From 8fc48f71bc6d688516045af21212de698c582cdf Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Thu, 30 May 2024 14:08:12 -0700 Subject: [PATCH] codegen Signed-off-by: Matt Bush --- .../eks/v1beta1/zz_accessentry_terraformed.go | 129 ++++ apis/eks/v1beta1/zz_accessentry_types.go | 185 +++++ .../zz_accesspolicyassociation_terraformed.go | 129 ++++ .../zz_accesspolicyassociation_types.go | 161 +++++ .../v1beta1/zz_generated.conversion_hubs.go | 6 + apis/eks/v1beta1/zz_generated.deepcopy.go | 654 ++++++++++++++++++ apis/eks/v1beta1/zz_generated.managed.go | 120 ++++ apis/eks/v1beta1/zz_generated.managedlist.go | 18 + apis/eks/v1beta1/zz_generated.resolvers.go | 105 ++- config/generated.lst | 2 +- .../eks/v1beta1/accessentry.yaml | 21 + .../eks/accessentry/zz_controller.go | 95 +++ .../accesspolicyassociation/zz_controller.go | 92 +++ internal/controller/zz_eks_setup.go | 4 + internal/controller/zz_monolith_setup.go | 4 + .../eks.aws.upbound.io_accessentries.yaml | 581 ++++++++++++++++ ...s.upbound.io_accesspolicyassociations.yaml | 540 +++++++++++++++ 17 files changed, 2842 insertions(+), 4 deletions(-) create mode 100755 apis/eks/v1beta1/zz_accessentry_terraformed.go create mode 100755 apis/eks/v1beta1/zz_accessentry_types.go create mode 100755 apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go create mode 100755 apis/eks/v1beta1/zz_accesspolicyassociation_types.go create mode 100644 examples-generated/eks/v1beta1/accessentry.yaml create mode 100755 internal/controller/eks/accessentry/zz_controller.go create mode 100755 internal/controller/eks/accesspolicyassociation/zz_controller.go create mode 100644 package/crds/eks.aws.upbound.io_accessentries.yaml create mode 100644 package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml diff --git a/apis/eks/v1beta1/zz_accessentry_terraformed.go b/apis/eks/v1beta1/zz_accessentry_terraformed.go new file mode 100755 index 0000000000..67fe066c63 --- /dev/null +++ b/apis/eks/v1beta1/zz_accessentry_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this AccessEntry +func (mg *AccessEntry) GetTerraformResourceType() string { + return "aws_eks_access_entry" +} + +// GetConnectionDetailsMapping for this AccessEntry +func (tr *AccessEntry) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this AccessEntry +func (tr *AccessEntry) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this AccessEntry +func (tr *AccessEntry) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this AccessEntry +func (tr *AccessEntry) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this AccessEntry +func (tr *AccessEntry) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this AccessEntry +func (tr *AccessEntry) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this AccessEntry +func (tr *AccessEntry) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this AccessEntry +func (tr *AccessEntry) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this AccessEntry using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *AccessEntry) LateInitialize(attrs []byte) (bool, error) { + params := &AccessEntryParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *AccessEntry) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/eks/v1beta1/zz_accessentry_types.go b/apis/eks/v1beta1/zz_accessentry_types.go new file mode 100755 index 0000000000..1d3cd2e3ff --- /dev/null +++ b/apis/eks/v1beta1/zz_accessentry_types.go @@ -0,0 +1,185 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AccessEntryInitParameters struct { + + // – List of string which can optionally specify the Kubernetes groups the user would belong to when creating an access entry. + // +listType=set + KubernetesGroups []*string `json:"kubernetesGroups,omitempty" tf:"kubernetes_groups,omitempty"` + + // Key-value map of resource tags. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or groups, and prevent associations. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Defaults to principal ARN if user is principal else defaults to assume-role/session-name is role is used. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` +} + +type AccessEntryObservation struct { + + // Amazon Resource Name (ARN) of the Access Entry. + AccessEntryArn *string `json:"accessEntryArn,omitempty" tf:"access_entry_arn,omitempty"` + + // – Name of the EKS Cluster. + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + // Date and time in RFC3339 format that the EKS add-on was created. + CreatedAt *string `json:"createdAt,omitempty" tf:"created_at,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // – List of string which can optionally specify the Kubernetes groups the user would belong to when creating an access entry. + // +listType=set + KubernetesGroups []*string `json:"kubernetesGroups,omitempty" tf:"kubernetes_groups,omitempty"` + + // Date and time in RFC3339 format that the EKS add-on was updated. + ModifiedAt *string `json:"modifiedAt,omitempty" tf:"modified_at,omitempty"` + + // – The IAM Principal ARN which requires Authentication access to the EKS cluster. + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` + + // Key-value map of resource tags. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Key-value map of resource tags, including those inherited from the provider default_tags configuration block. + // +mapType=granular + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` + + // Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or groups, and prevent associations. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Defaults to principal ARN if user is principal else defaults to assume-role/session-name is role is used. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` +} + +type AccessEntryParameters struct { + + // – Name of the EKS Cluster. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/eks/v1beta1.Cluster + // +kubebuilder:validation:Optional + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + // Reference to a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameRef *v1.Reference `json:"clusterNameRef,omitempty" tf:"-"` + + // Selector for a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameSelector *v1.Selector `json:"clusterNameSelector,omitempty" tf:"-"` + + // – List of string which can optionally specify the Kubernetes groups the user would belong to when creating an access entry. + // +kubebuilder:validation:Optional + // +listType=set + KubernetesGroups []*string `json:"kubernetesGroups,omitempty" tf:"kubernetes_groups,omitempty"` + + // – The IAM Principal ARN which requires Authentication access to the EKS cluster. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Role + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.ARNExtractor() + // +crossplane:generate:reference:refFieldName=PrincipalArnFromRoleRef + // +crossplane:generate:reference:selectorFieldName=PrincipalArnFromRoleSelector + // +kubebuilder:validation:Optional + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` + + // Reference to a Role in iam to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnFromRoleRef *v1.Reference `json:"principalArnFromRoleRef,omitempty" tf:"-"` + + // Selector for a Role in iam to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnFromRoleSelector *v1.Selector `json:"principalArnFromRoleSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` + + // Key-value map of resource tags. + // +kubebuilder:validation:Optional + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + + // Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or groups, and prevent associations. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Defaults to principal ARN if user is principal else defaults to assume-role/session-name is role is used. + // +kubebuilder:validation:Optional + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` +} + +// AccessEntrySpec defines the desired state of AccessEntry +type AccessEntrySpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider AccessEntryParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider AccessEntryInitParameters `json:"initProvider,omitempty"` +} + +// AccessEntryStatus defines the observed state of AccessEntry. +type AccessEntryStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider AccessEntryObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// AccessEntry is the Schema for the AccessEntrys API. Access Entry Configurations for an EKS Cluster. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type AccessEntry struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec AccessEntrySpec `json:"spec"` + Status AccessEntryStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AccessEntryList contains a list of AccessEntrys +type AccessEntryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AccessEntry `json:"items"` +} + +// Repository type metadata. +var ( + AccessEntry_Kind = "AccessEntry" + AccessEntry_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: AccessEntry_Kind}.String() + AccessEntry_KindAPIVersion = AccessEntry_Kind + "." + CRDGroupVersion.String() + AccessEntry_GroupVersionKind = CRDGroupVersion.WithKind(AccessEntry_Kind) +) + +func init() { + SchemeBuilder.Register(&AccessEntry{}, &AccessEntryList{}) +} diff --git a/apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go b/apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go new file mode 100755 index 0000000000..dd9ccb5f16 --- /dev/null +++ b/apis/eks/v1beta1/zz_accesspolicyassociation_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this AccessPolicyAssociation +func (mg *AccessPolicyAssociation) GetTerraformResourceType() string { + return "aws_eks_access_policy_association" +} + +// GetConnectionDetailsMapping for this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this AccessPolicyAssociation +func (tr *AccessPolicyAssociation) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this AccessPolicyAssociation using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *AccessPolicyAssociation) LateInitialize(attrs []byte) (bool, error) { + params := &AccessPolicyAssociationParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *AccessPolicyAssociation) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/eks/v1beta1/zz_accesspolicyassociation_types.go b/apis/eks/v1beta1/zz_accesspolicyassociation_types.go new file mode 100755 index 0000000000..6c92d391cb --- /dev/null +++ b/apis/eks/v1beta1/zz_accesspolicyassociation_types.go @@ -0,0 +1,161 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AccessPolicyAssociationInitParameters struct { + AccessScope []AccessScopeInitParameters `json:"accessScope,omitempty" tf:"access_scope,omitempty"` +} + +type AccessPolicyAssociationObservation struct { + AccessScope []AccessScopeObservation `json:"accessScope,omitempty" tf:"access_scope,omitempty"` + + AssociatedAt *string `json:"associatedAt,omitempty" tf:"associated_at,omitempty"` + + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + ModifiedAt *string `json:"modifiedAt,omitempty" tf:"modified_at,omitempty"` + + PolicyArn *string `json:"policyArn,omitempty" tf:"policy_arn,omitempty"` + + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` +} + +type AccessPolicyAssociationParameters struct { + + // +kubebuilder:validation:Optional + AccessScope []AccessScopeParameters `json:"accessScope,omitempty" tf:"access_scope,omitempty"` + + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/eks/v1beta1.Cluster + // +kubebuilder:validation:Optional + ClusterName *string `json:"clusterName,omitempty" tf:"cluster_name,omitempty"` + + // Reference to a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameRef *v1.Reference `json:"clusterNameRef,omitempty" tf:"-"` + + // Selector for a Cluster in eks to populate clusterName. + // +kubebuilder:validation:Optional + ClusterNameSelector *v1.Selector `json:"clusterNameSelector,omitempty" tf:"-"` + + // +kubebuilder:validation:Required + PolicyArn *string `json:"policyArn" tf:"policy_arn,omitempty"` + + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/eks/v1beta1.AccessEntry + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("principal_arn",false) + // +kubebuilder:validation:Optional + PrincipalArn *string `json:"principalArn,omitempty" tf:"principal_arn,omitempty"` + + // Reference to a AccessEntry in eks to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnRef *v1.Reference `json:"principalArnRef,omitempty" tf:"-"` + + // Selector for a AccessEntry in eks to populate principalArn. + // +kubebuilder:validation:Optional + PrincipalArnSelector *v1.Selector `json:"principalArnSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type AccessScopeInitParameters struct { + + // +listType=set + Namespaces []*string `json:"namespaces,omitempty" tf:"namespaces,omitempty"` + + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AccessScopeObservation struct { + + // +listType=set + Namespaces []*string `json:"namespaces,omitempty" tf:"namespaces,omitempty"` + + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AccessScopeParameters struct { + + // +kubebuilder:validation:Optional + // +listType=set + Namespaces []*string `json:"namespaces,omitempty" tf:"namespaces,omitempty"` + + // +kubebuilder:validation:Optional + Type *string `json:"type" tf:"type,omitempty"` +} + +// AccessPolicyAssociationSpec defines the desired state of AccessPolicyAssociation +type AccessPolicyAssociationSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider AccessPolicyAssociationParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider AccessPolicyAssociationInitParameters `json:"initProvider,omitempty"` +} + +// AccessPolicyAssociationStatus defines the observed state of AccessPolicyAssociation. +type AccessPolicyAssociationStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider AccessPolicyAssociationObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// AccessPolicyAssociation is the Schema for the AccessPolicyAssociations API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type AccessPolicyAssociation struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.accessScope) || (has(self.initProvider) && has(self.initProvider.accessScope))",message="spec.forProvider.accessScope is a required parameter" + Spec AccessPolicyAssociationSpec `json:"spec"` + Status AccessPolicyAssociationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AccessPolicyAssociationList contains a list of AccessPolicyAssociations +type AccessPolicyAssociationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AccessPolicyAssociation `json:"items"` +} + +// Repository type metadata. +var ( + AccessPolicyAssociation_Kind = "AccessPolicyAssociation" + AccessPolicyAssociation_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: AccessPolicyAssociation_Kind}.String() + AccessPolicyAssociation_KindAPIVersion = AccessPolicyAssociation_Kind + "." + CRDGroupVersion.String() + AccessPolicyAssociation_GroupVersionKind = CRDGroupVersion.WithKind(AccessPolicyAssociation_Kind) +) + +func init() { + SchemeBuilder.Register(&AccessPolicyAssociation{}, &AccessPolicyAssociationList{}) +} diff --git a/apis/eks/v1beta1/zz_generated.conversion_hubs.go b/apis/eks/v1beta1/zz_generated.conversion_hubs.go index 579ddaf389..acd28e98c5 100755 --- a/apis/eks/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/eks/v1beta1/zz_generated.conversion_hubs.go @@ -6,6 +6,12 @@ package v1beta1 +// Hub marks this type as a conversion hub. +func (tr *AccessEntry) Hub() {} + +// Hub marks this type as a conversion hub. +func (tr *AccessPolicyAssociation) Hub() {} + // Hub marks this type as a conversion hub. func (tr *Addon) Hub() {} diff --git a/apis/eks/v1beta1/zz_generated.deepcopy.go b/apis/eks/v1beta1/zz_generated.deepcopy.go index 9421905b66..d44d698206 100644 --- a/apis/eks/v1beta1/zz_generated.deepcopy.go +++ b/apis/eks/v1beta1/zz_generated.deepcopy.go @@ -89,6 +89,660 @@ func (in *AccessConfigParameters) DeepCopy() *AccessConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntry) DeepCopyInto(out *AccessEntry) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntry. +func (in *AccessEntry) DeepCopy() *AccessEntry { + if in == nil { + return nil + } + out := new(AccessEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessEntry) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryInitParameters) DeepCopyInto(out *AccessEntryInitParameters) { + *out = *in + if in.KubernetesGroups != nil { + in, out := &in.KubernetesGroups, &out.KubernetesGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryInitParameters. +func (in *AccessEntryInitParameters) DeepCopy() *AccessEntryInitParameters { + if in == nil { + return nil + } + out := new(AccessEntryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryList) DeepCopyInto(out *AccessEntryList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AccessEntry, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryList. +func (in *AccessEntryList) DeepCopy() *AccessEntryList { + if in == nil { + return nil + } + out := new(AccessEntryList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessEntryList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryObservation) DeepCopyInto(out *AccessEntryObservation) { + *out = *in + if in.AccessEntryArn != nil { + in, out := &in.AccessEntryArn, &out.AccessEntryArn + *out = new(string) + **out = **in + } + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.CreatedAt != nil { + in, out := &in.CreatedAt, &out.CreatedAt + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.KubernetesGroups != nil { + in, out := &in.KubernetesGroups, &out.KubernetesGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ModifiedAt != nil { + in, out := &in.ModifiedAt, &out.ModifiedAt + *out = new(string) + **out = **in + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.TagsAll != nil { + in, out := &in.TagsAll, &out.TagsAll + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryObservation. +func (in *AccessEntryObservation) DeepCopy() *AccessEntryObservation { + if in == nil { + return nil + } + out := new(AccessEntryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryParameters) DeepCopyInto(out *AccessEntryParameters) { + *out = *in + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.ClusterNameRef != nil { + in, out := &in.ClusterNameRef, &out.ClusterNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterNameSelector != nil { + in, out := &in.ClusterNameSelector, &out.ClusterNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.KubernetesGroups != nil { + in, out := &in.KubernetesGroups, &out.KubernetesGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } + if in.PrincipalArnFromRoleRef != nil { + in, out := &in.PrincipalArnFromRoleRef, &out.PrincipalArnFromRoleRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalArnFromRoleSelector != nil { + in, out := &in.PrincipalArnFromRoleSelector, &out.PrincipalArnFromRoleSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryParameters. +func (in *AccessEntryParameters) DeepCopy() *AccessEntryParameters { + if in == nil { + return nil + } + out := new(AccessEntryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntrySpec) DeepCopyInto(out *AccessEntrySpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntrySpec. +func (in *AccessEntrySpec) DeepCopy() *AccessEntrySpec { + if in == nil { + return nil + } + out := new(AccessEntrySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessEntryStatus) DeepCopyInto(out *AccessEntryStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessEntryStatus. +func (in *AccessEntryStatus) DeepCopy() *AccessEntryStatus { + if in == nil { + return nil + } + out := new(AccessEntryStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociation) DeepCopyInto(out *AccessPolicyAssociation) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociation. +func (in *AccessPolicyAssociation) DeepCopy() *AccessPolicyAssociation { + if in == nil { + return nil + } + out := new(AccessPolicyAssociation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessPolicyAssociation) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationInitParameters) DeepCopyInto(out *AccessPolicyAssociationInitParameters) { + *out = *in + if in.AccessScope != nil { + in, out := &in.AccessScope, &out.AccessScope + *out = make([]AccessScopeInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationInitParameters. +func (in *AccessPolicyAssociationInitParameters) DeepCopy() *AccessPolicyAssociationInitParameters { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationList) DeepCopyInto(out *AccessPolicyAssociationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AccessPolicyAssociation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationList. +func (in *AccessPolicyAssociationList) DeepCopy() *AccessPolicyAssociationList { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AccessPolicyAssociationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationObservation) DeepCopyInto(out *AccessPolicyAssociationObservation) { + *out = *in + if in.AccessScope != nil { + in, out := &in.AccessScope, &out.AccessScope + *out = make([]AccessScopeObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AssociatedAt != nil { + in, out := &in.AssociatedAt, &out.AssociatedAt + *out = new(string) + **out = **in + } + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.ModifiedAt != nil { + in, out := &in.ModifiedAt, &out.ModifiedAt + *out = new(string) + **out = **in + } + if in.PolicyArn != nil { + in, out := &in.PolicyArn, &out.PolicyArn + *out = new(string) + **out = **in + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationObservation. +func (in *AccessPolicyAssociationObservation) DeepCopy() *AccessPolicyAssociationObservation { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationParameters) DeepCopyInto(out *AccessPolicyAssociationParameters) { + *out = *in + if in.AccessScope != nil { + in, out := &in.AccessScope, &out.AccessScope + *out = make([]AccessScopeParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ClusterName != nil { + in, out := &in.ClusterName, &out.ClusterName + *out = new(string) + **out = **in + } + if in.ClusterNameRef != nil { + in, out := &in.ClusterNameRef, &out.ClusterNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterNameSelector != nil { + in, out := &in.ClusterNameSelector, &out.ClusterNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PolicyArn != nil { + in, out := &in.PolicyArn, &out.PolicyArn + *out = new(string) + **out = **in + } + if in.PrincipalArn != nil { + in, out := &in.PrincipalArn, &out.PrincipalArn + *out = new(string) + **out = **in + } + if in.PrincipalArnRef != nil { + in, out := &in.PrincipalArnRef, &out.PrincipalArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalArnSelector != nil { + in, out := &in.PrincipalArnSelector, &out.PrincipalArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationParameters. +func (in *AccessPolicyAssociationParameters) DeepCopy() *AccessPolicyAssociationParameters { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationSpec) DeepCopyInto(out *AccessPolicyAssociationSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationSpec. +func (in *AccessPolicyAssociationSpec) DeepCopy() *AccessPolicyAssociationSpec { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessPolicyAssociationStatus) DeepCopyInto(out *AccessPolicyAssociationStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessPolicyAssociationStatus. +func (in *AccessPolicyAssociationStatus) DeepCopy() *AccessPolicyAssociationStatus { + if in == nil { + return nil + } + out := new(AccessPolicyAssociationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessScopeInitParameters) DeepCopyInto(out *AccessScopeInitParameters) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessScopeInitParameters. +func (in *AccessScopeInitParameters) DeepCopy() *AccessScopeInitParameters { + if in == nil { + return nil + } + out := new(AccessScopeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessScopeObservation) DeepCopyInto(out *AccessScopeObservation) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessScopeObservation. +func (in *AccessScopeObservation) DeepCopy() *AccessScopeObservation { + if in == nil { + return nil + } + out := new(AccessScopeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessScopeParameters) DeepCopyInto(out *AccessScopeParameters) { + *out = *in + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessScopeParameters. +func (in *AccessScopeParameters) DeepCopy() *AccessScopeParameters { + if in == nil { + return nil + } + out := new(AccessScopeParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Addon) DeepCopyInto(out *Addon) { *out = *in diff --git a/apis/eks/v1beta1/zz_generated.managed.go b/apis/eks/v1beta1/zz_generated.managed.go index fb75102cdd..78f2ce2b7f 100644 --- a/apis/eks/v1beta1/zz_generated.managed.go +++ b/apis/eks/v1beta1/zz_generated.managed.go @@ -7,6 +7,126 @@ package v1beta1 import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +// GetCondition of this AccessEntry. +func (mg *AccessEntry) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this AccessEntry. +func (mg *AccessEntry) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this AccessEntry. +func (mg *AccessEntry) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this AccessEntry. +func (mg *AccessEntry) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this AccessEntry. +func (mg *AccessEntry) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this AccessEntry. +func (mg *AccessEntry) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this AccessEntry. +func (mg *AccessEntry) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this AccessEntry. +func (mg *AccessEntry) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this AccessEntry. +func (mg *AccessEntry) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this AccessEntry. +func (mg *AccessEntry) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this AccessEntry. +func (mg *AccessEntry) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this AccessEntry. +func (mg *AccessEntry) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this Addon. func (mg *Addon) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/eks/v1beta1/zz_generated.managedlist.go b/apis/eks/v1beta1/zz_generated.managedlist.go index ca1aac5a06..00724a96d3 100644 --- a/apis/eks/v1beta1/zz_generated.managedlist.go +++ b/apis/eks/v1beta1/zz_generated.managedlist.go @@ -7,6 +7,24 @@ package v1beta1 import resource "github.com/crossplane/crossplane-runtime/pkg/resource" +// GetItems of this AccessEntryList. +func (l *AccessEntryList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this AccessPolicyAssociationList. +func (l *AccessPolicyAssociationList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this AddonList. func (l *AddonList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/eks/v1beta1/zz_generated.resolvers.go b/apis/eks/v1beta1/zz_generated.resolvers.go index 72dc8b70e3..7defe53708 100644 --- a/apis/eks/v1beta1/zz_generated.resolvers.go +++ b/apis/eks/v1beta1/zz_generated.resolvers.go @@ -14,12 +14,111 @@ import ( xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" common "github.com/upbound/provider-aws/config/common" - client "sigs.k8s.io/controller-runtime/pkg/client" - - // ResolveReferences of this Addon. apisresolver "github.com/upbound/provider-aws/internal/apis" + client "sigs.k8s.io/controller-runtime/pkg/client" ) +func (mg *AccessEntry) ResolveReferences( // ResolveReferences of this AccessEntry. + ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("eks.aws.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClusterName), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ClusterNameRef, + Selector: mg.Spec.ForProvider.ClusterNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ClusterName") + } + mg.Spec.ForProvider.ClusterName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ClusterNameRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("iam.aws.upbound.io", "v1beta1", "Role", "RoleList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalArn), + Extract: common.ARNExtractor(), + Reference: mg.Spec.ForProvider.PrincipalArnFromRoleRef, + Selector: mg.Spec.ForProvider.PrincipalArnFromRoleSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalArn") + } + mg.Spec.ForProvider.PrincipalArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrincipalArnFromRoleRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this AccessPolicyAssociation. +func (mg *AccessPolicyAssociation) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("eks.aws.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClusterName), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ClusterNameRef, + Selector: mg.Spec.ForProvider.ClusterNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ClusterName") + } + mg.Spec.ForProvider.ClusterName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ClusterNameRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("eks.aws.upbound.io", "v1beta1", "AccessEntry", "AccessEntryList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalArn), + Extract: resource.ExtractParamPath("principal_arn", false), + Reference: mg.Spec.ForProvider.PrincipalArnRef, + Selector: mg.Spec.ForProvider.PrincipalArnSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalArn") + } + mg.Spec.ForProvider.PrincipalArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrincipalArnRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this Addon. func (mg *Addon) ResolveReferences(ctx context.Context, c client.Reader) error { var m xpresource.Managed var l xpresource.ManagedList diff --git a/config/generated.lst b/config/generated.lst index 1ed47a41a8..5436287ddd 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudformation_stack_set_instance","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_eks_pod_identity_association","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_identitystore_group","aws_identitystore_group_membership","aws_identitystore_user","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_iot_topic_rule_destination","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_certificate","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_memorydb_user","aws_mq_broker","aws_mq_configuration","aws_mq_user","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_mskconnect_connector","aws_mskconnect_custom_plugin","aws_mskconnect_worker_configuration","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opensearchserverless_access_policy","aws_opensearchserverless_collection","aws_opensearchserverless_lifecycle_policy","aws_opensearchserverless_security_config","aws_opensearchserverless_security_policy","aws_opensearchserverless_vpc_endpoint","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_customer_managed_policy_attachment","aws_ssoadmin_instance_access_control_attributes","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_ssoadmin_permissions_boundary_attachment","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file +["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudformation_stack_set_instance","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_access_entry","aws_eks_access_policy_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_eks_pod_identity_association","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_identitystore_group","aws_identitystore_group_membership","aws_identitystore_user","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_iot_topic_rule_destination","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_certificate","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_memorydb_user","aws_mq_broker","aws_mq_configuration","aws_mq_user","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_mskconnect_connector","aws_mskconnect_custom_plugin","aws_mskconnect_worker_configuration","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opensearchserverless_access_policy","aws_opensearchserverless_collection","aws_opensearchserverless_lifecycle_policy","aws_opensearchserverless_security_config","aws_opensearchserverless_security_policy","aws_opensearchserverless_vpc_endpoint","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_customer_managed_policy_attachment","aws_ssoadmin_instance_access_control_attributes","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_ssoadmin_permissions_boundary_attachment","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file diff --git a/examples-generated/eks/v1beta1/accessentry.yaml b/examples-generated/eks/v1beta1/accessentry.yaml new file mode 100644 index 0000000000..3b432ced3f --- /dev/null +++ b/examples-generated/eks/v1beta1/accessentry.yaml @@ -0,0 +1,21 @@ +apiVersion: eks.aws.upbound.io/v1beta1 +kind: AccessEntry +metadata: + annotations: + meta.upbound.io/example-id: eks/v1beta1/accessentry + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + clusterNameSelector: + matchLabels: + testing.upbound.io/example-name: example + kubernetesGroups: + - group-1 + - group-2 + principalArnFromRoleSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-west-1 + type: STANDARD diff --git a/internal/controller/eks/accessentry/zz_controller.go b/internal/controller/eks/accessentry/zz_controller.go new file mode 100755 index 0000000000..f29f1088b3 --- /dev/null +++ b/internal/controller/eks/accessentry/zz_controller.go @@ -0,0 +1,95 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package accessentry + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/eks/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles AccessEntry managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.AccessEntry_GroupVersionKind.String()) + var initializers managed.InitializerChain + for _, i := range o.Provider.Resources["aws_eks_access_entry"].InitializerFns { + initializers = append(initializers, i(mgr.GetClient())) + } + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.AccessEntry_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.AccessEntry_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_eks_access_entry"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.AccessEntry_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.AccessEntry + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.AccessEntry{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.AccessEntry") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.AccessEntryList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.AccessEntryList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.AccessEntry_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.AccessEntry{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/eks/accesspolicyassociation/zz_controller.go b/internal/controller/eks/accesspolicyassociation/zz_controller.go new file mode 100755 index 0000000000..92d43924b6 --- /dev/null +++ b/internal/controller/eks/accesspolicyassociation/zz_controller.go @@ -0,0 +1,92 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package accesspolicyassociation + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/eks/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles AccessPolicyAssociation managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.AccessPolicyAssociation_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.AccessPolicyAssociation_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.AccessPolicyAssociation_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_eks_access_policy_association"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.AccessPolicyAssociation_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.AccessPolicyAssociation + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.AccessPolicyAssociation{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.AccessPolicyAssociation") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.AccessPolicyAssociationList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.AccessPolicyAssociationList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.AccessPolicyAssociation_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.AccessPolicyAssociation{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_eks_setup.go b/internal/controller/zz_eks_setup.go index 0c1e9dc00a..b6ccc7b06c 100755 --- a/internal/controller/zz_eks_setup.go +++ b/internal/controller/zz_eks_setup.go @@ -9,6 +9,8 @@ import ( "github.com/crossplane/upjet/pkg/controller" + accessentry "github.com/upbound/provider-aws/internal/controller/eks/accessentry" + accesspolicyassociation "github.com/upbound/provider-aws/internal/controller/eks/accesspolicyassociation" addon "github.com/upbound/provider-aws/internal/controller/eks/addon" cluster "github.com/upbound/provider-aws/internal/controller/eks/cluster" clusterauth "github.com/upbound/provider-aws/internal/controller/eks/clusterauth" @@ -22,6 +24,8 @@ import ( // the supplied manager. func Setup_eks(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ + accessentry.Setup, + accesspolicyassociation.Setup, addon.Setup, cluster.Setup, clusterauth.Setup, diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 0da524c04c..5392019ac3 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -407,6 +407,8 @@ import ( filesystempolicy "github.com/upbound/provider-aws/internal/controller/efs/filesystempolicy" mounttarget "github.com/upbound/provider-aws/internal/controller/efs/mounttarget" replicationconfigurationefs "github.com/upbound/provider-aws/internal/controller/efs/replicationconfiguration" + accessentry "github.com/upbound/provider-aws/internal/controller/eks/accessentry" + accesspolicyassociation "github.com/upbound/provider-aws/internal/controller/eks/accesspolicyassociation" addon "github.com/upbound/provider-aws/internal/controller/eks/addon" clustereks "github.com/upbound/provider-aws/internal/controller/eks/cluster" clusterauth "github.com/upbound/provider-aws/internal/controller/eks/clusterauth" @@ -1350,6 +1352,8 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { filesystempolicy.Setup, mounttarget.Setup, replicationconfigurationefs.Setup, + accessentry.Setup, + accesspolicyassociation.Setup, addon.Setup, clustereks.Setup, clusterauth.Setup, diff --git a/package/crds/eks.aws.upbound.io_accessentries.yaml b/package/crds/eks.aws.upbound.io_accessentries.yaml new file mode 100644 index 0000000000..ad2565cc5e --- /dev/null +++ b/package/crds/eks.aws.upbound.io_accessentries.yaml @@ -0,0 +1,581 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: accessentries.eks.aws.upbound.io +spec: + group: eks.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: AccessEntry + listKind: AccessEntryList + plural: accessentries + singular: accessentry + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AccessEntry is the Schema for the AccessEntrys API. Access Entry + Configurations for an EKS Cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessEntrySpec defines the desired state of AccessEntry + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + clusterName: + description: – Name of the EKS Cluster. + type: string + clusterNameRef: + description: Reference to a Cluster in eks to populate clusterName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterNameSelector: + description: Selector for a Cluster in eks to populate clusterName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + kubernetesGroups: + description: – List of string which can optionally specify the + Kubernetes groups the user would belong to when creating an + access entry. + items: + type: string + type: array + x-kubernetes-list-type: set + principalArn: + description: – The IAM Principal ARN which requires Authentication + access to the EKS cluster. + type: string + principalArnFromRoleRef: + description: Reference to a Role in iam to populate principalArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalArnFromRoleSelector: + description: Selector for a Role in iam to populate principalArn. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + tags: + additionalProperties: + type: string + description: Key-value map of resource tags. + type: object + x-kubernetes-map-type: granular + type: + description: Defaults to STANDARD which provides the standard + workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow + users to input a username or groups, and prevent associations. + type: string + userName: + description: Defaults to principal ARN if user is principal else + defaults to assume-role/session-name is role is used. + type: string + required: + - region + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + kubernetesGroups: + description: – List of string which can optionally specify the + Kubernetes groups the user would belong to when creating an + access entry. + items: + type: string + type: array + x-kubernetes-list-type: set + tags: + additionalProperties: + type: string + description: Key-value map of resource tags. + type: object + x-kubernetes-map-type: granular + type: + description: Defaults to STANDARD which provides the standard + workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow + users to input a username or groups, and prevent associations. + type: string + userName: + description: Defaults to principal ARN if user is principal else + defaults to assume-role/session-name is role is used. + type: string + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: AccessEntryStatus defines the observed state of AccessEntry. + properties: + atProvider: + properties: + accessEntryArn: + description: Amazon Resource Name (ARN) of the Access Entry. + type: string + clusterName: + description: – Name of the EKS Cluster. + type: string + createdAt: + description: Date and time in RFC3339 format that the EKS add-on + was created. + type: string + id: + type: string + kubernetesGroups: + description: – List of string which can optionally specify the + Kubernetes groups the user would belong to when creating an + access entry. + items: + type: string + type: array + x-kubernetes-list-type: set + modifiedAt: + description: Date and time in RFC3339 format that the EKS add-on + was updated. + type: string + principalArn: + description: – The IAM Principal ARN which requires Authentication + access to the EKS cluster. + type: string + tags: + additionalProperties: + type: string + description: Key-value map of resource tags. + type: object + x-kubernetes-map-type: granular + tagsAll: + additionalProperties: + type: string + description: Key-value map of resource tags, including those inherited + from the provider default_tags configuration block. + type: object + x-kubernetes-map-type: granular + type: + description: Defaults to STANDARD which provides the standard + workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow + users to input a username or groups, and prevent associations. + type: string + userName: + description: Defaults to principal ARN if user is principal else + defaults to assume-role/session-name is role is used. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml b/package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml new file mode 100644 index 0000000000..afa88046dc --- /dev/null +++ b/package/crds/eks.aws.upbound.io_accesspolicyassociations.yaml @@ -0,0 +1,540 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: accesspolicyassociations.eks.aws.upbound.io +spec: + group: eks.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: AccessPolicyAssociation + listKind: AccessPolicyAssociationList + plural: accesspolicyassociations + singular: accesspolicyassociation + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: AccessPolicyAssociation is the Schema for the AccessPolicyAssociations + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessPolicyAssociationSpec defines the desired state of + AccessPolicyAssociation + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + accessScope: + items: + properties: + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + type: + type: string + type: object + type: array + clusterName: + type: string + clusterNameRef: + description: Reference to a Cluster in eks to populate clusterName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterNameSelector: + description: Selector for a Cluster in eks to populate clusterName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + policyArn: + type: string + principalArn: + type: string + principalArnRef: + description: Reference to a AccessEntry in eks to populate principalArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalArnSelector: + description: Selector for a AccessEntry in eks to populate principalArn. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - policyArn + - region + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + accessScope: + items: + properties: + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + type: + type: string + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.accessScope is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.accessScope) + || (has(self.initProvider) && has(self.initProvider.accessScope))' + status: + description: AccessPolicyAssociationStatus defines the observed state + of AccessPolicyAssociation. + properties: + atProvider: + properties: + accessScope: + items: + properties: + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + type: + type: string + type: object + type: array + associatedAt: + type: string + clusterName: + type: string + id: + type: string + modifiedAt: + type: string + policyArn: + type: string + principalArn: + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}