gardener
diff --git a/‎.ci/testruns/default/templates/testrun.yaml‎
Lines changed: 1 addition & 34 deletions b/‎.ci/testruns/default/templates/testrun.yaml‎
Lines changed: 1 addition & 34 deletions
diff --git a/‎.test-defs/apply-flow-aws.yaml‎
Lines changed: 0 additions & 23 deletions b/‎.test-defs/apply-flow-aws.yaml‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎.test-defs/infrastructure-test.yaml‎
Lines changed: 0 additions & 1 deletion b/‎.test-defs/infrastructure-test.yaml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 0 additions & 2 deletions b/‎Makefile‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎cmd/gardener-extension-provider-aws/app/app.go‎
Lines changed: 83 additions & 0 deletions b/‎cmd/gardener-extension-provider-aws/app/app.go‎
Lines changed: 83 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 0 additions & 3 deletions b/‎go.mod‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎go.sum‎
Lines changed: 0 additions & 6 deletions b/‎go.sum‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎imagevector/images.yaml‎
Lines changed: 0 additions & 14 deletions b/‎imagevector/images.yaml‎
Lines changed: 0 additions & 14 deletions
diff --git a/‎imagevector/imagevector.go‎
Lines changed: 0 additions & 9 deletions b/‎imagevector/imagevector.go‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎pkg/apis/aws/helper/scheme.go‎
Lines changed: 47 additions & 0 deletions b/‎pkg/apis/aws/helper/scheme.go‎
Lines changed: 47 additions & 0 deletions
@@ -54,46 +54,13 @@ spec:
         key: secretAccessKey
 
   testflow:
-  - name: infrastructure-test-tf
+  - name: infrastructure-test
     definition:
       name: infrastructure-test
       config:
         - name: REGION
           type: env
           value: eu-west-1
-        - name: RECONCILER
-          type: env
-          value: tf
-  - name: infrastructure-test-flow
-    definition:
-      name: infrastructure-test
-      config:
-        - name: REGION
-          type: env
-          value: eu-west-1
-        - name: RECONCILER
-          type: env
-          value: flow
-  - name: infrastructure-test-migrate
-    definition:
-      name: infrastructure-test
-      config:
-        - name: REGION
-          type: env
-          value: eu-west-1
-        - name: RECONCILER
-          type: env
-          value: migrate
-  - name: infrastructure-test-recover
-    definition:
-      name: infrastructure-test
-      config:
-      - name: REGION
-        type: env
-        value: eu-west-1
-      - name: RECONCILER
-        type: env
-        value: recover
   - name: backupbucket-test
     definition:
       name: backupbucket-test
 
@@ -15,7 +15,6 @@ spec:
     --access-key-id=$ACCESS_KEY_ID
     --secret-access-key=$SECRET_ACCESS_KEY
     --region=$REGION
-    --reconciler="${RECONCILER}"
 
   image: golang:1.25
   resources:
 
@@ -24,7 +24,6 @@ EXTENSION_NAMESPACE	:= garden
 GARDEN_KUBECONFIG 	?=
 
 PLATFORM := linux/amd64
-RECONCILER := flow
 
 WEBHOOK_PARAM := --webhook-config-url=$(WEBHOOK_CONFIG_URL)
 ifeq ($(WEBHOOK_CONFIG_MODE), service)
@@ -181,7 +180,6 @@ integration-test-infra:
 		--access-key-id='$(shell cat $(ACCESS_KEY_ID_FILE))' \
 		--secret-access-key='$(shell cat $(SECRET_ACCESS_KEY_FILE))' \
 		--region=$(REGION) \
-		--reconciler=$(RECONCILER)
 
 .PHONY: integration-test-bastion
 integration-test-bastion:
 
@@ -8,6 +8,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strings"
 	"time"
 
 	druidcorev1alpha1 "github.com/gardener/etcd-druid/api/core/v1alpha1"
@@ -20,10 +21,13 @@ import (
 	webhookcmd "github.com/gardener/gardener/extensions/pkg/webhook/cmd"
 	"github.com/gardener/gardener/pkg/client/kubernetes"
 	gardenerhealthz "github.com/gardener/gardener/pkg/healthz"
+	kutil "github.com/gardener/gardener/pkg/utils/kubernetes"
 	machinev1alpha1 "github.com/gardener/machine-controller-manager/pkg/apis/machine/v1alpha1"
+	"github.com/go-logr/logr"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	vpaautoscalingv1 "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1"
 	"k8s.io/component-base/version/verflag"
@@ -273,6 +277,13 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 				return fmt.Errorf("error running manager: %w", err)
 			}
 
+			// TODO (kon-angelo): Remove after the release of version 1.68.0
+			if err := mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
+				return purgeTerraformerRBACResources(ctx, mgr.GetClient(), log)
+			})); err != nil {
+				return fmt.Errorf("error adding terraformer migrations: %w", err)
+			}
+
 			return nil
 		},
 	}
@@ -282,3 +293,75 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 
 	return cmd
 }
+
+// TODO (kon-angelo): Remove after the release of version 1.68.0
+func purgeTerraformerRBACResources(ctx context.Context, c client.Client, log logr.Logger) error {
+	log.Info("Starting the deletion of obsolete terraformer resources")
+
+	const (
+		terraformerRoleName = "gardener.cloud:system:terraformer"
+	)
+
+	var (
+		roleBindingList    = &rbacv1.RoleBindingList{}
+		roleList           = &rbacv1.RoleList{}
+		serviceAccountList = &corev1.ServiceAccountList{}
+	)
+
+	// list serviceAccount bindings in all namespaces
+	if err := c.List(ctx, roleBindingList); err != nil {
+		return fmt.Errorf("failed to list RoleBindings: %w", err)
+	}
+
+	for _, roleBinding := range roleBindingList.Items {
+		if strings.EqualFold(roleBinding.Name, terraformerRoleName) {
+			log.Info("Deleting RoleBinding", "roleBinding", client.ObjectKeyFromObject(&roleBinding))
+			if err := kutil.DeleteObject(
+				ctx,
+				c,
+				&rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Namespace: roleBinding.Namespace, Name: roleBinding.Name}},
+			); err != nil {
+				return fmt.Errorf("failed to delete roleBinding %s: %w", client.ObjectKeyFromObject(&roleBinding), err)
+			}
+		}
+	}
+	log.Info("Successfully deleted the obsolete RoleBindings for terraformer")
+
+	if err := c.List(ctx, roleList); err != nil {
+		return fmt.Errorf("failed to list roles: %w", err)
+	}
+
+	for _, role := range roleList.Items {
+		if strings.EqualFold(role.Name, terraformerRoleName) {
+			log.Info("Deleting Role", "role", client.ObjectKeyFromObject(&role))
+			if err := kutil.DeleteObject(
+				ctx,
+				c,
+				&rbacv1.Role{ObjectMeta: metav1.ObjectMeta{Namespace: role.Namespace, Name: role.Name}},
+			); err != nil {
+				return fmt.Errorf("failed to delete Role %s: %w", client.ObjectKeyFromObject(&role), err)
+			}
+		}
+	}
+	log.Info("Successfully deleted the obsolete Roles for terraformer")
+
+	if err := c.List(ctx, serviceAccountList); err != nil {
+		return fmt.Errorf("failed to list roles: %w", err)
+	}
+
+	for _, serviceAccount := range serviceAccountList.Items {
+		if strings.EqualFold(serviceAccount.Name, "terraformer") {
+			log.Info("Deleting ServiceAccount", "serviceAccount", client.ObjectKeyFromObject(&serviceAccount))
+			if err := kutil.DeleteObject(
+				ctx,
+				c,
+				&corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: serviceAccount.Namespace, Name: serviceAccount.Name}},
+			); err != nil {
+				return fmt.Errorf("failed to delete ServiceAccount %s: %w", client.ObjectKeyFromObject(&serviceAccount), err)
+			}
+		}
+	}
+	log.Info("Successfully deleted the obsolete ServiceAccounts for terraformer")
+
+	return nil
+}
@@ -5,7 +5,6 @@ go 1.25.0
 
 require (
 	github.com/Masterminds/semver/v3 v3.4.0
-	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
 	github.com/aws/aws-sdk-go-v2 v1.41.1
 	github.com/aws/aws-sdk-go-v2/config v1.32.7
@@ -54,7 +53,6 @@ require (
 	dario.cat/mergo v1.0.2 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/PaesslerAG/gval v1.2.4 // indirect
 	github.com/PaesslerAG/jsonpath v0.1.2-0.20240726212847-3a740cf7976f // indirect
@@ -115,7 +113,6 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/ironcore-dev/vgopath v0.1.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 
@@ -744,12 +744,8 @@ github.com/Code-Hex/go-generics-cache v1.5.1/go.mod h1:qxcC9kRVrct9rHeiYpFWSoW1v
 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
-github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
-github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
-github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
@@ -1185,8 +1181,6 @@ github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/ionos-cloud/sdk-go/v6 v6.3.0 h1:/lTieTH9Mo/CWm3cTlFLnK10jgxjUGkAqRffGqvPteY=
 
@@ -375,17 +375,3 @@ images:
       integrity_requirement: high
       availability_requirement: low
     signing: false
-- name: terraformer
-  sourceRepository: github.com/gardener/terraformer
-  repository: europe-docker.pkg.dev/gardener-project/releases/gardener/terraformer-aws
-  tag: v2.28.0
-  labels:
-  - name: gardener.cloud/cve-categorisation
-    value:
-      network_exposure: protected
-      authentication_enforced: false
-      user_interaction: gardener-operator
-      confidentiality_requirement: high
-      integrity_requirement: high
-      availability_requirement: low
-    signing: false
@@ -9,8 +9,6 @@ import (
 
 	"github.com/gardener/gardener/pkg/utils/imagevector"
 	"k8s.io/apimachinery/pkg/util/runtime"
-
-	"github.com/gardener/gardener-extension-provider-aws/pkg/aws"
 )
 
 // ImagesYAML contains the content of the images.yaml file
@@ -33,10 +31,3 @@ func init() {
 func ImageVector() imagevector.ImageVector {
 	return imageVector
 }
-
-// TerraformerImage returns the Terraformer image.
-func TerraformerImage() string {
-	image, err := imageVector.FindImage(aws.TerraformerImageName)
-	runtime.Must(err)
-	return image.String()
-}
@@ -5,33 +5,40 @@
 package helper
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 
 	"github.com/gardener/gardener/extensions/pkg/controller"
 	"github.com/gardener/gardener/extensions/pkg/util"
 	extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	k8sclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	api "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws"
 	"github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/install"
+	apiv1alpha1 "github.com/gardener/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1"
 )
 
 var (
 	// Scheme is a Scheme with the types relevant for AWS actuators.
 	Scheme *runtime.Scheme
 
 	decoder runtime.Decoder
+
+	lenientDecoder runtime.Decoder
 )
 
 func init() {
 	Scheme = runtime.NewScheme()
 	utilruntime.Must(install.AddToScheme(Scheme))
 
 	decoder = serializer.NewCodecFactory(Scheme, serializer.EnableStrict).UniversalDecoder()
+	lenientDecoder = serializer.NewCodecFactory(Scheme).UniversalDecoder()
 }
 
 // CloudProfileConfigFromCluster decodes the provider specific cloud profile configuration for a cluster
@@ -132,3 +139,43 @@ func WorkloadIdentityConfigFromBytes(config []byte) (*api.WorkloadIdentityConfig
 	}
 	return workloadIdentityConfig, nil
 }
+
+// HasFlowState returns true if the group version of the State field in the provided
+// `extensionsv1alpha1.InfrastructureStatus` is aws.provider.extensions.gardener.cloud/v1alpha1.
+func HasFlowState(status extensionsv1alpha1.InfrastructureStatus) (bool, error) {
+	if status.State == nil {
+		return true, nil
+	}
+
+	flowState := unstructured.Unstructured{}
+	stateJson, err := status.State.MarshalJSON()
+	if err != nil {
+		return false, err
+	}
+
+	if err := json.Unmarshal(stateJson, &flowState); err != nil {
+		return false, err
+	}
+
+	return flowState.GroupVersionKind() == schema.GroupVersionKind{
+		Group:   apiv1alpha1.SchemeGroupVersion.Group,
+		Version: apiv1alpha1.SchemeGroupVersion.Version,
+		Kind:    "InfrastructureState",
+	}, nil
+}
+
+// InfrastructureStateFromRaw extracts the state from the Infrastructure. If no state was available, it returns a "zero" value InfrastructureState object.
+func InfrastructureStateFromRaw(raw *runtime.RawExtension) (*api.InfrastructureState, error) {
+	state := &api.InfrastructureState{}
+	if raw != nil && raw.Raw != nil {
+		if _, _, err := lenientDecoder.Decode(raw.Raw, nil, state); err != nil {
+			return nil, err
+		}
+	}
+
+	if state.Data == nil {
+		state.Data = make(map[string]string)
+	}
+
+	return state, nil
+}