Add FieldExport CRD and field export reconciler (#75)

Issue #, if available: aws-controllers-k8s/community#740

Description of changes:
Creates a new `FieldExport` CRD as outlined [this proposal](aws-controllers-k8s/community#1183). Also creates a new reconciler that reconciles changes to `FieldExport` and changes to any ACK resource recognised by the current controller.

The path for reconciling a `FieldExport`:
1. Ensure the `FieldExport` `Source` resource group matches the current controller's group
2. Mark as managed (add finalizer)
3. Describe the source object
3a. If no source object is found, stop reconciling
4. Use the [`gojq` library](https://github.com/itchyny/gojq) to parse the unstructured source object 
5. Write to `ConfigMap`/`Secret`

The path when any ACK resource is updated:
1. Ensure the resource has the synced condition set to true
2. List and filter all `FieldExport` types in the namespace that reference the current resource as its `Source`
3. For each matching `FieldExport` do steps 3 and 4 from the previous path

The reconciler converts all primitive types into strings (ConfigMap is a string-string map, Secret is a string-byte[] map). If the jq query returns a list of results, we will only take the first result (this PR does not support exporting slices/maps). If the jq query returns a struct, we will not take any action, treating the query as a failure. 

The reconciler will not delete any values from the ConfigMap or Secret. If the referenced field is removed from the object, the reconciler will no-op, rather than overwriting the data with an empty string. When the `FieldExport` is deleted, the ConfigMap or Secret will also be left untouched - meaning it contains whatever was last written to it.

Upon creating a `FieldExport` CR, the reconciler will initially attempt to export the field. If it fails, it will not attempt to retry. After the first sync, the reconciler will only wait until the `ResourceVersion` of the source object changes for it to trigger a new update.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: RedbackThomson

ATTRIBUTION.md

@@ -26,6 +26,7 @@ License version 2.0, we include the full text of the package's License below.
 * `github.com/go-logr/logr`
 * `github.com/google/go-cmp`
 * `github.com/iancoleman/strcase`
+* `github.com/itchyny/gojq`
 * `github.com/mitchellh/go-homedir`
 * `github.com/pkg/errors`
 * `github.com/spf13/cobra`
@@ -339,6 +340,30 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
+### github.com/itchyny/gojq
+
+The MIT License (MIT)
+
+Copyright (c) 2019-2022 itchyny
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
 ### github.com/mitchellh/go-homedir
 
 The MIT License (MIT)

Makefile

@@ -27,7 +27,7 @@ mocks: install-mockery ## Build mocks
 	@bin/mockery --quiet --name=Object --case=underscore --output=mocks/apimachinery/pkg/apis/meta/v1 --dir="$(K8S_APIMACHINERY_DIR)/pkg/apis/meta/v1"
 	@echo "ok."
 	@echo -n "building mocks for k8s.io/apimachinery/runtime ... "
-	@bin/mockery --quiet --name=Object --case=underscore --output=mocks/apimachinery/pkg/runtime --dir="$(K8S_APIMACHINERY_DIR)/pkg/runtime"
+	@bin/mockery --quiet --name="(Object|UnstructuredConverter)" --case=underscore --output=mocks/apimachinery/pkg/runtime --dir="$(K8S_APIMACHINERY_DIR)/pkg/runtime"
 	@echo "ok."
 	@echo -n "building mocks for k8s.io/apimachinery/runtime/schema ... "
 	@bin/mockery --quiet --name=ObjectKind --case=underscore --output=mocks/apimachinery/pkg/runtime/schema --dir="$(K8S_APIMACHINERY_DIR)/pkg/runtime/schema"

apis/core/v1alpha1/adopted_resource.go

@@ -20,7 +20,7 @@ import (
 // AdoptedResourceSpec defines the desired state of the AdoptedResource.
 type AdoptedResourceSpec struct {
 	// +kubebuilder:validation:Required
-	Kubernetes *TargetKubernetesResource `json:"kubernetes"`
+	Kubernetes *ResourceWithMetadata `json:"kubernetes"`
 	// +kubebuilder:validation:Required
 	AWS *AWSIdentifiers `json:"aws"`
 }

apis/core/v1alpha1/common.go

@@ -21,3 +21,13 @@ type AWSAccountID string
 
 // AWSResourceName represents an AWS Resource Name (ARN)
 type AWSResourceName string
+
+// FieldExportOutputType represents all types that can be produced by a field
+// export operation
+// +kubebuilder:validation:Enum=configmap;secret
+type FieldExportOutputType string
+
+const (
+	FieldExportOutputTypeConfigMap FieldExportOutputType = "configmap"
+	FieldExportOutputTypeSecret                          = "secret"
+)

apis/core/v1alpha1/field_export.go

@@ -0,0 +1,62 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// FieldExportTarget provides the values necessary to identify the
+// output path for a field export.
+type FieldExportTarget struct {
+	Name *string `json:"name"`
+	// Namespace is marked as optional, so we cannot compose `NamespacedName`
+	Namespace *string               `json:"namespace,omitempty"`
+	Kind      FieldExportOutputType `json:"kind"`
+}
+
+// FieldExportSpec defines the desired state of the FieldExport.
+type FieldExportSpec struct {
+	From *ResourceFieldSelector `json:"from"`
+	To   *FieldExportTarget     `json:"to"`
+}
+
+// FieldExportStatus defines the observed status of the FieldExport.
+type FieldExportStatus struct {
+	// A collection of `ackv1alpha1.Condition` objects that describe the various
+	// recoverable states of the field CR
+	Conditions []*Condition `json:"conditions"`
+}
+
+// FieldExport is the schema for the FieldExport API.
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+type FieldExport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              FieldExportSpec   `json:"spec,omitempty"`
+	Status            FieldExportStatus `json:"status,omitempty"`
+}
+
+// FieldExportList defines a list of FieldExports.
+// +kubebuilder:object:root=true
+type FieldExportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []FieldExport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&FieldExport{}, &FieldExportList{})
+}

apis/core/v1alpha1/identifiers.go

@@ -13,6 +13,10 @@
 
 package v1alpha1
 
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
 // AWSIdentifiers provide all unique ways to reference an AWS resource.
 type AWSIdentifiers struct {
 	// ARN is the AWS Resource Name for the resource. It is a globally
@@ -26,14 +30,26 @@ type AWSIdentifiers struct {
 	AdditionalKeys map[string]string `json:"additionalKeys,omitempty"`
 }
 
-// TargetKubernetesResource provides all the values necessary to identify a given ACK type
-// and override any metadata values when creating a resource of that type.
-type TargetKubernetesResource struct {
-	// +kubebuilder:validation:Required
-	Group string `json:"group"`
-	// +kubebuilder:validation:Required
-	Kind     string             `json:"kind"`
-	Metadata *PartialObjectMeta `json:"metadata,omitempty"`
+// NamespacedResource provides all the values necessary to identify an ACK
+// resource of a given type (within the same namespace as the custom resource
+// containing this type).
+type NamespacedResource struct {
+	metav1.GroupKind `json:""`
+	Name             *string `json:"name"`
+}
+
+// ResourceWithMetadata provides the values necessary to create a
+// Kubernetes resource and override any of its metadata values.
+type ResourceWithMetadata struct {
+	metav1.GroupKind `json:""`
+	Metadata         *PartialObjectMeta `json:"metadata,omitempty"`
+}
+
+// ResourceFieldSelector provides the values necessary to identify an individual
+// field on an individual K8s resource.
+type ResourceFieldSelector struct {
+	Resource NamespacedResource `json:"resource"`
+	Path     *string            `json:"path"`
 }
 
 // AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference