Implement namespaced resources and upgrade crossplane runtime

.github/workflows/ci.yml

@@ -10,9 +10,9 @@ on:
 
 env:
   # Common versions
-  GO_VERSION: '1.24.6'
-  GOLANGCI_VERSION: 'v2.1.2'
-  DOCKER_BUILDX_VERSION: 'v0.23.0'
+  GO_VERSION: "1.24.6"
+  GOLANGCI_VERSION: "v2.1.2"
+  DOCKER_BUILDX_VERSION: "v0.23.0"
 
 jobs:
   detect-noop:
@@ -28,7 +28,6 @@ jobs:
           paths_ignore: '["**.md", "**.png", "**.jpg"]'
           do_not_skip: '["workflow_dispatch", "schedule", "push"]'
 
-
   lint:
     runs-on: ubuntu-latest
     needs: detect-noop
@@ -111,7 +110,18 @@ jobs:
     runs-on: ubuntu-latest
     needs: detect-noop
     if: needs.detect-noop.outputs.noop != 'true'
-
+    strategy:
+      fail-fast: false
+      matrix:
+        crossplane-version:
+          - name: "crossplane-v2"
+            version: "2.1.1"
+            cli-version: "v2.1.1"
+          - name: "crossplane-v1"
+            version: "1.20.1"
+            cli-version: "v1.20.1"
+
+    name: e2e-tests-${{ matrix.crossplane-version.name }}
     steps:
       - name: Setup QEMU
         uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
@@ -145,4 +155,7 @@ jobs:
         env:
           # We're using docker buildx, which doesn't actually load the images it
           # builds by default. Specifying --load does so.
-          BUILD_ARGS: "--load"
+          BUILD_ARGS: "--load"
+          # Set Crossplane version for this matrix run
+          CROSSPLANE_VERSION: ${{ matrix.crossplane-version.version }}
+          CROSSPLANE_CLI_VERSION: ${{ matrix.crossplane-version.cli-version }}

.gitignore

@@ -13,4 +13,4 @@ kubeconfig
 
 # Test server binaries
 cluster/test/server
-cluster/test/testserver
+cluster/test/testserver

Makefile

@@ -39,8 +39,8 @@ GOLANGCILINT_VERSION = 2.1.2
 # ====================================================================================
 # Setup Kubernetes tools
 USE_HELM3 = true
-CROSSPLANE_VERSION = 2.0.2
-CROSSPLANE_CLI_VERSION = v2.0.2
+CROSSPLANE_VERSION = 2.1.1
+CROSSPLANE_CLI_VERSION = v2.1.1
 
 -include build/makelib/k8s_tools.mk
 
@@ -90,11 +90,16 @@ CROSSPLANE_NAMESPACE = crossplane-system
 -include build/makelib/local.xpkg.mk
 -include build/makelib/controlplane.mk
 
-UPTEST_EXAMPLE_LIST := $(shell find ./examples/sample -path '*.yaml' | paste -s -d ',' - )
+# Conditionally include namespaced examples for Crossplane v2
+ifeq ($(shell echo "$(CROSSPLANE_VERSION)" | cut -d. -f1),2)
+    UPTEST_EXAMPLE_LIST := $(shell find ./examples/sample -path '*.yaml' | paste -s -d ',' - ),$(shell find ./examples/namespaced -path '*.yaml' | paste -s -d ',' - )
+else
+    UPTEST_EXAMPLE_LIST := $(shell find ./examples/sample -path '*.yaml' | paste -s -d ',' - )
+endif
 
-uptest: $(UPTEST) $(KUBECTL) $(KUTTL)
+uptest: $(UPTEST) $(KUBECTL) $(CHAINSAW) $(CROSSPLANE_CLI)
 	@$(INFO) running automated tests
-	@KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) TEST_SERVER_IMAGE=$(TEST_SERVER_IMAGE) $(UPTEST) e2e "$(UPTEST_EXAMPLE_LIST)" --setup-script=cluster/test/setup.sh || $(FAIL)
+	@KUBECTL=$(KUBECTL) CHAINSAW=$(CHAINSAW) CROSSPLANE_CLI=$(CROSSPLANE_CLI) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) CROSSPLANE_VERSION=$(CROSSPLANE_VERSION) $(UPTEST) e2e "$(UPTEST_EXAMPLE_LIST)" --setup-script=cluster/test/setup.sh || $(FAIL)
 	@$(OK) running automated tests
 
 local-dev: controlplane.up

README.md

@@ -20,16 +20,98 @@ To install `provider-http`, you have two options:
    metadata:
      name: provider-http
    spec:
-     package: "xpkg.upbound.io/crossplane-contrib/provider-http:v1.0.11"
+     package: 'xpkg.upbound.io/crossplane-contrib/provider-http:v1.0.11'
    ```
 
 ## Supported Resources
 
-`provider-http` supports the following resources:
+`provider-http` supports resources in two scopes:
+
+### Cluster-scoped Resources (`http.crossplane.io`)
 
 - **DisposableRequest:** Initiates a one-time HTTP request. See [DisposableRequest CRD documentation](resources-docs/disposablerequest_docs.md).
 - **Request:** Manages a resource through HTTP requests. See [Request CRD documentation](resources-docs/request_docs.md).
 
+### Namespaced Resources (`http.m.crossplane.io`)
+
+- **DisposableRequest:** Namespace-scoped version of the disposable HTTP request.
+- **Request:** Namespace-scoped version of the managed HTTP resource.
+- **ProviderConfig:** Namespace-scoped provider configuration.
+- **ClusterProviderConfig:** Cluster-scoped provider configuration for cross-namespace access.
+
+**When to use each:**
+
+- Use **cluster-scoped** resources for shared infrastructure and when you have cluster-admin privileges
+- Use **namespaced** resources for tenant isolation, application-specific resources, and when working with namespace-level permissions
+
+## TLS Certificate Authentication
+
+The provider supports TLS certificate-based authentication for secure API communication:
+
+- **CA Certificates:** Trust custom certificate authorities
+- **Client Certificates:** Mutual TLS (mTLS) authentication
+- **Flexible Configuration:** Set TLS at provider or resource level
+- **Secret References:** Load certificates from Kubernetes secrets
+
+### Quick Start
+
+1. **Create certificate secrets:**
+
+```bash
+# CA certificate
+kubectl create secret generic ca-certs \
+  --from-file=ca.crt=./ca-cert.pem \
+  --namespace=crossplane-system
+
+# Client certificate for mTLS
+kubectl create secret tls client-certs \
+  --cert=./client.crt \
+  --key=./client.key \
+  --namespace=crossplane-system
+```
+
+2. **Configure ProviderConfig:**
+
+```yaml
+apiVersion: http.crossplane.io/v1alpha1
+kind: ProviderConfig
+metadata:
+  name: secure-http
+spec:
+  credentials:
+    source: None
+  tls:
+    caCertSecretRef:
+      name: ca-certs
+      namespace: crossplane-system
+      key: ca.crt
+    clientCertSecretRef:
+      name: client-certs
+      namespace: crossplane-system
+      key: tls.crt
+    clientKeySecretRef:
+      name: client-certs
+      namespace: crossplane-system
+      key: tls.key
+```
+
+3. **Use in requests:**
+
+```yaml
+apiVersion: http.crossplane.io/v1alpha2
+kind: Request
+metadata:
+  name: secure-api-call
+spec:
+  providerConfigRef:
+    name: secure-http
+  forProvider:
+    url: https://api.example.com/resource
+    method: GET
+```
+
+See [examples/provider/tls-config.yaml](examples/provider/tls-config.yaml) for more configuration options.
+
 ## Usage
 
 ### DisposableRequest
@@ -62,6 +144,24 @@ spec:
 
 For more detailed examples and configuration options, refer to the [examples directory](examples/sample/).
 
+### Namespaced Resources
+
+For namespace-scoped resources, use the `http.m.crossplane.io` API group:
+
+```yaml
+apiVersion: http.m.crossplane.io/v1alpha2
+kind: Request
+metadata:
+  name: example-namespaced-request
+  namespace: my-namespace
+spec:
+  # Add your Request specification here
+  providerConfigRef:
+    name: my-namespaced-config
+```
+
+For namespaced examples and configuration options, refer to the [namespaced examples directory](examples/namespaced/).
+
 ## Developing locally
 
 Run controller against the cluster:

apis/disposablerequest/v1alpha1/disposablerequest_types.go → apis/cluster/disposablerequest/v1alpha1/disposablerequest_types.go

@@ -22,7 +22,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 
-	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
+	xpv1 "github.com/crossplane/crossplane-runtime/v2/apis/common/v1"
 )
 
 // DisposableRequestParameters are the configurable fields of a DisposableRequest.