addressed transient state change checks

Makefile

@@ -33,9 +33,8 @@ XPKGS = $(PROJECT_NAME)
 -include build/makelib/xpkg.mk
 
 CROSSPLANE_NAMESPACE = upbound-system
-CROSSPLANE_ARGS = "--enable-usages"
+CROSSPLANE_ARGS = "--enable-usages,--debug"
 KIND_CLUSTER_NAME = "uxp"
-KIND_VERSION = "v1.27.3"
 -include build/makelib/local.xpkg.mk
 -include build/makelib/controlplane.mk
 
@@ -71,23 +70,36 @@ build.init: $(UP)
 #   You can check the basic implementation here: https://github.com/upbound/uptest/blob/main/internal/templates/01-delete.yaml.tmpl.
 uptest: $(UPTEST) $(KUBECTL) $(KUTTL)
 	@$(INFO) running automated tests
-	@KUBECTL=$(KUBECTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) KUTTL=$(KUTTL) $(UPTEST) e2e examples/vault.yaml --setup-script=test/setup.sh --skip-delete --default-timeout=3600 || $(FAIL)
+	@KUBECTL=$(KUBECTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) KUTTL=$(KUTTL) $(UPTEST) e2e examples/vault.yaml --setup-script=test/setup.sh --default-timeout=3600 || $(FAIL)
 	@$(OK) running automated tests
 
 # This target requires the following environment variables to be set:
 # - UPTEST_CLOUD_CREDENTIALS, cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials)
 e2e: build controlplane.up local.xpkg.deploy.configuration.$(PROJECT_NAME) uptest
 
+s = "False"
 bootstrap: build controlplane.up local.xpkg.deploy.configuration.$(PROJECT_NAME)
 	test/setup.sh
 	$(KUBECTL) apply -f examples/vault.yaml
-	$(KUBECTL) wait vault.sec.upbound.io configuration-vault --for=condition=Ready --timeout 20m
-	# Check for readiness again to be sure because the first readiness 
-	# has previously prematurely returned.
-	$(KUBECTL) wait vault.sec.upbound.io configuration-vault --for=condition=Ready --timeout 20m
-	$(KUBECTL) -n vault port-forward vault-0 8200 &
+	s=$(s); \
+        while [ $${s} != "True" ] ; do \
+	    $(KUBECTL) wait vault.sec.upbound.io configuration-vault --for=condition=Ready --timeout 20m ; \
+	    sleep 3 ; \
+	    s=`$(KUBECTL) get vault.sec.upbound.io configuration-vault -o jsonpath='{.status.conditions[1].status}'|awk '{print $1}'`; \
+	    echo $$s ; \
+        done; \
+        true
+	$(KUBECTL) -n vault port-forward vault-0 8200 2>&1 >/dev/null &
+	crossplane beta trace vault.sec.upbound.io configuration-vault
 	test/verify.sh
 
+verify:
+	$(KUBECTL) -n vault port-forward vault-0 8200 2>&1 >/dev/null &
+	test/verify.sh
+
+cleanup:
+	kind delete cluster --name uxp
+
 render:
 	crossplane beta render examples/vault.yaml apis/vault/composition.yaml examples/functions.yaml -r
 

README.md

@@ -128,25 +128,27 @@ interim stages leading up to all resources being available.
 ```
 NAME                                                                       SYNCED   READY   STATUS
 Vault/configuration-vault (default)                                        True     True    Available
-└─ XVault/configuration-vault-6fwtw                                        True     True    Available
-   ├─ XAuth/configuration-vault-6fwtw-q2xw9                                True     True    Available
+└─ XVault/configuration-vault-z728c                                        True     True    Available
+   ├─ Usage/configuration-vault-z728c-flq88                                -        True    Available
+   ├─ Usage/configuration-vault-z728c-k5jlh                                -        True    Available
+   ├─ Usage/configuration-vault-z728c-wm7l2                                -        True    Available
+   ├─ XAuth/configuration-vault-z728c-576ks                                True     True    Available
    │  ├─ Backend/configuration-vault-auth-backend-userpass                 True     True    Available
    │  └─ Endpoint/configuration-vault-auth-generic-endpoint                True     True    Available
-   ├─ XPolicy/configuration-vault-6fwtw-2mg2k                              True     True    Available
+   ├─ XPolicy/configuration-vault-z728c-x5wmt                              True     True    Available
    │  ├─ Policy/configuration-vault-admin-policy                           True     True    Available
    │  └─ Policy/configuration-vault-eaas-client-policy                     True     True    Available
-   ├─ XSecret/configuration-vault-6fwtw-4x6k7                              True     True    Available
+   ├─ XSecret/configuration-vault-z728c-phtv6                              True     True    Available
    │  ├─ SecretBackendKey/configuration-vault-transit-secret-backend-key   True     True    Available
    │  ├─ Mount/configuration-vault-kv-v2-secret-mount                      True     True    Available
    │  └─ Mount/configuration-vault-transit-secret-mount                    True     True    Available
-   ├─ XVaultInstall/configuration-vault-6fwtw-vdjq9                        True     True    Available
-   │  ├─ Release/configuration-vault-6fwtw-55xbp                           True     True    Available
-   │  ├─ Object/configuration-vault-6fwtw-kff7z                            True     True    Available
-   │  ├─ Object/configuration-vault-6fwtw-mbqkv                            True     True    Available
-   │  ├─ Object/configuration-vault-6fwtw-nbpr6                            True     True    Available
-   │  └─ Object/configuration-vault-6fwtw-tn98k                            True     True    Available
-   └─ XVaultUser/configuration-vault-6fwtw-s97jk                           True     True    Available
-      └─ Object/configuration-vault-6fwtw-mg7hc                            True     True    Available
+   ├─ XVaultInstall/configuration-vault-z728c-kgmv8                        True     True    Available
+   │  ├─ Release/configuration-vault-z728c-24hsq                           True     True    Available
+   │  ├─ Object/configuration-vault-z728c-cfbqs                            True     True    Available
+   │  ├─ Object/configuration-vault-z728c-hbdqx                            True     True    Available
+   │  └─ Object/configuration-vault-z728c-hwktr                            True     True    Available
+   └─ XVaultUser/configuration-vault-z728c-kc5w6                           True     True    Available
+      └─ Object/configuration-vault-z728c-rhsqc                            True     True    Available
 ```
 
 ## Verify the configuration
@@ -272,5 +274,5 @@ base64 --decode <<< "<COPY_THE_BASE64_ENCODED_PLAINTEXT_FROM_ABOVE>"
 ## Clean up
 Use the following command to delete the local demo cluster.
 ```
-kind delete cluster --name uxp
+make cleanup
 ```

apis/vault/auth/composition.yaml

@@ -78,4 +78,21 @@ spec:
               - fromFieldPath: status.atProvider
                 toFieldPath: status.vaultGenericEndpoint
                 type: ToCompositeFieldPath
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: auth.vault.upbound.io/v1alpha1
+                  kind: Backend
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: generic.vault.upbound.io/v1alpha1
+                  kind: Endpoint
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageAuthBackendByGenericEndpoint
       step: patch-and-transform

apis/vault/auth/definition.yaml

@@ -4,6 +4,7 @@ kind: CompositeResourceDefinition
 metadata:
   name: xauths.sec.upbound.io
 spec:
+  defaultCompositeDeletePolicy: Foreground
   group: sec.upbound.io
   names:
     kind: XAuth

apis/vault/composition.yaml

@@ -106,4 +106,89 @@ spec:
               - fromFieldPath: spec.parameters.providerConfigName
                 toFieldPath: spec.parameters.providerConfigName
                 type: FromCompositeFieldPath
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XVaultInstall
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XAuth
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageXVaultInstallByXAuth
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XVaultInstall
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XPolicy
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageXVaultInstallByXPolicy
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XVaultInstall
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XSecret
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageXVaultInstallByXSecret
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XSecret
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XAuth
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageXSecretByXAuth
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XVaultUser
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: sec.upbound.io/v1alpha1
+                  kind: XAuth
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageXVaultUserByXAuth
       step: patch-and-transform

apis/vault/definition.yaml

@@ -4,6 +4,7 @@ kind: CompositeResourceDefinition
 metadata:
   name: xvaults.sec.upbound.io
 spec:
+  defaultCompositeDeletePolicy: Foreground
   group: sec.upbound.io
   names:
     kind: XVault

apis/vault/install/composition.yaml

@@ -128,4 +128,21 @@ spec:
               - fromFieldPath: spec.parameters.providerConfigName
                 toFieldPath: spec.providerConfigRef.name
                 type: FromCompositeFieldPath
+          - base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                of:
+                  apiVersion: kubernetes.crossplane.io/v1alpha1
+                  kind: Object
+                  resourceSelector:
+                    matchControllerRef: true
+                by:
+                  apiVersion: helm.crossplane.io/v1beta1
+                  kind: Release
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None
+            name: usageXVaultInstallObjectsByHelmRelease
       step: patch-and-transform

apis/vault/install/definition.yaml

@@ -4,6 +4,7 @@ kind: CompositeResourceDefinition
 metadata:
   name: xvaultinstalls.sec.upbound.io
 spec:
+  defaultCompositeDeletePolicy: Foreground
   group: sec.upbound.io
   names:
     kind: XVaultInstall

apis/vault/policies/definition.yaml

@@ -4,6 +4,7 @@ kind: CompositeResourceDefinition
 metadata:
   name: xpolicys.sec.upbound.io
 spec:
+  defaultCompositeDeletePolicy: Foreground
   group: sec.upbound.io
   names:
     kind: XPolicy

apis/vault/secrets/definition.yaml

@@ -4,6 +4,7 @@ kind: CompositeResourceDefinition
 metadata:
   name: xsecrets.sec.upbound.io
 spec:
+  defaultCompositeDeletePolicy: Foreground
   group: sec.upbound.io
   names:
     kind: XSecret

apis/vault/user/definition.yaml

@@ -4,6 +4,7 @@ kind: CompositeResourceDefinition
 metadata:
   name: xvaultusers.sec.upbound.io
 spec:
+  defaultCompositeDeletePolicy: Foreground
   group: sec.upbound.io
   names:
     kind: XVaultUser