Updated Cedar, default to docker

Signed-off-by: Micah Hausler <mhausler@amazon.com>

.github/workflows/cedar-validation.yaml

@@ -5,7 +5,7 @@ on:
   pull_request:
     branches: [ main ]
 env: 
-  CEDAR_VERSION: 4.2.2
+  CEDAR_VERSION: 4.3.0
 jobs:
   cedar:
     name: Cedar

.gitignore

@@ -24,10 +24,14 @@ webhook.image.tar
 
 # Go workspace file
 go.work
+go.work.sum
 
 # Kubernetes Generated files - skip generated files, except for vendored files
 !vendor/**/zz_generated.*
 
+# Flags
+.finch
+
 # editor and IDE paraphernalia
 .idea
 .vscode
@@ -39,6 +43,3 @@ go.work
 /build
 gen
 bin
-go.work
-go.work.sum
-

Dockerfile

@@ -10,7 +10,7 @@ COPY go.sum go.sum
 
 # :oldmanshakesfistatcloud:
 # Amazon's internal networks block the Go module proxy, so for now we set to direct
-ENV GOPROXY direct
+ENV GOPROXY=direct
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download

Makefile

@@ -11,11 +11,12 @@ GOBIN=$(shell go env GOBIN)
 endif
 
 # CONTAINER_TOOL defines the container tool to be used for building images.
-# Be aware that the target commands are only tested with finch.
-# However, you may be able to replace this with docker
-CONTAINER_TOOL ?= finch
-
-FINCH_FEATURE ?= KIND_EXPERIMENTAL_PROVIDER=finch
+ifneq ($(wildcard .finch),)
+	CONTAINER_TOOL ?= finch
+	KIND_FEATURE = KIND_EXPERIMENTAL_PROVIDER=finch
+else
+	CONTAINER_TOOL ?= docker
+endif
 
 # Setting SHELL to bash allows bash commands to be executed by recipes.
 # Options are set to exit when a recipe line exits non-zero or a piped command fails.
@@ -45,7 +46,7 @@ kind-image: image-build ## Build the kind node image
 
 .PHONY: kind
 kind: kind-image ## Start a kind cluster configured to use the local authorization webhook
-	$(FINCH_FEATURE) kind create cluster --config kind.yaml -v2
+	$(KIND_FEATURE) kind create cluster --config kind.yaml -v2
 	kubectl apply -f config/crd/bases/cedar.k8s.aws_policies.yaml
 	kubectl apply -f demo/authorization-policy.yaml
 	kubectl apply -f demo/admission-policy.yaml
@@ -58,7 +59,7 @@ kind: kind-image ## Start a kind cluster configured to use the local authorizati
 
 .PHONY: clean-kind
 clean-kind: ## Delete the kind cluster and clean up genereated files
-	$(FINCH_FEATURE) kind delete cluster --name $(KIND_NAME)
+	$(KIND_FEATURE) kind delete cluster --name $(KIND_NAME)
 	rm \
 		./mount/policies/cedar-kubeconfig.yaml \
 		./mount/*-user-kubeconfig.yaml \

docs/Setup.md

@@ -4,13 +4,14 @@
 
 ### Prerequisites
 
-To run this project locally, you'll need to install [finch][finch], [Go][go], [kubectl][kubectl], [kind][kind], and [kubebuilder][kubebuilder] (if creating/modifying CRDs).
+To run this project locally, you'll need to install [Go][go], [kubectl][kubectl], [kind][kind], [kubebuilder][kubebuilder] (if creating/modifying CRDs), and either [finch][finch] or [docker][docker].
 
-[finch]: https://github.com/runfinch/finch
 [go]: https://go.dev/dl
 [kubectl]: https://kubernetes.io/docs/tasks/tools/
 [kind]: https://kind.sigs.k8s.io/
 [kubebuilder]: https://book.kubebuilder.io/quick-start
+[finch]: https://github.com/runfinch/finch
+[docker]: https://docs.docker.com/desktop/
 
 ### Kind
 
@@ -37,6 +38,7 @@ kind --version
 
 ### Finch
 
+You can optionally use Finch as an alternative to Docker.
 Use `brew` to install Finch, other installation options can be found [here](https://github.com/runfinch/finch?tab=readme-ov-file#installing-finch).
 
 ```bash
@@ -65,6 +67,11 @@ finch vm status
 # Running
 ```
 
+Finally, signal to the Makefile that you want to use Finch by creating a `.finch` file.
+```bash
+touch .finch
+```
+
 ## Local Quickstart
 
 1. Clone this repository to your local environment or IDE.
@@ -146,7 +153,7 @@ For tearing down the Kind cluster.
 make clean-kind
 ```
 
-And to cleanup the Finch VM.
+And if you're using Finch, in order to cleanup the Finch VM run:
 
 ```bash
 finch vm stop