diff --git a/apis/eks/v1beta1/zz_accessentry_terraformed.go b/apis/eks/v1beta1/zz_accessentry_terraformed.go new file mode 100755 index 0000000000..67fe066c63 --- /dev/null +++ b/apis/eks/v1beta1/zz_accessentry_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this AccessEntry +func (mg *AccessEntry) GetTerraformResourceType() string { + return "aws_eks_access_entry" +} + +// GetConnectionDetailsMapping for this AccessEntry +func (tr *AccessEntry) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this AccessEntry +func (tr *AccessEntry) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this AccessEntry +func (tr *AccessEntry) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this AccessEntry +func (tr *AccessEntry) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this AccessEntry +func (tr *AccessEntry) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this AccessEntry +func (tr *AccessEntry) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this AccessEntry +func (tr *AccessEntry) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this AccessEntry +func (tr *AccessEntry) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this AccessEntry using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *AccessEntry) LateInitialize(attrs []byte) (bool, error) { + params := &AccessEntryParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *AccessEntry) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/eks/v1beta1/zz_accessentry_types.go b/apis/eks/v1beta1/zz_accessentry_types.go new file mode 100755 index 0000000000..6e730aa717 --- /dev/null +++ b/apis/eks/v1beta1/zz_accessentry_types.go @@ -0,0 +1,186 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AccessEntryInitParameters struct { + + // – List of string which can optionally specify the Kubernetes groups the user would belong to when creating an access entry. + // +listType=set + KubernetesGroups []*string `json:"kubernetesGroups,omitempty" tf:"kubernetes_groups,omitempty"` + + // Key-value map of resource tags. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or groups, and prevent associations. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Defaults to principal ARN if user is principal else defaults to assume-role/session-name is role is used. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` +} + +type AccessEntryObservation struct { + + // Amazon Resource Name (ARN) of the Access Entry. + AccessEntryArn *string `json:"accessEntryArn,omitempty" tf:"access_entry_arn,omitempty"` + + // – Name of the EKS Cluster. + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + // Date and time in RFC3339 format that the EKS add-on was created. + CreatedAt *string `json:"createdAt,omitempty" tf:"created_at,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // – List of string which can optionally specify the Kubernetes groups the user would belong to when creating an access entry. + // +listType=set + KubernetesGroups []*string `json:"kubernetesGroups,omitempty" tf:"kubernetes_groups,omitempty"` + + // Date and time in RFC3339 format that the EKS add-on was updated. + ModifiedAt *string `json:"modifiedAt,omitempty" tf:"modified_at,omitempty"` + + // – The IAM Principal ARN which requires Authentication access to the EKS cluster. + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` + + // Key-value map of resource tags. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Key-value map of resource tags, including those inherited from the provider default_tags configuration block. + // +mapType=granular + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` + + // Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or groups, and prevent associations. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Defaults to principal ARN if user is principal else defaults to assume-role/session-name is role is used. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` +} + +type AccessEntryParameters struct { + + // – Name of the EKS Cluster. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/eks/v1beta2.Cluster + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.TerraformID() + // +kubebuilder:validation:Optional + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + // Reference to a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameRef *v1.Reference `json:"clusterNameRef,omitempty" tf:"-"` + + // Selector for a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameSelector *v1.Selector `json:"clusterNameSelector,omitempty" tf:"-"` + + // – List of string which can optionally specify the Kubernetes groups the user would belong to when creating an access entry. + // +kubebuilder:validation:Optional + // +listType=set + KubernetesGroups []*string `json:"kubernetesGroups,omitempty" tf:"kubernetes_groups,omitempty"` + + // – The IAM Principal ARN which requires Authentication access to the EKS cluster. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Role + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.ARNExtractor() + // +crossplane:generate:reference:refFieldName=PrincipalArnFromRoleRef + // +crossplane:generate:reference:selectorFieldName=PrincipalArnFromRoleSelector + // +kubebuilder:validation:Optional + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` + + // Reference to a Role in iam to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnFromRoleRef *v1.Reference `json:"principalArnFromRoleRef,omitempty" tf:"-"` + + // Selector for a Role in iam to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnFromRoleSelector *v1.Selector `json:"principalArnFromRoleSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` + + // Key-value map of resource tags. + // +kubebuilder:validation:Optional + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or groups, and prevent associations. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Defaults to principal ARN if user is principal else defaults to assume-role/session-name is role is used. + // +kubebuilder:validation:Optional + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` +} + +// AccessEntrySpec defines the desired state of AccessEntry +type AccessEntrySpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider AccessEntryParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider AccessEntryInitParameters `json:"initProvider,omitempty"` +} + +// AccessEntryStatus defines the observed state of AccessEntry. +type AccessEntryStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider AccessEntryObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// AccessEntry is the Schema for the AccessEntrys API. Access Entry Configurations for an EKS Cluster. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type AccessEntry struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec AccessEntrySpec `json:"spec"` + Status AccessEntryStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AccessEntryList contains a list of AccessEntrys +type AccessEntryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AccessEntry `json:"items"` +} + +// Repository type metadata. +var ( + AccessEntry_Kind = "AccessEntry" + AccessEntry_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: AccessEntry_Kind}.String() + AccessEntry_KindAPIVersion = AccessEntry_Kind + "." + CRDGroupVersion.String() + AccessEntry_GroupVersionKind = CRDGroupVersion.WithKind(AccessEntry_Kind) +) + +func init() { + SchemeBuilder.Register(&AccessEntry{}, &AccessEntryList{}) +} diff --git a/apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go b/apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go new file mode 100755 index 0000000000..dd9ccb5f16 --- /dev/null +++ b/apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this AccessPolicyAssociation +func (mg *AccessPolicyAssociation) GetTerraformResourceType() string { + return "aws_eks_access_policy_association" +} + +// GetConnectionDetailsMapping for this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this AccessPolicyAssociation using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *AccessPolicyAssociation) LateInitialize(attrs []byte) (bool, error) { + params := &AccessPolicyAssociationParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *AccessPolicyAssociation) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/eks/v1beta1/zz_accesspolicyassociation_types.go b/apis/eks/v1beta1/zz_accesspolicyassociation_types.go new file mode 100755 index 0000000000..43d1134140 --- /dev/null +++ b/apis/eks/v1beta1/zz_accesspolicyassociation_types.go @@ -0,0 +1,162 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AccessPolicyAssociationInitParameters struct { + AccessScope *AccessScopeInitParameters `json:"accessScope,omitempty" tf:"access_scope,omitempty"` +} + +type AccessPolicyAssociationObservation struct { + AccessScope *AccessScopeObservation `json:"accessScope,omitempty" tf:"access_scope,omitempty"` + + AssociatedAt *string `json:"associatedAt,omitempty" tf:"associated_at,omitempty"` + + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + ModifiedAt *string `json:"modifiedAt,omitempty" tf:"modified_at,omitempty"` + + PolicyArn *string `json:"policyArn,omitempty" tf:"policy_arn,omitempty"` + + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` +} + +type AccessPolicyAssociationParameters struct { + + // +kubebuilder:validation:Optional + AccessScope *AccessScopeParameters `json:"accessScope,omitempty" tf:"access_scope,omitempty"` + + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/eks/v1beta2.Cluster + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.TerraformID() + // +kubebuilder:validation:Optional + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + // Reference to a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameRef *v1.Reference `json:"clusterNameRef,omitempty" tf:"-"` + + // Selector for a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameSelector *v1.Selector `json:"clusterNameSelector,omitempty" tf:"-"` + + // +kubebuilder:validation:Required + PolicyArn *string `json:"policyArn" tf:"policy_arn,omitempty"` + + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/eks/v1beta1.AccessEntry + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("principal_arn",true) + // +kubebuilder:validation:Optional + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` + + // Reference to a AccessEntry in eks to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnRef *v1.Reference `json:"principalArnRef,omitempty" tf:"-"` + + // Selector for a AccessEntry in eks to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnSelector *v1.Selector `json:"principalArnSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type AccessScopeInitParameters struct { + + // +listType=set + Namespaces []*string `json:"namespaces,omitempty" tf:"namespaces,omitempty"` + + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AccessScopeObservation struct { + + // +listType=set + Namespaces []*string `json:"namespaces,omitempty" tf:"namespaces,omitempty"` + + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AccessScopeParameters struct { + + // +kubebuilder:validation:Optional + // +listType=set + Namespaces []*string `json:"namespaces,omitempty" tf:"namespaces,omitempty"` + + // +kubebuilder:validation:Optional + Type *string `json:"type" tf:"type,omitempty"` +} + +// AccessPolicyAssociationSpec defines the desired state of AccessPolicyAssociation +type AccessPolicyAssociationSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider AccessPolicyAssociationParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider AccessPolicyAssociationInitParameters `json:"initProvider,omitempty"` +} + +// AccessPolicyAssociationStatus defines the observed state of AccessPolicyAssociation. +type AccessPolicyAssociationStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider AccessPolicyAssociationObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// AccessPolicyAssociation is the Schema for the AccessPolicyAssociations API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type AccessPolicyAssociation struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.accessScope) || (has(self.initProvider) && has(self.initProvider.accessScope))",message="spec.forProvider.accessScope is a required parameter" + Spec AccessPolicyAssociationSpec `json:"spec"` + Status AccessPolicyAssociationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AccessPolicyAssociationList contains a list of AccessPolicyAssociations +type AccessPolicyAssociationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AccessPolicyAssociation `json:"items"` +} + +// Repository type metadata. +var ( + AccessPolicyAssociation_Kind = "AccessPolicyAssociation" + AccessPolicyAssociation_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: AccessPolicyAssociation_Kind}.String() + AccessPolicyAssociation_KindAPIVersion = AccessPolicyAssociation_Kind + "." + CRDGroupVersion.String() + AccessPolicyAssociation_GroupVersionKind = CRDGroupVersion.WithKind(AccessPolicyAssociation_Kind) +) + +func init() { + SchemeBuilder.Register(&AccessPolicyAssociation{}, &AccessPolicyAssociationList{}) +} diff --git a/apis/eks/v1beta1/zz_generated.conversion_hubs.go b/apis/eks/v1beta1/zz_generated.conversion_hubs.go index d039942038..4bbe492551 100755 --- a/apis/eks/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/eks/v1beta1/zz_generated.conversion_hubs.go @@ -6,6 +6,12 @@ package v1beta1 +// Hub marks this type as a conversion hub. +func (tr *AccessEntry) Hub() {} + +// Hub marks this type as a conversion hub. +func (tr *AccessPolicyAssociation) Hub() {} + // Hub marks this type as a conversion hub. func (tr *Addon) Hub() {} diff --git a/apis/eks/v1beta1/zz_generated.deepcopy.go b/apis/eks/v1beta1/zz_generated.deepcopy.go index d46853d80e..c2060c8d08 100644 --- a/apis/eks/v1beta1/zz_generated.deepcopy.go +++ b/apis/eks/v1beta1/zz_generated.deepcopy.go @@ -89,6 +89,654 @@ func (in *AccessConfigParameters) DeepCopy() *AccessConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntry) DeepCopyInto(out *AccessEntry) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntry. +func (in *AccessEntry) DeepCopy() *AccessEntry { + if in == nil { + return nil + } + out := new(AccessEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessEntry) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryInitParameters) DeepCopyInto(out *AccessEntryInitParameters) { + *out = *in + if in.KubernetesGroups != nil { + in, out := &in.KubernetesGroups, &out.KubernetesGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryInitParameters. +func (in *AccessEntryInitParameters) DeepCopy() *AccessEntryInitParameters { + if in == nil { + return nil + } + out := new(AccessEntryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryList) DeepCopyInto(out *AccessEntryList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AccessEntry, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryList. +func (in *AccessEntryList) DeepCopy() *AccessEntryList { + if in == nil { + return nil + } + out := new(AccessEntryList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessEntryList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryObservation) DeepCopyInto(out *AccessEntryObservation) { + *out = *in + if in.AccessEntryArn != nil { + in, out := &in.AccessEntryArn, &out.AccessEntryArn + *out = new(string) + **out = **in + } + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.CreatedAt != nil { + in, out := &in.CreatedAt, &out.CreatedAt + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.KubernetesGroups != nil { + in, out := &in.KubernetesGroups, &out.KubernetesGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ModifiedAt != nil { + in, out := &in.ModifiedAt, &out.ModifiedAt + *out = new(string) + **out = **in + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.TagsAll != nil { + in, out := &in.TagsAll, &out.TagsAll + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryObservation. +func (in *AccessEntryObservation) DeepCopy() *AccessEntryObservation { + if in == nil { + return nil + } + out := new(AccessEntryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryParameters) DeepCopyInto(out *AccessEntryParameters) { + *out = *in + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.ClusterNameRef != nil { + in, out := &in.ClusterNameRef, &out.ClusterNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterNameSelector != nil { + in, out := &in.ClusterNameSelector, &out.ClusterNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.KubernetesGroups != nil { + in, out := &in.KubernetesGroups, &out.KubernetesGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } + if in.PrincipalArnFromRoleRef != nil { + in, out := &in.PrincipalArnFromRoleRef, &out.PrincipalArnFromRoleRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalArnFromRoleSelector != nil { + in, out := &in.PrincipalArnFromRoleSelector, &out.PrincipalArnFromRoleSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryParameters. +func (in *AccessEntryParameters) DeepCopy() *AccessEntryParameters { + if in == nil { + return nil + } + out := new(AccessEntryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntrySpec) DeepCopyInto(out *AccessEntrySpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntrySpec. +func (in *AccessEntrySpec) DeepCopy() *AccessEntrySpec { + if in == nil { + return nil + } + out := new(AccessEntrySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryStatus) DeepCopyInto(out *AccessEntryStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryStatus. +func (in *AccessEntryStatus) DeepCopy() *AccessEntryStatus { + if in == nil { + return nil + } + out := new(AccessEntryStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociation) DeepCopyInto(out *AccessPolicyAssociation) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociation. +func (in *AccessPolicyAssociation) DeepCopy() *AccessPolicyAssociation { + if in == nil { + return nil + } + out := new(AccessPolicyAssociation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessPolicyAssociation) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationInitParameters) DeepCopyInto(out *AccessPolicyAssociationInitParameters) { + *out = *in + if in.AccessScope != nil { + in, out := &in.AccessScope, &out.AccessScope + *out = new(AccessScopeInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationInitParameters. +func (in *AccessPolicyAssociationInitParameters) DeepCopy() *AccessPolicyAssociationInitParameters { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationList) DeepCopyInto(out *AccessPolicyAssociationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AccessPolicyAssociation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationList. +func (in *AccessPolicyAssociationList) DeepCopy() *AccessPolicyAssociationList { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessPolicyAssociationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationObservation) DeepCopyInto(out *AccessPolicyAssociationObservation) { + *out = *in + if in.AccessScope != nil { + in, out := &in.AccessScope, &out.AccessScope + *out = new(AccessScopeObservation) + (*in).DeepCopyInto(*out) + } + if in.AssociatedAt != nil { + in, out := &in.AssociatedAt, &out.AssociatedAt + *out = new(string) + **out = **in + } + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.ModifiedAt != nil { + in, out := &in.ModifiedAt, &out.ModifiedAt + *out = new(string) + **out = **in + } + if in.PolicyArn != nil { + in, out := &in.PolicyArn, &out.PolicyArn + *out = new(string) + **out = **in + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationObservation. +func (in *AccessPolicyAssociationObservation) DeepCopy() *AccessPolicyAssociationObservation { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationParameters) DeepCopyInto(out *AccessPolicyAssociationParameters) { + *out = *in + if in.AccessScope != nil { + in, out := &in.AccessScope, &out.AccessScope + *out = new(AccessScopeParameters) + (*in).DeepCopyInto(*out) + } + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.ClusterNameRef != nil { + in, out := &in.ClusterNameRef, &out.ClusterNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterNameSelector != nil { + in, out := &in.ClusterNameSelector, &out.ClusterNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PolicyArn != nil { + in, out := &in.PolicyArn, &out.PolicyArn + *out = new(string) + **out = **in + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } + if in.PrincipalArnRef != nil { + in, out := &in.PrincipalArnRef, &out.PrincipalArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalArnSelector != nil { + in, out := &in.PrincipalArnSelector, &out.PrincipalArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationParameters. +func (in *AccessPolicyAssociationParameters) DeepCopy() *AccessPolicyAssociationParameters { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationSpec) DeepCopyInto(out *AccessPolicyAssociationSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationSpec. +func (in *AccessPolicyAssociationSpec) DeepCopy() *AccessPolicyAssociationSpec { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationStatus) DeepCopyInto(out *AccessPolicyAssociationStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationStatus. +func (in *AccessPolicyAssociationStatus) DeepCopy() *AccessPolicyAssociationStatus { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessScopeInitParameters) DeepCopyInto(out *AccessScopeInitParameters) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessScopeInitParameters. +func (in *AccessScopeInitParameters) DeepCopy() *AccessScopeInitParameters { + if in == nil { + return nil + } + out := new(AccessScopeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessScopeObservation) DeepCopyInto(out *AccessScopeObservation) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessScopeObservation. +func (in *AccessScopeObservation) DeepCopy() *AccessScopeObservation { + if in == nil { + return nil + } + out := new(AccessScopeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessScopeParameters) DeepCopyInto(out *AccessScopeParameters) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessScopeParameters. +func (in *AccessScopeParameters) DeepCopy() *AccessScopeParameters { + if in == nil { + return nil + } + out := new(AccessScopeParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Addon) DeepCopyInto(out *Addon) { *out = *in diff --git a/apis/eks/v1beta1/zz_generated.managed.go b/apis/eks/v1beta1/zz_generated.managed.go index fb75102cdd..78f2ce2b7f 100644 --- a/apis/eks/v1beta1/zz_generated.managed.go +++ b/apis/eks/v1beta1/zz_generated.managed.go @@ -7,6 +7,126 @@ package v1beta1 import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +// GetCondition of this AccessEntry. +func (mg *AccessEntry) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this AccessEntry. +func (mg *AccessEntry) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this AccessEntry. +func (mg *AccessEntry) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this AccessEntry. +func (mg *AccessEntry) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this AccessEntry. +func (mg *AccessEntry) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this AccessEntry. +func (mg *AccessEntry) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this AccessEntry. +func (mg *AccessEntry) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this AccessEntry. +func (mg *AccessEntry) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this AccessEntry. +func (mg *AccessEntry) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this AccessEntry. +func (mg *AccessEntry) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this AccessEntry. +func (mg *AccessEntry) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this AccessEntry. +func (mg *AccessEntry) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this Addon. func (mg *Addon) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/eks/v1beta1/zz_generated.managedlist.go b/apis/eks/v1beta1/zz_generated.managedlist.go index ca1aac5a06..00724a96d3 100644 --- a/apis/eks/v1beta1/zz_generated.managedlist.go +++ b/apis/eks/v1beta1/zz_generated.managedlist.go @@ -7,6 +7,24 @@ package v1beta1 import resource "github.com/crossplane/crossplane-runtime/pkg/resource" +// GetItems of this AccessEntryList. +func (l *AccessEntryList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this AccessPolicyAssociationList. +func (l *AccessPolicyAssociationList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this AddonList. func (l *AddonList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/eks/v1beta1/zz_generated.resolvers.go b/apis/eks/v1beta1/zz_generated.resolvers.go index 913afc5ee2..e899d95709 100644 --- a/apis/eks/v1beta1/zz_generated.resolvers.go +++ b/apis/eks/v1beta1/zz_generated.resolvers.go @@ -14,12 +14,111 @@ import ( xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" common "github.com/upbound/provider-aws/config/common" - client "sigs.k8s.io/controller-runtime/pkg/client" - - // ResolveReferences of this Addon. apisresolver "github.com/upbound/provider-aws/internal/apis" + client "sigs.k8s.io/controller-runtime/pkg/client" ) +func (mg *AccessEntry) ResolveReferences( // ResolveReferences of this AccessEntry. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("eks.aws.upbound.io", "v1beta2", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClusterName), + Extract: common.TerraformID(), + Reference: mg.Spec.ForProvider.ClusterNameRef, + Selector: mg.Spec.ForProvider.ClusterNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ClusterName") + } + mg.Spec.ForProvider.ClusterName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ClusterNameRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("iam.aws.upbound.io", "v1beta1", "Role", "RoleList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalArn), + Extract: common.ARNExtractor(), + Reference: mg.Spec.ForProvider.PrincipalArnFromRoleRef, + Selector: mg.Spec.ForProvider.PrincipalArnFromRoleSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalArn") + } + mg.Spec.ForProvider.PrincipalArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrincipalArnFromRoleRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("eks.aws.upbound.io", "v1beta2", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClusterName), + Extract: common.TerraformID(), + Reference: mg.Spec.ForProvider.ClusterNameRef, + Selector: mg.Spec.ForProvider.ClusterNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ClusterName") + } + mg.Spec.ForProvider.ClusterName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ClusterNameRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("eks.aws.upbound.io", "v1beta1", "AccessEntry", "AccessEntryList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalArn), + Extract: resource.ExtractParamPath("principal_arn", true), + Reference: mg.Spec.ForProvider.PrincipalArnRef, + Selector: mg.Spec.ForProvider.PrincipalArnSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalArn") + } + mg.Spec.ForProvider.PrincipalArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrincipalArnRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this Addon. func (mg *Addon) ResolveReferences(ctx context.Context, c client.Reader) error { var m xpresource.Managed var l xpresource.ManagedList diff --git a/config/eks/config.go b/config/eks/config.go index 4d3a58a6f9..8ceadb8810 100644 --- a/config/eks/config.go +++ b/config/eks/config.go @@ -100,4 +100,38 @@ func Configure(p *config.Provider) { } r.UseAsync = true }) + p.AddResourceConfigurator("aws_eks_access_policy_association", func(r *config.Resource) { + r.References = config.References{ + "cluster_name": { + TerraformName: "aws_eks_cluster", + // Use the terraform id instead of the external name because the external name is set before the cluster + // has been created. + Extractor: common.PathTerraformIDExtractor, + }, + // Principal Arn can refer to either the ARN of an IAM user or an IAM role, with a strong best-practice + // recommendation to always use roles. However, the eks Access Policy resource won't do anything unless + // the principal arn matches a principal with an eks Access Entry defined on the same cluster. By retrieving + // the principal arn from the Access Entry, we provide an easy means of ordered creation. + "principal_arn": { + TerraformName: "aws_eks_access_entry", + Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("principal_arn",true)`, + }, + } + }) + p.AddResourceConfigurator("aws_eks_access_entry", func(r *config.Resource) { + r.References = config.References{ + "cluster_name": { + TerraformName: "aws_eks_cluster", + // Use the terraform id instead of the external name because the external name is set before the cluster + // has been created. + Extractor: common.PathTerraformIDExtractor, + }, + "principal_arn": { + TerraformName: "aws_iam_role", + Extractor: common.PathARNExtractor, + RefFieldName: "PrincipalArnFromRoleRef", + SelectorFieldName: "PrincipalArnFromRoleSelector", + }, + } + }) } diff --git a/config/externalname.go b/config/externalname.go index 1bc4e95326..d5b50bbdc6 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -1117,10 +1117,14 @@ var TerraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // eks // - // my_cluster:my_eks_addon + // import EKS access entry using the cluster_name and principal_arn separated by a colon (:). + "aws_eks_access_entry": TemplatedStringAsIdentifierWithNoName("{{ .parameters.cluster_name }}:{{ .parameters.principal_arn }}"), + // import EKS access entry using the cluster_name principal_arn and policy_arn separated by a (#) which the tf provider docs incorrectly describe as a colon. + "aws_eks_access_policy_association": TemplatedStringAsIdentifierWithNoName("{{ .parameters.cluster_name }}#{{ .parameters.principal_arn }}#{{ .parameters.policy_arn }}"), // "aws_eks_addon": config.TemplatedStringAsIdentifier("addon_name", "{{ .parameters.cluster_name }}:{{ .external_name }}"), + // my_cluster:my_eks_addon "aws_eks_addon": FormattedIdentifierFromProvider(":", "cluster_name", "addon_name"), - // + // import EKS cluster using the name. "aws_eks_cluster": config.NameAsIdentifier, // my_cluster:my_fargate_profile "aws_eks_fargate_profile": FormattedIdentifierUserDefinedNameLast("fargate_profile_name", ":", "cluster_name"), diff --git a/config/generated.lst b/config/generated.lst index 3a9fc24d8c..4aca34901c 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -365,6 +365,8 @@ "aws_egress_only_internet_gateway", "aws_eip", "aws_eip_association", +"aws_eks_access_entry", +"aws_eks_access_policy_association", "aws_eks_addon", "aws_eks_cluster", "aws_eks_fargate_profile", diff --git a/examples-generated/eks/v1beta1/accessentry.yaml b/examples-generated/eks/v1beta1/accessentry.yaml new file mode 100644 index 0000000000..3b432ced3f --- /dev/null +++ b/examples-generated/eks/v1beta1/accessentry.yaml @@ -0,0 +1,21 @@ +apiVersion: eks.aws.upbound.io/v1beta1 +kind: AccessEntry +metadata: + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + clusterNameSelector: + matchLabels: + testing.upbound.io/example-name: example + kubernetesGroups: + - group-1 + - group-2 + principalArnFromRoleSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-west-1 + type: STANDARD diff --git a/examples/eks/v1beta1/accessentry.yaml b/examples/eks/v1beta1/accessentry.yaml new file mode 100644 index 0000000000..85d6aa39ec --- /dev/null +++ b/examples/eks/v1beta1/accessentry.yaml @@ -0,0 +1,237 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: eks.aws.upbound.io/v1beta1 +kind: AccessEntry +metadata: + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry + labels: + testing.upbound.io/example-name: access-entry + name: access-entry +spec: + forProvider: + clusterNameSelector: + matchLabels: + testing.upbound.io/example-name: access-entry + kubernetesGroups: + - group-1 + - group-2 + principalArnFromRoleRef: + name: custom-role + region: us-east-2 + type: STANDARD +--- +apiVersion: eks.aws.upbound.io/v1beta1 +kind: AccessPolicyAssociation +metadata: + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry + labels: + testing.upbound.io/example-name: access-entry + name: access-entry +spec: + forProvider: + region: us-east-2 + clusterNameSelector: + matchLabels: + testing.upbound.io/example-name: access-entry + principalArnSelector: + matchLabels: + testing.upbound.io/example-name: access-entry + policyArn: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + accessScope: + type: cluster +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Role +metadata: + name: custom-role + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::${data.aws_account_id}:root" + }, + "Action": "sts:AssumeRole" + } + ] + } +--- +apiVersion: eks.aws.upbound.io/v1beta1 +kind: Cluster +metadata: + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry + uptest.upbound.io/timeout: "2400" + name: access-entry + labels: + testing.upbound.io/example-name: access-entry +spec: + forProvider: + accessConfig: + - authenticationMode: "API_AND_CONFIG_MAP" + bootstrapClusterCreatorAdminPermissions: true + region: us-east-2 + roleArnRef: + name: access-entry-eks-cluster + vpcConfig: + - subnetIdRefs: + - name: sample-subnet1 + - name: sample-subnet2 +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Role +metadata: + name: access-entry-eks-cluster + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: RolePolicyAttachment +metadata: + name: access-entry-cluster-policy + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy + roleRef: + name: access-entry-eks-cluster +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Subnet +metadata: + name: sample-subnet1 + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + region: us-east-2 + mapPublicIpOnLaunch: true + availabilityZone: us-east-2b + vpcIdRef: + name: sample-vpc + cidrBlock: 172.16.10.0/24 +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Subnet +metadata: + name: sample-subnet2 + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + region: us-east-2 + mapPublicIpOnLaunch: true + availabilityZone: us-east-2a + vpcIdRef: + name: sample-vpc + cidrBlock: 172.16.11.0/24 +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Subnet +metadata: + name: private-subnet + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + region: us-east-2 + availabilityZone: us-east-2b + vpcIdRef: + name: sample-vpc + cidrBlock: 172.16.12.0/24 +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: RouteTable +metadata: + name: example + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + region: us-east-2 + tags: + Name: example + vpcIdRef: + name: sample-vpc +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: RouteTableAssociation +metadata: + name: example + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + region: us-east-2 + routeTableIdRef: + name: example + subnetIdRef: + name: private-subnet +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: VPC +metadata: + name: sample-vpc + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + enableDnsHostnames: true + region: us-east-2 + cidrBlock: 172.16.0.0/16 + tags: + Name: DemoVpc +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: InternetGateway +metadata: + name: example + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + region: us-east-2 + vpcIdRef: + name: sample-vpc +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: DefaultRouteTable +metadata: + name: example + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry +spec: + forProvider: + defaultRouteTableIdRef: + name: sample-vpc + region: us-east-2 + route: + - gatewayIdRef: + name: example + cidrBlock: 0.0.0.0/0 diff --git a/internal/controller/eks/accessentry/zz_controller.go b/internal/controller/eks/accessentry/zz_controller.go new file mode 100755 index 0000000000..570b7c6c8f --- /dev/null +++ b/internal/controller/eks/accessentry/zz_controller.go @@ -0,0 +1,94 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package accessentry + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/eks/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles AccessEntry managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.AccessEntry_GroupVersionKind.String()) + var initializers managed.InitializerChain + for _, i := range o.Provider.Resources["aws_eks_access_entry"].InitializerFns { + initializers = append(initializers, i(mgr.GetClient())) + } + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.AccessEntry_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.AccessEntry_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_eks_access_entry"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.AccessEntry_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.AccessEntry + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.AccessEntry{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.AccessEntry") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.AccessEntryList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.AccessEntryList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.AccessEntry_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.AccessEntry{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/eks/accesspolicyassociation/zz_controller.go b/internal/controller/eks/accesspolicyassociation/zz_controller.go new file mode 100755 index 0000000000..fb8232a9ef --- /dev/null +++ b/internal/controller/eks/accesspolicyassociation/zz_controller.go @@ -0,0 +1,91 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package accesspolicyassociation + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/eks/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles AccessPolicyAssociation managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.AccessPolicyAssociation_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.AccessPolicyAssociation_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.AccessPolicyAssociation_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_eks_access_policy_association"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.AccessPolicyAssociation_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.AccessPolicyAssociation + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.AccessPolicyAssociation{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.AccessPolicyAssociation") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.AccessPolicyAssociationList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.AccessPolicyAssociationList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.AccessPolicyAssociation_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.AccessPolicyAssociation{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_eks_setup.go b/internal/controller/zz_eks_setup.go index 0c1e9dc00a..b6ccc7b06c 100755 --- a/internal/controller/zz_eks_setup.go +++ b/internal/controller/zz_eks_setup.go @@ -9,6 +9,8 @@ import ( "github.com/crossplane/upjet/pkg/controller" + accessentry "github.com/upbound/provider-aws/internal/controller/eks/accessentry" + accesspolicyassociation "github.com/upbound/provider-aws/internal/controller/eks/accesspolicyassociation" addon "github.com/upbound/provider-aws/internal/controller/eks/addon" cluster "github.com/upbound/provider-aws/internal/controller/eks/cluster" clusterauth "github.com/upbound/provider-aws/internal/controller/eks/clusterauth" @@ -22,6 +24,8 @@ import ( // the supplied manager. func Setup_eks(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accessentry.Setup, + accesspolicyassociation.Setup, addon.Setup, cluster.Setup, clusterauth.Setup, diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 3dca247ac1..e1d99ba324 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -414,6 +414,8 @@ import ( filesystempolicy "github.com/upbound/provider-aws/internal/controller/efs/filesystempolicy" mounttarget "github.com/upbound/provider-aws/internal/controller/efs/mounttarget" replicationconfigurationefs "github.com/upbound/provider-aws/internal/controller/efs/replicationconfiguration" + accessentry "github.com/upbound/provider-aws/internal/controller/eks/accessentry" + accesspolicyassociation "github.com/upbound/provider-aws/internal/controller/eks/accesspolicyassociation" addon "github.com/upbound/provider-aws/internal/controller/eks/addon" clustereks "github.com/upbound/provider-aws/internal/controller/eks/cluster" clusterauth "github.com/upbound/provider-aws/internal/controller/eks/clusterauth" @@ -1369,6 +1371,8 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { filesystempolicy.Setup, mounttarget.Setup, replicationconfigurationefs.Setup, + accessentry.Setup, + accesspolicyassociation.Setup, addon.Setup, clustereks.Setup, clusterauth.Setup, diff --git a/package/crds/eks.aws.upbound.io_accessentries.yaml b/package/crds/eks.aws.upbound.io_accessentries.yaml new file mode 100644 index 0000000000..ad2565cc5e --- /dev/null +++ b/package/crds/eks.aws.upbound.io_accessentries.yaml @@ -0,0 +1,581 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: accessentries.eks.aws.upbound.io +spec: + group: eks.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: AccessEntry + listKind: AccessEntryList + plural: accessentries + singular: accessentry + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AccessEntry is the Schema for the AccessEntrys API. Access Entry + Configurations for an EKS Cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessEntrySpec defines the desired state of AccessEntry + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + clusterName: + description: – Name of the EKS Cluster. + type: string + clusterNameRef: + description: Reference to a Cluster in eks to populate clusterName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterNameSelector: + description: Selector for a Cluster in eks to populate clusterName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + kubernetesGroups: + description: – List of string which can optionally specify the + Kubernetes groups the user would belong to when creating an + access entry. + items: + type: string + type: array + x-kubernetes-list-type: set + principalArn: + description: – The IAM Principal ARN which requires Authentication + access to the EKS cluster. + type: string + principalArnFromRoleRef: + description: Reference to a Role in iam to populate principalArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalArnFromRoleSelector: + description: Selector for a Role in iam to populate principalArn. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + tags: + additionalProperties: + type: string + description: Key-value map of resource tags. + type: object + x-kubernetes-map-type: granular + type: + description: Defaults to STANDARD which provides the standard + workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow + users to input a username or groups, and prevent associations. + type: string + userName: + description: Defaults to principal ARN if user is principal else + defaults to assume-role/session-name is role is used. + type: string + required: + - region + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + kubernetesGroups: + description: – List of string which can optionally specify the + Kubernetes groups the user would belong to when creating an + access entry. + items: + type: string + type: array + x-kubernetes-list-type: set + tags: + additionalProperties: + type: string + description: Key-value map of resource tags. + type: object + x-kubernetes-map-type: granular + type: + description: Defaults to STANDARD which provides the standard + workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow + users to input a username or groups, and prevent associations. + type: string + userName: + description: Defaults to principal ARN if user is principal else + defaults to assume-role/session-name is role is used. + type: string + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: AccessEntryStatus defines the observed state of AccessEntry. + properties: + atProvider: + properties: + accessEntryArn: + description: Amazon Resource Name (ARN) of the Access Entry. + type: string + clusterName: + description: – Name of the EKS Cluster. + type: string + createdAt: + description: Date and time in RFC3339 format that the EKS add-on + was created. + type: string + id: + type: string + kubernetesGroups: + description: – List of string which can optionally specify the + Kubernetes groups the user would belong to when creating an + access entry. + items: + type: string + type: array + x-kubernetes-list-type: set + modifiedAt: + description: Date and time in RFC3339 format that the EKS add-on + was updated. + type: string + principalArn: + description: – The IAM Principal ARN which requires Authentication + access to the EKS cluster. + type: string + tags: + additionalProperties: + type: string + description: Key-value map of resource tags. + type: object + x-kubernetes-map-type: granular + tagsAll: + additionalProperties: + type: string + description: Key-value map of resource tags, including those inherited + from the provider default_tags configuration block. + type: object + x-kubernetes-map-type: granular + type: + description: Defaults to STANDARD which provides the standard + workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow + users to input a username or groups, and prevent associations. + type: string + userName: + description: Defaults to principal ARN if user is principal else + defaults to assume-role/session-name is role is used. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml b/package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml new file mode 100644 index 0000000000..e424a3871b --- /dev/null +++ b/package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml @@ -0,0 +1,534 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: accesspolicyassociations.eks.aws.upbound.io +spec: + group: eks.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: AccessPolicyAssociation + listKind: AccessPolicyAssociationList + plural: accesspolicyassociations + singular: accesspolicyassociation + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AccessPolicyAssociation is the Schema for the AccessPolicyAssociations + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessPolicyAssociationSpec defines the desired state of + AccessPolicyAssociation + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + accessScope: + properties: + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + type: + type: string + type: object + clusterName: + type: string + clusterNameRef: + description: Reference to a Cluster in eks to populate clusterName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterNameSelector: + description: Selector for a Cluster in eks to populate clusterName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + policyArn: + type: string + principalArn: + type: string + principalArnRef: + description: Reference to a AccessEntry in eks to populate principalArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalArnSelector: + description: Selector for a AccessEntry in eks to populate principalArn. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - policyArn + - region + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + accessScope: + properties: + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + type: + type: string + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.accessScope is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.accessScope) + || (has(self.initProvider) && has(self.initProvider.accessScope))' + status: + description: AccessPolicyAssociationStatus defines the observed state + of AccessPolicyAssociation. + properties: + atProvider: + properties: + accessScope: + properties: + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + type: + type: string + type: object + associatedAt: + type: string + clusterName: + type: string + id: + type: string + modifiedAt: + type: string + policyArn: + type: string + principalArn: + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}