3.0.1