support inline policies as part of iam role

Signed-off-by: smcavallo <smcavallo@hotmail.com>

apis/identity/v1alpha1/iamrolepolicy_types.go

@@ -0,0 +1,76 @@
+/*
+Copyright 2019 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
+)
+
+// IAMRolePolicyParameters define the desired state of an AWS IAM Role Inline Policy.
+type IAMRolePolicyParameters struct {
+
+	// The JSON policy document that is the content for the policy.
+	Document string `json:"document"`
+
+	// RoleName presents the name of the IAM role.
+	// +immutable
+	RoleName string `json:"roleName,omitempty"`
+}
+
+// An IAMRolePolicySpec defines the desired state of an IAMRolePolicy.
+type IAMRolePolicySpec struct {
+	xpv1.ResourceSpec `json:",inline"`
+	ForProvider       IAMRolePolicyParameters `json:"forProvider"`
+}
+
+// IAMRolePolicyObservation keeps the state for the external resource
+type IAMRolePolicyObservation struct {
+}
+
+// An IAMRolePolicyStatus represents the observed state of an IAMRolePolicy.
+type IAMRolePolicyStatus struct {
+	xpv1.ResourceStatus `json:",inline"`
+	AtProvider          IAMRolePolicyObservation `json:"atProvider,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// An IAMRolePolicy is a managed resource that represents an AWS IAM IAMRolePolicy.
+// +kubebuilder:printcolumn:name="ROLENAME",type="string",JSONPath=".spec.forProvider.roleName"
+// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
+// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
+type IAMRolePolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   IAMRolePolicySpec   `json:"spec"`
+	Status IAMRolePolicyStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// IAMRolePolicyList contains a list of Policies
+type IAMRolePolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []IAMRolePolicy `json:"items"`
+}

apis/identity/v1alpha1/referencers.go

@@ -23,7 +23,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/crossplane/crossplane-runtime/pkg/reference"
-	resource "github.com/crossplane/crossplane-runtime/pkg/resource"
+	"github.com/crossplane/crossplane-runtime/pkg/resource"
 )
 
 // IAMPolicyARN returns a function that returns the ARN of the given policy.

apis/identity/v1alpha1/register.go

@@ -96,6 +96,14 @@ var (
 	IAMAccessKeyGroupVersionKind = SchemeGroupVersion.WithKind(IAMAccessKeyKind)
 )
 
+// IAMRolePolicy type metadata.
+var (
+	IAMRolePolicyKind             = reflect.TypeOf(IAMRolePolicy{}).Name()
+	IAMRolePolicyGroupKind        = schema.GroupKind{Group: Group, Kind: IAMRolePolicyKind}.String()
+	IAMRolePolicyKindAPIVersion   = IAMRolePolicyKind + "." + SchemeGroupVersion.String()
+	IAMRolePolicyGroupVersionKind = SchemeGroupVersion.WithKind(IAMRolePolicyKind)
+)
+
 // OpenIDConnectProvider type metadata.
 var (
 	OpenIDConnectProviderKind             = "OpenIDConnectProvider"
@@ -112,5 +120,6 @@ func init() {
 	SchemeBuilder.Register(&IAMGroupUserMembership{}, &IAMGroupUserMembershipList{})
 	SchemeBuilder.Register(&IAMGroupPolicyAttachment{}, &IAMGroupPolicyAttachmentList{})
 	SchemeBuilder.Register(&IAMAccessKey{}, &IAMAccessKeyList{})
+	SchemeBuilder.Register(&IAMRolePolicy{}, &IAMRolePolicyList{})
 	SchemeBuilder.Register(&OpenIDConnectProvider{}, &OpenIDConnectProviderList{})
 }

apis/identity/v1beta1/iamrole_types.go

@@ -48,7 +48,7 @@ type Tag struct {
 // IAMRoleParameters define the desired state of an AWS IAM Role.
 type IAMRoleParameters struct {
 
-	// AssumeRolePolicyDocument is the the trust relationship policy document
+	// AssumeRolePolicyDocument is the trust relationship policy document
 	// that grants an entity permission to assume the role.
 	// +immutable
 	AssumeRolePolicyDocument string `json:"assumeRolePolicyDocument"`

examples/iam/rolepolicy.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: identity.aws.crossplane.io/v1alpha1
+kind: IAMRolePolicy
+metadata:
+  name: somerolepolicy
+spec:
+  forProvider:
+    PolicyName: external-name
+    RoleName: somerole
+    document: |
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+              "Sid": "VisualEditor0",
+              "Effect": "Allow",
+              "Action": "elastic-inference:Connect",
+              "Resource": "*"
+          }
+        ]
+      }
+  providerConfigRef:
+    name: example