Add Adoption by annotation logic and tests (#123)

Description of changes:
resources tested:
* Policy

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: michaelhtm

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2024-10-10T04:09:12Z"
-  build_hash: 36c2d234498c2bc4f60773ab8df632af4067f43b
+  build_date: "2024-12-04T21:05:49Z"
+  build_hash: 5b95c1667a03835266df2d3f598718dd164184af
   go_version: go1.23.2
-  version: v0.39.1
+  version: v0.39.1-8-g5b95c16
 api_directory_checksum: 761a2c708651b0273bf39d98dddaf029de23d337
 api_version: v1alpha1
 aws_sdk_go_version: v1.49.0

config/controller/deployment.yaml

@@ -41,6 +41,8 @@ spec:
         - "$(LEADER_ELECTION_NAMESPACE)"
         - --reconcile-default-max-concurrent-syncs
         - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)"
+        - --feature-gates
+        - "$(FEATURE_GATES)"
         image: controller:latest
         name: controller
         ports:
@@ -76,6 +78,8 @@ spec:
           value: "ack-system"
         - name: "RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS"
           value: "1"
+        - name: "FEATURE_GATES"
+          value: ""
         securityContext:
           allowPrivilegeEscalation: false
           privileged: false

config/controller/kustomization.yaml

@@ -6,4 +6,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: public.ecr.aws/aws-controllers-k8s/iam-controller
-  newTag: 1.3.13
+  newTag: 1.3.9

go.mod

@@ -5,7 +5,7 @@ go 1.22.0
 toolchain go1.22.5
 
 require (
-	github.com./aws-controllers-k8s/runtime v0.39.0
+	github.com./aws-controllers-k8s/runtime v0.39.1-0.20241202082353-a6b0014a8130
 	github.com./aws/aws-sdk-go v1.49.0
 	github.com./go-logr/logr v1.4.2
 	github.com./micahhausler/aws-iam-policy v0.4.2

go.sum

@@ -2,6 +2,8 @@ github.com./a-hilaly/aws-iam-policy v0.0.0-20231121054900-2c56e839ca53 h1:2uNM0nR
 github.com./a-hilaly/aws-iam-policy v0.0.0-20231121054900-2c56e839ca53/go.mod h1:Ojgst9ZFn+VEEJpqtuw/LxVGqEf2+hwWBlkYWvF/XWM=
 github.com./aws-controllers-k8s/runtime v0.39.0 h1:IgOXluSzvb4UcDr9eU7SPw5MJnL7kt5R6DuF5Qu9zVQ=
 github.com./aws-controllers-k8s/runtime v0.39.0/go.mod h1:G07g26y1cxyZO6Ngp+LwXf03CqFyLNL7os4Py4IdyGY=
+github.com./aws-controllers-k8s/runtime v0.39.1-0.20241202082353-a6b0014a8130 h1:EoXYRrpBX2hi5B1IawKr2LJTsVsreHsJdxULLlMNO9U=
+github.com./aws-controllers-k8s/runtime v0.39.1-0.20241202082353-a6b0014a8130/go.mod h1:G07g26y1cxyZO6Ngp+LwXf03CqFyLNL7os4Py4IdyGY=
 github.com./aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY=
 github.com./aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com./beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

helm/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: iam-chart
 description: A Helm chart for the ACK service controller for AWS Identity & Access Management (IAM)
-version: 1.3.13
-appVersion: 1.3.13
+version: 1.3.9
+appVersion: 1.3.9
 home: https://github.com./aws-controllers-k8s/iam-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

helm/templates/NOTES.txt

@@ -1,5 +1,5 @@
 {{ .Chart.Name }} has been installed.
-This chart deploys "public.ecr.aws/aws-controllers-k8s/iam-controller:1.3.13".
+This chart deploys "public.ecr.aws/aws-controllers-k8s/iam-controller:1.3.9".
 
 Check its status by running:
   kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"

helm/templates/caches-role-binding.yaml

@@ -8,7 +8,7 @@ roleRef:
   name: ack-namespaces-cache-iam-controller
 subjects:
 - kind: ServiceAccount
-  name: ack-iam-controller
+  name: {{ include "ack-iam-controller.service-account.name" . }}
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -22,5 +22,5 @@ roleRef:
   name: ack-configmaps-cache-iam-controller
 subjects:
 - kind: ServiceAccount
-  name: ack-iam-controller
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "ack-iam-controller.service-account.name" . }}
+  namespace: {{ .Release.Namespace }}

helm/values.yaml

@@ -4,7 +4,7 @@
 
 image:
   repository: public.ecr.aws/aws-controllers-k8s/iam-controller
-  tag: 1.3.13
+  tag: 1.3.9
   pullPolicy: IfNotPresent
   pullSecrets: []
 
@@ -163,4 +163,6 @@ featureGates:
   # Enables the Team level granularity for CARM. See https://github.com./aws-controllers-k8s/community/issues/2031
   TeamLevelCARM: false
   # Enable ReadOnlyResources feature/annotation. 
-  ReadOnlyResources: false
+  ReadOnlyResources: false
+  # Enable ResourceAdoption feature/annotation. 
+  ResourceAdoption: false