This example demonstrates blocking deletion of objects in a Composition based on resources generated from configuration-aws-network.
In the observed directory are resources that represent provisioned
Managed Resources in a Crossplane cluster. The VPC
has been annotated with protection.fn.crossplane.io/block-deletion: "true":
annotations:
protection.fn.crossplane.io/block-deletion: "true"The crossplane render command can run the function pipeline and include these observed resources. The
output contains the Resources generated by the function pipeline:
crossplane render \
--observed-resources observed \
--include-full-xr \
xr.yaml composition.yaml functions.yamlAfter running this command the output will include the newly generated Usages. Because the VPC Resource has protection enabled,
a ClusterUsage will also be generated for the parent XNetwork composite.
...
---
apiVersion: protection.crossplane.io/v1beta1
kind: ClusterUsage
metadata:
annotations:
crossplane.io/composition-resource-name: vpc-usage
labels:
crossplane.io/composite: configuration-aws-network
name: -e3b0c4-fn-protection
ownerReferences:
- apiVersion: aws.platform.upbound.io/v1alpha1
blockOwnerDeletion: true
controller: true
kind: XNetwork
name: configuration-aws-network
uid: ""
spec:
of:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: VPC
resourceRef:
name: ""
reason: created by function-deletion-protection via label protection.fn.crossplane.io/block-deletion
---
apiVersion: protection.crossplane.io/v1beta1
kind: ClusterUsage
metadata:
annotations:
crossplane.io/composition-resource-name: xr-configuration-aws-network-usage
labels:
crossplane.io/composite: configuration-aws-network
name: configuration-aws-network-26d898-fn-protection
ownerReferences:
- apiVersion: aws.platform.upbound.io/v1alpha1
blockOwnerDeletion: true
controller: true
kind: XNetwork
name: configuration-aws-network
uid: ""
spec:
of:
apiVersion: aws.platform.upbound.io/v1alpha1
kind: XNetwork
resourceRef:
name: configuration-aws-network
reason: created by function-deletion-protection via label protection.fn.crossplane.io/block-deletionTo simulate output on Crossplane v1 Clusters, update the composition.yaml
file and set enableV1Mode to true:
- step: protect-resources
functionRef:
name: crossplane-contrib-function-protection
input:
apiVersion: protection.fn.crossplane.io/v1beta1
kind: Input
enableV1Mode: trueRendering the manifests will now generate v1 Usages, which have an API Version of:
apiextensions.crossplane.io/v1beta1.
---
apiVersion: apiextensions.crossplane.io/v1beta1
kind: Usage
metadata:
annotations:
crossplane.io/composition-resource-name: xr-configuration-aws-network-usage
labels:
crossplane.io/composite: configuration-aws-network
name: configuration-aws-network-26d898-fn-protectionIf developing the Go code, enable the render.crossplane.io/runtime: Development annotation
in the functions.yaml file:
apiVersion: pkg.crossplane.io/v1
kind: Function
metadata:
name: crossplane-contrib-function-protection
annotations:
# This tells crossplane render to connect to the function locally.
# Comment this out if updating the function's Go code.
render.crossplane.io/runtime: Development
spec: {}And then run the function in a terminal. crossplane render will connect to the local process.
go run . --insecure --debug