Migrate to Crossplane v2 and namespaced XRs (#110)

kaessert · web-flow · commit c6537d276aa3 · 2025-11-25T11:19:23.000+01:00
- Update XRD to apiVersion v2 with scope: Namespaced
- Rename XSQLInstance/XNetwork to SQLInstance/Network (remove X prefix)
- Remove claimNames (not supported for namespaced v2 XRs)
- Replace deletionPolicy with managementPolicies array
- Move compositionSelector under spec.crossplane
- Remove namespace from passwordSecretRef (uses XR namespace)
- Switch from CompositeConnectionDetails to corev1.Secret for connection secrets
- Update providers from v1 to v2 (provider-azure-* packages)
- Update imports from azure to azurem with v1beta1 models
- Update upbound.yaml to v2alpha1 with new dependency format
- Add k8s apiDependencies for corev1 types
- Update configuration-azure-network dependency to v2.0.0
- Update all examples and tests to match new schema
diff --git a/apis/definition.yaml b/apis/definition.yaml
@@ -1,20 +1,13 @@
-apiVersion: apiextensions.crossplane.io/v1
+apiVersion: apiextensions.crossplane.io/v2
 kind: CompositeResourceDefinition
 metadata:
-  name: xsqlinstances.azure.platform.upbound.io
+  name: sqlinstances.azure.platform.upbound.io
 spec:
+  scope: Namespaced
   group: azure.platform.upbound.io
   names:
-    kind: XSQLInstance
-    plural: xsqlinstances
-  claimNames:
     kind: SQLInstance
     plural: sqlinstances
-  connectionSecretKeys:
-    - username
-    - password
-    - port
-    - host
   versions:
     - name: v1alpha1
       served: true
@@ -26,19 +19,34 @@ spec:
             spec:
               type: object
               properties:
+                writeConnectionSecretToRef:
+                  type: object
+                  description: Connection secret reference for database credentials
+                  properties:
+                    name:
+                      type: string
+                      description: Name of the connection secret
+                  required:
+                    - name
                 parameters:
                   type: object
                   properties:
                     region:
                       type: string
                       description: Region is the region you'd like your resource to be created in.
-                    deletionPolicy:
-                      description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete
-                      enum:
-                        - Delete
-                        - Orphan
-                      type: string
-                      default: Delete
+                    managementPolicies:
+                      description: ManagementPolicies for Azure Database resources. Defaults to ["*"] which includes all operations (Create, Observe, Update, Delete, LateInitialize). To orphan resources on deletion, use ["Create", "Observe", "Update", "LateInitialize"].
+                      type: array
+                      items:
+                        type: string
+                        enum:
+                          - "*"
+                          - Create
+                          - Observe
+                          - Update
+                          - Delete
+                          - LateInitialize
+                      default: ["*"]
                     providerConfigName:
                       description: Crossplane ProviderConfig to use for provisioning this resources
                       type: string
@@ -53,14 +61,11 @@ spec:
                       type: object
                       description: "A reference to the Secret object containing database password"
                       properties:
-                        namespace:
-                          type: string
                         name:
                           type: string
                         key:
                           type: string
                       required:
-                        - namespace
                         - name
                         - key
                     networkRef:
diff --git a/apis/mysql/composition.yaml b/apis/mysql/composition.yaml
@@ -1,14 +1,14 @@
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
-  name: xmysqlinstances.azure.platform.upbound.io
+  name: mysqlinstances.azure.platform.upbound.io
   labels:
     dbengine: mysql
     provider: azure
 spec:
   compositeTypeRef:
     apiVersion: azure.platform.upbound.io/v1alpha1
-    kind: XSQLInstance
+    kind: SQLInstance
   mode: Pipeline
   pipeline:
     - functionRef:
diff --git a/apis/postgresql/composition.yaml b/apis/postgresql/composition.yaml
@@ -1,14 +1,14 @@
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
-  name: xpostgresqlinstances.azure.platform.upbound.io
+  name: postgresqlinstances.azure.platform.upbound.io
   labels:
     dbengine: postgres
     provider: azure
 spec:
   compositeTypeRef:
     apiVersion: azure.platform.upbound.io/v1alpha1
-    kind: XSQLInstance
+    kind: SQLInstance
   mode: Pipeline
   pipeline:
     - functionRef:
diff --git a/examples/mysql-xr.yaml b/examples/mysql-xr.yaml
@@ -1,22 +1,22 @@
 apiVersion: azure.platform.upbound.io/v1alpha1
-kind: XSQLInstance
+kind: SQLInstance
 metadata:
   name: configuration-azure-database-db-mysql
   namespace: default
 spec:
-  compositionSelector:
-    matchLabels:
-      dbengine: mysql
+  crossplane:
+    compositionSelector:
+      matchLabels:
+        dbengine: mysql
   parameters:
     region: westus
     storageGB: 20 #Minimum value is 20
     version: "8.0"
+    managementPolicies: ["*"]
     passwordSecretRef:
-      namespace: default
       name: psqlsecret
       key: password
     networkRef:
-      id: configuration-azure-database #This field must match the XNetwork XR spec.parameters.id
+      id: configuration-azure-database #This field must match the Network XR spec.parameters.id
   writeConnectionSecretToRef:
     name: configuration-azure-database-db-conn-mysql
-    namespace: default
diff --git a/examples/network-xr.yaml b/examples/network-xr.yaml
@@ -1,13 +1,16 @@
 apiVersion: azure.platform.upbound.io/v1alpha1
-kind: XNetwork
+kind: Network
 metadata:
   name: ref-azure-network
+  namespace: default
 spec:
   parameters:
     id: configuration-azure-database
     region: westus
     addressRange: "10.0.0.0/16"
     generalSubnetRange: "10.0.1.0/24"
+    managementPolicies: ["*"]
+    providerConfigName: default
     databaseSubnets:
       - addressRange: "10.0.2.0/24"
         serviceType: "postgres"
diff --git a/examples/postgres-xr.yaml b/examples/postgres-xr.yaml
@@ -1,22 +1,22 @@
 apiVersion: azure.platform.upbound.io/v1alpha1
-kind: XSQLInstance
+kind: SQLInstance
 metadata:
   name: configuration-azure-database-db-postgresql
   namespace: default
 spec:
-  compositionSelector:
-    matchLabels:
-      dbengine: postgres
+  crossplane:
+    compositionSelector:
+      matchLabels:
+        dbengine: postgres
   parameters:
     region: westus
     storageGB: 32 #Minimum value is 32
     version: "11"
+    managementPolicies: ["*"]
     passwordSecretRef:
-      namespace: default
       name: psqlsecret
       key: password
     networkRef:
-      id: configuration-azure-database #This field must match the XNetwork XR spec.parameters.id
+      id: configuration-azure-database #This field must match the Network XR spec.parameters.id
   writeConnectionSecretToRef:
     name: configuration-azure-database-db-conn-postgresql
-    namespace: default
diff --git a/functions/mysql/main.k b/functions/mysql/main.k
@@ -1,17 +1,16 @@
-import models.io.upbound.azure.dbformysql.v1beta2 as dbformysqlv1beta2
-import models.io.upbound.azure.dbformysql.v1beta1 as dbformysqlv1beta1
-import models.io.upbound.azure.network.v1beta2 as networkv1beta2
-import models.io.upbound.azure.network.v1beta1 as networkv1beta1
+import models.io.upbound.azurem.dbformysql.v1beta1 as dbformysqlv1beta1
+import models.io.upbound.azurem.network.v1beta1 as networkv1beta1
 import models.io.upbound.platform.azure.v1alpha1 as platformazurev1alpha1
+import models.io.k8s.api.core.v1 as corev1
 
 import base64
 
 schema DefaultSpec:
-    deletionPolicy: str
+    managementPolicies: [str]
     providerConfigRef: {str:str}
     forProvider: {str:str}
 
-oxr = platformazurev1alpha1.XSQLInstance {**option("params").oxr}
+oxr = platformazurev1alpha1.SQLInstance {**option("params").oxr}
 ocds = option("params").ocds # observed composed resources
 
 _metadata = lambda name: str -> any {
@@ -22,8 +21,9 @@ _metadata = lambda name: str -> any {
 
 # spec defaults
 _defaultSpec = DefaultSpec {
-    deletionPolicy = oxr.spec.parameters.deletionPolicy or "Delete"
+    managementPolicies = oxr.spec.parameters.managementPolicies or ["*"]
     providerConfigRef = {
+        kind = "ProviderConfig"
         name = oxr.spec.parameters.providerConfigName or "default"
     }
     forProvider = {}
@@ -32,7 +32,7 @@ _defaultSpec = DefaultSpec {
 assert 20 <= oxr.spec.parameters.storageGB <= 16384, "storageGB supported values for MySQL FlexibleServer are between 20 and 16384"
 
 _items = [
-    networkv1beta2.PrivateDNSZone {
+    networkv1beta1.PrivateDNSZone {
         metadata = {
             **_metadata("privatednszone")
             name = "{}-mysql".format(oxr.spec.parameters.networkRef.id)
@@ -80,7 +80,7 @@ _items = [
             }
         }
     }
-    dbformysqlv1beta2.FlexibleServer {
+    dbformysqlv1beta1.FlexibleServer {
         metadata = {
             **_metadata("mysqlserver")
             name = "{}-mysql".format(oxr.spec.parameters.networkRef.id)
@@ -94,7 +94,6 @@ _items = [
                 administratorPasswordSecretRef = {
                     key = oxr.spec.parameters.passwordSecretRef.key
                     name = oxr.spec.parameters.passwordSecretRef.name
-                    namespace = oxr.spec.parameters.passwordSecretRef.namespace
                 }
                 backupRetentionDays = 7
                 storage.sizeGb = oxr.spec.parameters.storageGB
@@ -116,7 +115,6 @@ _items = [
                 }
             }
             writeConnectionSecretToRef = {
-                namespace = oxr.spec.writeConnectionSecretToRef.namespace
                 name = "{}-mysql".format(oxr.metadata.uid)
             }
         }
@@ -143,17 +141,23 @@ _items = [
             }
         }
     }
-    {
-        apiVersion: "meta.krm.kcl.dev/v1alpha1"
-        kind: "CompositeConnectionDetails"
+    corev1.Secret {
+        metadata = {
+            name = oxr.spec?.writeConnectionSecretToRef?.name
+            namespace = oxr.metadata.namespace
+            annotations = {
+                "krm.kcl.dev/composition-resource-name" = "connection-secret"
+                if "mysqlserver" in ocds:
+                    "krm.kcl.dev/ready" = "True"
+            }
+        }
         if "mysqlserver" in ocds:
-            data: {
+            data = {
                 username = base64.encode(ocds["mysqlserver"].Resource?.spec?.forProvider?.administratorLogin)
                 password = ocds["mysqlserver"].ConnectionDetails["attribute.administrator_password"]
                 host = base64.encode(ocds["mysqlserver"].Resource?.status?.atProvider?.fqdn)
+                port = base64.encode("3306")
             }
-        else:
-            data: {}
     }
 ]
 
diff --git a/functions/postgres/main.k b/functions/postgres/main.k
@@ -1,15 +1,14 @@
-import models.io.upbound.azure.dbforpostgresql.v1beta2 as dbforpostgresqlv1beta2
-import models.io.upbound.azure.dbforpostgresql.v1beta1 as dbforpostgresqlv1beta1
-import models.io.upbound.azure.network.v1beta2 as networkv1beta2
-import models.io.upbound.azure.network.v1beta1 as networkv1beta1
+import models.io.upbound.azurem.dbforpostgresql.v1beta1 as dbforpostgresqlv1beta1
+import models.io.upbound.azurem.network.v1beta1 as networkv1beta1
+import models.io.k8s.api.core.v1 as corev1
 
 import base64
 
 oxr = option("params").oxr # observed composite resource
 ocds = option("params").ocds # observed composed resources
 
 schema DefaultSpec:
-    deletionPolicy: str
+    managementPolicies: [str]
     providerConfigRef: {str:str}
     forProvider: {str:str}
 
@@ -19,8 +18,9 @@ _metadata = lambda name: str -> any {
 
 # spec defaults
 _defaultSpec = DefaultSpec {
-    deletionPolicy = oxr.spec.parameters.deletionPolicy or "Delete"
+    managementPolicies = oxr.spec.parameters.managementPolicies or ["*"]
     providerConfigRef = {
+        kind = "ProviderConfig"
         name = oxr.spec.parameters.providerConfigName or "default"
     }
     forProvider = {}
@@ -29,7 +29,7 @@ _defaultSpec = DefaultSpec {
 assert oxr.spec.parameters.storageGB in [32,64,128,256,512,1024,2048], "storageGB supported values are 32,64,128,256,512,1024,2048"
 
 _items = [
-    networkv1beta2.PrivateDNSZone {
+    networkv1beta1.PrivateDNSZone {
         metadata = {
             **_metadata("privatednszone")
             name = "{}-postgresql".format(oxr.spec.parameters.networkRef.id)
@@ -77,7 +77,7 @@ _items = [
             }
         }
     }
-    dbforpostgresqlv1beta2.FlexibleServer {
+    dbforpostgresqlv1beta1.FlexibleServer {
         metadata = {
             **_metadata("postgresqlserver")
             name = "{}-postgresql".format(oxr.spec.parameters.networkRef.id)
@@ -92,7 +92,6 @@ _items = [
                 administratorPasswordSecretRef= {
                     key = oxr.spec.parameters.passwordSecretRef.key
                     name = oxr.spec.parameters.passwordSecretRef.name
-                    namespace = oxr.spec.parameters.passwordSecretRef.namespace
                 }
                 resourceGroupNameSelector = {
                     matchLabels = {
@@ -115,7 +114,6 @@ _items = [
                 }
             }
             writeConnectionSecretToRef = {
-                namespace = oxr.spec.writeConnectionSecretToRef.namespace
                 name = "{}-postgresql".format(oxr.metadata.uid)
             }
         }
@@ -126,6 +124,7 @@ _items = [
             name = "upbound"
         }
         spec = {
+            **_defaultSpec
             forProvider = {
                 charset = "utf8"
                 collation = "en_US.utf8"
@@ -135,17 +134,23 @@ _items = [
             }
         }
     }
-    {
-        apiVersion: "meta.krm.kcl.dev/v1alpha1"
-        kind: "CompositeConnectionDetails"
+    corev1.Secret {
+        metadata = {
+            name = oxr.spec?.writeConnectionSecretToRef?.name
+            namespace = oxr.metadata.namespace
+            annotations = {
+                "krm.kcl.dev/composition-resource-name" = "connection-secret"
+                if "postgresqlserver" in ocds:
+                    "krm.kcl.dev/ready" = "True"
+            }
+        }
         if "postgresqlserver" in ocds:
-            data: {
+            data = {
                 username = base64.encode(ocds["postgresqlserver"].Resource?.spec?.forProvider?.administratorLogin)
                 password = ocds["postgresqlserver"].ConnectionDetails["attribute.administrator_password"]
                 host = base64.encode(ocds["postgresqlserver"].Resource?.status?.atProvider?.fqdn)
+                port = base64.encode("5432")
             }
-        else:
-            data: {}
     }
 ]
 
diff --git a/tests/e2etest-dbs/main.k b/tests/e2etest-dbs/main.k
diff --git a/tests/test-mysql/main.k b/tests/test-mysql/main.k
diff --git a/tests/test-postgres/main.k b/tests/test-postgres/main.k
diff --git a/upbound.yaml b/upbound.yaml
