Example using S3 Bucket, BucketPolicy and ToCompositeFieldPath

[chlunde]

The AWS S3 Bucket Policy object requires the name of the S3 Bucket inside the spec. Crossplane generally handles this by having a selector which you can use to find the right object, such as bucketNameSelector:

            bucketNameSelector:
              matchControllerRef: true

but in this case this is not enough because we also need the bucket ARN inside the object in spec.forProvider.policy.statements[0].resource[0].

---

In the latest crossplane-release we can achieve this using a patch with type: ToCompositeFieldPath to extract the information from the bucket object, back to a field in the composite object.

Step 1: Updating the schema

First we need to add a field to the schema of the composite object. We add status.bucketArn by updating the composite resource definition:

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
...
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        type: object
        properties:
          spec:
...
          status:
            type: object
            properties:
              bucketArn:
                description: ARN of bucket
                type: string

Step 2: Extracting the generated ARN back to the composite

By running kubectl get bucket -o yaml we can se that the ARN is available in the status of the bucket:

kubectl get bucket my-bucket-pjrqd-w94db -o yaml
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
  annotations:
    crossplane.io/external-name: my-bucket-pjrqd-w94db
...
  generateName: my-bucket-pjrqd-
 ...
status:
  atProvider:
    arn: arn:aws:s3:::my-bucket-pjrqd-w94db

Now we can pull this information from status.atProvider.arn in the Bucket object up into our custom S3Bucket by writing a patch with type ToCompositeFieldPath:

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
spec:
  resources:
    - base:
        apiVersion: s3.aws.crossplane.io/v1beta1
        kind: Bucket
...
      patches:
        - fromFieldPath: "status.atProvider.arn"
          toFieldPath: "status.bucketArn"
          type: ToCompositeFieldPath

Step 3: Storing the extracted information down into a base

Now we can update the S3 bucket policy with the ARN just like we would with a normal parameter. By default, a patch has type FromCompositeFieldPath.

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
spec:
  resources:
...
    - base:
        apiVersion: s3.aws.crossplane.io/v1alpha3
        kind: BucketPolicy
        spec:
          forProvider:
            bucketNameSelector:
              matchControllerRef: true
            policy:
              statements:
                - ...
                  resource: []
...
      patches:
        - fromFieldPath: "status.bucketArn"
          toFieldPath: "spec.forProvider.policy.statements[0].resource[0]"
          transforms:
            - type: string
              string:
                fmt: "%s/*"