resources with aws api and terraform in the same composition
49 views
Skip to first unread message
Deivid Kelvin
Mar 23, 2025, 4:58:49 PMMar 23
to crossplane-dev
Hello, I'm trying to create a composition where it creates 2 resources with the aws api a role and a secret from github, I need to retrieve the value of the two arns to declare in the terraform resource but even using the patches the value is not retrieved, does anyone have any idea what I'm doing wrong? below is my code.
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: awsbuildproject-composition
namespace: crossplane-system
spec:
compositeTypeRef:
apiVersion: example.org/v1alpha1
kind: awsbuildproject
mode: Pipeline
pipeline:
- step: enviromentConfigs
functionRef:
name: function-environment-configs
input:
apiVersion: environment.fn.crossplane.io/v1beta1
kind: Input
spec:
environmentConfigs:
- type: Reference
ref:
name: example-environment
- step: patch-and-transform
functionRef:
name: function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
patchSets:
resources:
- name: github-secret
base:
apiVersion: secretsmanager.aws.upbound.io/v1beta1
kind: Secret
metadata:
name: example-secret
spec:
forProvider:
name: example-secret
recoveryWindowInDays: 0
region: us-east-1
providerConfigRef:
name: aws-eu-west-2-aws-codebuild
- name: iam-role
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
name: role-with-inline-policy
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
inlinePolicy:
- name: example-policy
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["logs:*"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["ecr:*"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["secretsmanager:GetSecretValue"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["codebuild:*"],
"Resource": "*"
}
]
}
providerConfigRef:
name: aws-eu-west-2-aws-codebuild
- name: codebuild-project
base:
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
spec:
providerConfigRef:
name: aws-eu-west-1
forProvider:
source: Inline
module: |
resource "aws_codebuild_fleet" "example" {
base_capacity = var.base_capacity
compute_type = var.compute_fleet_type
environment_type = var.enviroment_type
name = var.fleet_name
overflow_behavior = var.overflow_behavior
fleet_service_role = var.role_arn
scaling_configuration {
max_capacity = var.max_capacity
scaling_type = "TARGET_TRACKING_SCALING"
}
}
resource "aws_codebuild_project" "example" {
name = var.projectName
description = "My example CodeBuild project"
build_timeout = 60
service_role = var.role_arn
environment {
compute_type = var.compute_type
image = "aws/codebuild/standard:5.0"
type = "LINUX_CONTAINER"
fleet {
fleet_arn = aws_codebuild_fleet.example.arn
}
}
source {
type = "GITHUB"
location = var.source_location
}
artifacts {
type = "NO_ARTIFACTS"
}
}
resource "aws_codebuild_source_credential" "example" {
auth_type = "SECRETS_MANAGER"
server_type = "GITHUB"
token = var.github_token
}
resource "aws_codebuild_webhook" "example" {
project_name = aws_codebuild_project.example.name
filter_group {
filter {
pattern = "WORKFLOW_JOB_QUEUED"
type = "EVENT"
}
}
}
variable "projectName" {
description = "Project name"
type = string
}
variable "compute_type" {
description = "Compute type"
type = string
}
variable "source_location" {
description = "Source location"
type = string
}
variable "base_capacity" {
description = "Service role"
type = string
}
variable "compute_fleet_type" {
description = "tipo de computação"
type = string
}
variable "enviroment_type" {
description = "enviroment type"
type = string
}
variable "fleet_name" {
description = "nome do fleet"
type = string
}
variable "overflow_behavior" {
description = "overflow beahavior"
type = string
}
variable "max_capacity" {
description = "capacidade maxima do fleet"
type = string
}
variable "role_arn" {
description = "role arn"
type = string
}
patches:
- fromFieldPath: "status.atProvider.arn"
toFieldPath: "spec.forProvider.varmap.role_arn"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.base_capacity"
toFieldPath: "spec.forProvider.varmap.base_capacity"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.compute_fleet_type"
toFieldPath: "spec.forProvider.varmap.compute_fleet_type"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.enviroment_type"
toFieldPath: "spec.forProvider.varmap.enviroment_type"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.fleet_name"
toFieldPath: "spec.forProvider.varmap.fleet_name"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.overflow_behavior"
toFieldPath: "spec.forProvider.varmap.overflow_behavior"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.max_capacity"
toFieldPath: "spec.forProvider.varmap.max_capacity"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.projectName"
toFieldPath: "spec.forProvider.varmap.projectName"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.compute_type"
toFieldPath: "spec.forProvider.varmap.compute_type"
- type: FromCompositeFieldPath
fromFieldPath: "spec.parameters.source_location"
toFieldPath: "spec.forProvider.varmap.source_location"
Joyce Passos
Mar 24, 2025, 2:14:53 PMMar 24
to crossplane-dev
15:13 (há 1 minuto)
Reply all
Reply to author
Forward
0 new messages