diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 2207502..f29d222 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,8 +1,8 @@ ack_generate_info: - build_date: "2024-08-20T20:18:07Z" - build_hash: c30e0689877bfe2083e7b2f84e1c450d2ba9bf2e - go_version: go1.22.4 - version: v0.37.0-4-gc30e068 + build_date: "2024-08-29T17:16:14Z" + build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc + go_version: go1.22.5 + version: v0.38.1 api_directory_checksum: 4bad34d3dca935f62b2fe6fa1a3d6e6ebac5995b api_version: v1alpha1 aws_sdk_go_version: v1.51.21 diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index 2f59ed3..8638e18 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/wafv2-controller - newTag: 0.0.1 + newTag: 0.0.2 diff --git a/go.mod b/go.mod index 8206bf0..3c35649 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,11 @@ go 1.22.0 toolchain go1.22.5 require ( - github.com/aws-controllers-k8s/runtime v0.36.0 + github.com/aws-controllers-k8s/runtime v0.38.0 github.com/aws/aws-sdk-go v1.51.21 + github.com/go-logr/logr v1.4.1 github.com/spf13/pflag v1.0.5 + k8s.io/api v0.30.1 k8s.io/apimachinery v0.30.1 k8s.io/client-go v0.30.1 sigs.k8s.io/controller-runtime v0.18.4 @@ -21,7 +23,6 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -66,7 +67,6 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.1 // indirect k8s.io/apiextensions-apiserver v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect diff --git a/go.sum b/go.sum index 1c6617f..f6f919a 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/aws-controllers-k8s/runtime v0.36.0 h1:XEMVGfUwsT9QMShihuCLHlape+daJWyYtXj45s/iJiU= -github.com/aws-controllers-k8s/runtime v0.36.0/go.mod h1:gI2pWb20UGLP2SnHf1a1VzTd7iVVy+/I9VAzT0Y+Dew= +github.com/aws-controllers-k8s/runtime v0.38.0 h1:gSEpmBm7OwTPd2kIOU+AIDIivi3teSm5FFrhROfu4wg= +github.com/aws-controllers-k8s/runtime v0.38.0/go.mod h1:gI2pWb20UGLP2SnHf1a1VzTd7iVVy+/I9VAzT0Y+Dew= github.com/aws/aws-sdk-go v1.51.21 h1:UrT6JC9R9PkYYXDZBV0qDKTualMr+bfK2eboTknMgbs= github.com/aws/aws-sdk-go v1.51.21/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 475a120..ef3ec9c 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: wafv2-chart description: A Helm chart for the ACK service controller for AWS Web Application Firewall (WAF) -version: 0.0.1 -appVersion: 0.0.1 +version: 0.0.2 +appVersion: 0.0.2 home: https://github.com/aws-controllers-k8s/wafv2-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index b0d3b41..3f8118c 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/wafv2-controller:0.0.1". +This chart deploys "public.ecr.aws/aws-controllers-k8s/wafv2-controller:0.0.2". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/values.yaml b/helm/values.yaml index 474db8d..e156a6b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/wafv2-controller - tag: 0.0.1 + tag: 0.0.2 pullPolicy: IfNotPresent pullSecrets: [] @@ -158,4 +158,7 @@ leaderElection: # can be individually enabled ("true") or disabled ("false") by adding key/value # pairs below. featureGates: - CARMv2: false + # Enables the Service level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + ServiceLevelCARM: false + # Enables the Team level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + TeamLevelCARM: false diff --git a/pkg/resource/ip_set/manager_factory.go b/pkg/resource/ip_set/manager_factory.go index d7ca309..27047b1 100644 --- a/pkg/resource/ip_set/manager_factory.go +++ b/pkg/resource/ip_set/manager_factory.go @@ -53,8 +53,12 @@ func (f *resourceManagerFactory) ManagerFor( sess *session.Session, id ackv1alpha1.AWSAccountID, region ackv1alpha1.AWSRegion, + roleARN ackv1alpha1.AWSResourceName, ) (acktypes.AWSResourceManager, error) { - rmId := fmt.Sprintf("%s/%s", id, region) + // We use the account ID, region, and role ARN to uniquely identify a + // resource manager. This helps us to avoid creating multiple resource + // managers for the same account/region/roleARN combination. + rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) f.RLock() rm, found := f.rmCache[rmId] f.RUnlock() diff --git a/pkg/resource/rule_group/manager_factory.go b/pkg/resource/rule_group/manager_factory.go index 0b296ec..426aa96 100644 --- a/pkg/resource/rule_group/manager_factory.go +++ b/pkg/resource/rule_group/manager_factory.go @@ -53,8 +53,12 @@ func (f *resourceManagerFactory) ManagerFor( sess *session.Session, id ackv1alpha1.AWSAccountID, region ackv1alpha1.AWSRegion, + roleARN ackv1alpha1.AWSResourceName, ) (acktypes.AWSResourceManager, error) { - rmId := fmt.Sprintf("%s/%s", id, region) + // We use the account ID, region, and role ARN to uniquely identify a + // resource manager. This helps us to avoid creating multiple resource + // managers for the same account/region/roleARN combination. + rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) f.RLock() rm, found := f.rmCache[rmId] f.RUnlock()