From ebd050a942355e477507f3dc09d95034a062fab5 Mon Sep 17 00:00:00 2001 From: Julien Duchesne Date: Mon, 27 Mar 2023 21:16:58 -0400 Subject: [PATCH 1/2] Support storage HMAC key Issue: https://github.com/upbound/provider-gcp/issues/51 This resource is needed to do S3-style access on GCS buckets As this comment shows: https://github.com/upbound/provider-gcp/issues/197#issuecomment-1413437898, this resource causes an import cycle However, we can resolve that by putting the resource in the `cloudplatform` package. While, this key is specific to storage, it is still just a product of a service account and isn't linked to any storage resources. Signed-off-by: Julien Duchesne --- .../v1beta1/zz_generated.deepcopy.go | 183 ++++++++ .../v1beta1/zz_generated.managed.go | 76 ++++ .../v1beta1/zz_generated.managedlist.go | 9 + .../v1beta1/zz_generated.resolvers.go | 26 ++ .../v1beta1/zz_generated_terraformed.go | 74 ++++ .../v1beta1/zz_storagehmackey_types.go | 130 ++++++ build | 2 +- config/cloudplatform/config.go | 7 + config/common/config.go | 21 +- config/externalname.go | 2 + config/externalnamenottested.go | 2 - config/generated.lst | 2 +- config/overrides.go | 2 + .../cloudplatform/storagehmackey.yaml | 29 ++ examples/cloudplatform/storagehmackey.yaml | 26 ++ .../storagehmackey/zz_controller.go | 67 +++ internal/controller/zz_cloudplatform_setup.go | 2 + internal/controller/zz_monolith_setup.go | 2 + ...atform.gcp.upbound.io_storagehmackeys.yaml | 417 ++++++++++++++++++ 19 files changed, 1074 insertions(+), 5 deletions(-) create mode 100755 apis/cloudplatform/v1beta1/zz_storagehmackey_types.go create mode 100644 examples-generated/cloudplatform/storagehmackey.yaml create mode 100644 examples/cloudplatform/storagehmackey.yaml create mode 100755 internal/controller/cloudplatform/storagehmackey/zz_controller.go create mode 100644 package/crds/cloudplatform.gcp.upbound.io_storagehmackeys.yaml diff --git a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go index f80184703..6e47d155a 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go @@ -3416,3 +3416,186 @@ func (in *ServiceNetworkingPeeredDNSDomainStatus) DeepCopy() *ServiceNetworkingP in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageHMACKey) DeepCopyInto(out *StorageHMACKey) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageHMACKey. +func (in *StorageHMACKey) DeepCopy() *StorageHMACKey { + if in == nil { + return nil + } + out := new(StorageHMACKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageHMACKey) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageHMACKeyList) DeepCopyInto(out *StorageHMACKeyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]StorageHMACKey, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageHMACKeyList. +func (in *StorageHMACKeyList) DeepCopy() *StorageHMACKeyList { + if in == nil { + return nil + } + out := new(StorageHMACKeyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageHMACKeyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageHMACKeyObservation) DeepCopyInto(out *StorageHMACKeyObservation) { + *out = *in + if in.AccessID != nil { + in, out := &in.AccessID, &out.AccessID + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + if in.TimeCreated != nil { + in, out := &in.TimeCreated, &out.TimeCreated + *out = new(string) + **out = **in + } + if in.Updated != nil { + in, out := &in.Updated, &out.Updated + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageHMACKeyObservation. +func (in *StorageHMACKeyObservation) DeepCopy() *StorageHMACKeyObservation { + if in == nil { + return nil + } + out := new(StorageHMACKeyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageHMACKeyParameters) DeepCopyInto(out *StorageHMACKeyParameters) { + *out = *in + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } + if in.ServiceAccountEmailRef != nil { + in, out := &in.ServiceAccountEmailRef, &out.ServiceAccountEmailRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountEmailSelector != nil { + in, out := &in.ServiceAccountEmailSelector, &out.ServiceAccountEmailSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageHMACKeyParameters. +func (in *StorageHMACKeyParameters) DeepCopy() *StorageHMACKeyParameters { + if in == nil { + return nil + } + out := new(StorageHMACKeyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageHMACKeySpec) DeepCopyInto(out *StorageHMACKeySpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageHMACKeySpec. +func (in *StorageHMACKeySpec) DeepCopy() *StorageHMACKeySpec { + if in == nil { + return nil + } + out := new(StorageHMACKeySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageHMACKeyStatus) DeepCopyInto(out *StorageHMACKeyStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageHMACKeyStatus. +func (in *StorageHMACKeyStatus) DeepCopy() *StorageHMACKeyStatus { + if in == nil { + return nil + } + out := new(StorageHMACKeyStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/cloudplatform/v1beta1/zz_generated.managed.go b/apis/cloudplatform/v1beta1/zz_generated.managed.go index d12e7b8b2..1a7cc3e62 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.managed.go +++ b/apis/cloudplatform/v1beta1/zz_generated.managed.go @@ -1234,3 +1234,79 @@ func (mg *ServiceNetworkingPeeredDNSDomain) SetPublishConnectionDetailsTo(r *xpv func (mg *ServiceNetworkingPeeredDNSDomain) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this StorageHMACKey. +func (mg *StorageHMACKey) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this StorageHMACKey. +func (mg *StorageHMACKey) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicy of this StorageHMACKey. +func (mg *StorageHMACKey) GetManagementPolicy() xpv1.ManagementPolicy { + return mg.Spec.ManagementPolicy +} + +// GetProviderConfigReference of this StorageHMACKey. +func (mg *StorageHMACKey) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +/* +GetProviderReference of this StorageHMACKey. +Deprecated: Use GetProviderConfigReference. +*/ +func (mg *StorageHMACKey) GetProviderReference() *xpv1.Reference { + return mg.Spec.ProviderReference +} + +// GetPublishConnectionDetailsTo of this StorageHMACKey. +func (mg *StorageHMACKey) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this StorageHMACKey. +func (mg *StorageHMACKey) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this StorageHMACKey. +func (mg *StorageHMACKey) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this StorageHMACKey. +func (mg *StorageHMACKey) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicy of this StorageHMACKey. +func (mg *StorageHMACKey) SetManagementPolicy(r xpv1.ManagementPolicy) { + mg.Spec.ManagementPolicy = r +} + +// SetProviderConfigReference of this StorageHMACKey. +func (mg *StorageHMACKey) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +/* +SetProviderReference of this StorageHMACKey. +Deprecated: Use SetProviderConfigReference. +*/ +func (mg *StorageHMACKey) SetProviderReference(r *xpv1.Reference) { + mg.Spec.ProviderReference = r +} + +// SetPublishConnectionDetailsTo of this StorageHMACKey. +func (mg *StorageHMACKey) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this StorageHMACKey. +func (mg *StorageHMACKey) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/cloudplatform/v1beta1/zz_generated.managedlist.go b/apis/cloudplatform/v1beta1/zz_generated.managedlist.go index 79df21092..fc6660292 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.managedlist.go +++ b/apis/cloudplatform/v1beta1/zz_generated.managedlist.go @@ -162,3 +162,12 @@ func (l *ServiceNetworkingPeeredDNSDomainList) GetItems() []resource.Managed { } return items } + +// GetItems of this StorageHMACKeyList. +func (l *StorageHMACKeyList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/cloudplatform/v1beta1/zz_generated.resolvers.go b/apis/cloudplatform/v1beta1/zz_generated.resolvers.go index e40f91766..e619235e4 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.resolvers.go +++ b/apis/cloudplatform/v1beta1/zz_generated.resolvers.go @@ -302,3 +302,29 @@ func (mg *ServiceAccountKey) ResolveReferences(ctx context.Context, c client.Rea return nil } + +// ResolveReferences of this StorageHMACKey. +func (mg *StorageHMACKey) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ServiceAccountEmail), + Extract: common.ExtractEmail(), + Reference: mg.Spec.ForProvider.ServiceAccountEmailRef, + Selector: mg.Spec.ForProvider.ServiceAccountEmailSelector, + To: reference.To{ + List: &ServiceAccountList{}, + Managed: &ServiceAccount{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ServiceAccountEmail") + } + mg.Spec.ForProvider.ServiceAccountEmail = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ServiceAccountEmailRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/cloudplatform/v1beta1/zz_generated_terraformed.go b/apis/cloudplatform/v1beta1/zz_generated_terraformed.go index a8fe88a31..c12317b5b 100755 --- a/apis/cloudplatform/v1beta1/zz_generated_terraformed.go +++ b/apis/cloudplatform/v1beta1/zz_generated_terraformed.go @@ -1208,3 +1208,77 @@ func (tr *ServiceNetworkingPeeredDNSDomain) LateInitialize(attrs []byte) (bool, func (tr *ServiceNetworkingPeeredDNSDomain) GetTerraformSchemaVersion() int { return 0 } + +// GetTerraformResourceType returns Terraform resource type for this StorageHMACKey +func (mg *StorageHMACKey) GetTerraformResourceType() string { + return "google_storage_hmac_key" +} + +// GetConnectionDetailsMapping for this StorageHMACKey +func (tr *StorageHMACKey) GetConnectionDetailsMapping() map[string]string { + return map[string]string{"secret": "status.atProvider.secret"} +} + +// GetObservation of this StorageHMACKey +func (tr *StorageHMACKey) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this StorageHMACKey +func (tr *StorageHMACKey) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this StorageHMACKey +func (tr *StorageHMACKey) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this StorageHMACKey +func (tr *StorageHMACKey) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this StorageHMACKey +func (tr *StorageHMACKey) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// LateInitialize this StorageHMACKey using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *StorageHMACKey) LateInitialize(attrs []byte) (bool, error) { + params := &StorageHMACKeyParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *StorageHMACKey) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/cloudplatform/v1beta1/zz_storagehmackey_types.go b/apis/cloudplatform/v1beta1/zz_storagehmackey_types.go new file mode 100755 index 000000000..2b5b9efba --- /dev/null +++ b/apis/cloudplatform/v1beta1/zz_storagehmackey_types.go @@ -0,0 +1,130 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type StorageHMACKeyObservation struct { + + // The access ID of the HMAC Key. + AccessID *string `json:"accessId,omitempty" tf:"access_id,omitempty"` + + // an identifier for the resource with format projects/{{project}}/hmacKeys/{{access_id}} + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The email address of the key's associated service account. + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` + + // The state of the key. Can be set to one of ACTIVE, INACTIVE. + // Default value is ACTIVE. + // Possible values are: ACTIVE, INACTIVE. + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // 'The creation time of the HMAC key in RFC 3339 format. ' + TimeCreated *string `json:"timeCreated,omitempty" tf:"time_created,omitempty"` + + // 'The last modification time of the HMAC key metadata in RFC 3339 format.' + Updated *string `json:"updated,omitempty" tf:"updated,omitempty"` +} + +type StorageHMACKeyParameters struct { + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + // +kubebuilder:validation:Optional + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The email address of the key's associated service account. + // +crossplane:generate:reference:type=ServiceAccount + // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.ExtractEmail() + // +kubebuilder:validation:Optional + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` + + // Reference to a ServiceAccount to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailRef *v1.Reference `json:"serviceAccountEmailRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailSelector *v1.Selector `json:"serviceAccountEmailSelector,omitempty" tf:"-"` + + // The state of the key. Can be set to one of ACTIVE, INACTIVE. + // Default value is ACTIVE. + // Possible values are: ACTIVE, INACTIVE. + // +kubebuilder:validation:Optional + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +// StorageHMACKeySpec defines the desired state of StorageHMACKey +type StorageHMACKeySpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider StorageHMACKeyParameters `json:"forProvider"` +} + +// StorageHMACKeyStatus defines the observed state of StorageHMACKey. +type StorageHMACKeyStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider StorageHMACKeyObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// StorageHMACKey is the Schema for the StorageHMACKeys API. The hmacKeys resource represents an HMAC key within Cloud Storage. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} +type StorageHMACKey struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec StorageHMACKeySpec `json:"spec"` + Status StorageHMACKeyStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// StorageHMACKeyList contains a list of StorageHMACKeys +type StorageHMACKeyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []StorageHMACKey `json:"items"` +} + +// Repository type metadata. +var ( + StorageHMACKey_Kind = "StorageHMACKey" + StorageHMACKey_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: StorageHMACKey_Kind}.String() + StorageHMACKey_KindAPIVersion = StorageHMACKey_Kind + "." + CRDGroupVersion.String() + StorageHMACKey_GroupVersionKind = CRDGroupVersion.WithKind(StorageHMACKey_Kind) +) + +func init() { + SchemeBuilder.Register(&StorageHMACKey{}, &StorageHMACKeyList{}) +} diff --git a/build b/build index 292f958d2..cc6539e73 160000 --- a/build +++ b/build @@ -1 +1 @@ -Subproject commit 292f958d2d97f26b450723998f82f7fc1767920c +Subproject commit cc6539e738e14e5322911639e2173f54dd21c9d0 diff --git a/config/cloudplatform/config.go b/config/cloudplatform/config.go index 17c3cebca..cc9cc12a1 100644 --- a/config/cloudplatform/config.go +++ b/config/cloudplatform/config.go @@ -109,4 +109,11 @@ func Configure(p *config.Provider) { config.MarkAsRequired(r.TerraformResource, "network") config.MarkAsRequired(r.TerraformResource, "service") }) + + p.AddResourceConfigurator("google_storage_hmac_key", func(r *config.Resource) { + r.References["service_account_email"] = config.Reference{ + Type: "ServiceAccount", + Extractor: common.ExtractEmailFuncPath, + } + }) } diff --git a/config/common/config.go b/config/common/config.go index 171279458..5a9e8b7b8 100644 --- a/config/common/config.go +++ b/config/common/config.go @@ -21,6 +21,8 @@ const ( // ExtractResourceIDFuncPath holds the GCP resource ID extractor func name ExtractResourceIDFuncPath = "github.com/upbound/provider-gcp/config/common.ExtractResourceID()" ExtractProjectIDFuncPath = "github.com/upbound/provider-gcp/config/common.ExtractProjectID()" + // ExtractEmailFuncPath holds the GCP resource email extractor func name + ExtractEmailFuncPath = "github.com/upbound/provider-gcp/config/common.ExtractEmail()" ) var ( @@ -63,7 +65,7 @@ func GetField(from map[string]interface{}, path string) (string, error) { return fieldpath.Pave(from).GetString(path) } -// ExtractResourceID extracts the value of `spec.atProvider.id` +// ExtractResourceID extracts the value of `status.atProvider.id` // from a Terraformed resource. If mr is not a Terraformed // resource, returns an empty string. func ExtractResourceID() reference.ExtractValueFn { @@ -85,3 +87,20 @@ func ExtractProjectID() reference.ExtractValueFn { return strings.TrimPrefix(tr.GetID(), "projects/") } } + +// ExtractEmail extracts the value of `status.atProvider.email` +// from a Terraformed resource. If mr is not a Terraformed +// resource, returns an empty string. +func ExtractEmail() reference.ExtractValueFn { + return func(mg resource.Managed) string { + paved, err := fieldpath.PaveObject(mg) + if err != nil { + return "" + } + r, err := paved.GetString("status.atProvider.email") + if err != nil { + return "" + } + return r + } +} diff --git a/config/externalname.go b/config/externalname.go index 78db536f5..24969f120 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -725,6 +725,8 @@ var externalNameConfigs = map[string]config.ExternalName{ "google_storage_default_object_access_control": config.IdentifierFromProvider, // No import documented. "google_storage_default_object_acl": config.IdentifierFromProvider, + // Imported by using the following projects/{{project}}/hmacKeys/{{access_id}} + "google_storage_hmac_key": config.IdentifierFromProvider, // Imported by using the following {{bucket}}/{{object}}/{{entity}} "google_storage_object_access_control": config.IdentifierFromProvider, // No Import diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index b7562bbe9..891e11a8c 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -417,8 +417,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ // storage // - // Imported by using the following projects/{{project}}/hmacKeys/{{access_id}} - "google_storage_hmac_key": config.IdentifierFromProvider, // Imported by using the following {{bucket}}/{{object}}/{{entity}} "google_storage_object_access_control": config.TemplatedStringAsIdentifier("entity", "{{ .parameters.bucket }}/{{ .parameters.object }}/{{ .external_name }}"), // No Import diff --git a/config/generated.lst b/config/generated.lst index 62ffb0ced..594be64af 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["google_active_directory_domain","google_apigee_envgroup","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_cloudiot_device","google_cloudiot_registry","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_workflows_workflow"] \ No newline at end of file +["google_active_directory_domain","google_apigee_envgroup","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_cloudiot_device","google_cloudiot_registry","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_workflows_workflow"] \ No newline at end of file diff --git a/config/overrides.go b/config/overrides.go index 90c411a23..ad0f839b7 100644 --- a/config/overrides.go +++ b/config/overrides.go @@ -55,6 +55,8 @@ var groupMap = map[string]GroupKindCalculator{ "google_project_usage_export_bucket$": ReplaceGroupWords("cloudplatform", 0), "google_service_account.*": ReplaceGroupWords("cloudplatform", 0), "google_service_networking_peered_dns_domain$": ReplaceGroupWords("cloudplatform", 0), + // Avoid an import cycle, this is a key used for S3-style auth. It's meant to be used by end users, not other resources. + "google_storage_hmac_key$": ReplaceGroupWords("cloudplatform", 0), // Resources in "Access Approval" group. // Note(turkenh): The following resources are listed under "Access Approval" diff --git a/examples-generated/cloudplatform/storagehmackey.yaml b/examples-generated/cloudplatform/storagehmackey.yaml new file mode 100644 index 000000000..ec8bf43f1 --- /dev/null +++ b/examples-generated/cloudplatform/storagehmackey.yaml @@ -0,0 +1,29 @@ +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: StorageHMACKey +metadata: + annotations: + meta.upbound.io/example-id: cloudplatform/v1beta1/storagehmackey + labels: + testing.upbound.io/example-name: key + name: key +spec: + forProvider: + serviceAccountEmailSelector: + matchLabels: + testing.upbound.io/example-name: service_account + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: ServiceAccount +metadata: + annotations: + meta.upbound.io/example-id: cloudplatform/v1beta1/storagehmackey + labels: + testing.upbound.io/example-name: service_account + name: service-account +spec: + forProvider: {} + +--- + diff --git a/examples/cloudplatform/storagehmackey.yaml b/examples/cloudplatform/storagehmackey.yaml new file mode 100644 index 000000000..c7b5c29a6 --- /dev/null +++ b/examples/cloudplatform/storagehmackey.yaml @@ -0,0 +1,26 @@ +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: StorageHMACKey +metadata: + annotations: + meta.upbound.io/example-id: cloudplatform/v1beta1/storagehmackey + labels: + testing.upbound.io/example-name: example-service-account-hmac-key + name: example-service-account-hmac-key +spec: + forProvider: + serviceAccountEmailSelector: + matchLabels: + testing.upbound.io/example-name: example-service-account-hmac-key + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: ServiceAccount +metadata: + annotations: + meta.upbound.io/example-id: cloudplatform/v1beta1/storagehmackey + labels: + testing.upbound.io/example-name: example-service-account-hmac-key + name: example-service-account-hmac-key +spec: + forProvider: {} diff --git a/internal/controller/cloudplatform/storagehmackey/zz_controller.go b/internal/controller/cloudplatform/storagehmackey/zz_controller.go new file mode 100755 index 000000000..2bfdbc80b --- /dev/null +++ b/internal/controller/cloudplatform/storagehmackey/zz_controller.go @@ -0,0 +1,67 @@ +/* +Copyright 2021 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package storagehmackey + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1" + features "github.com/upbound/provider-gcp/internal/features" +) + +// Setup adds a controller that reconciles StorageHMACKey managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.StorageHMACKey_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["google_storage_hmac_key"], tjcontroller.WithLogger(o.Logger), + tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.StorageHMACKey_GroupVersionKind))), + )), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.Features.Enabled(features.EnableAlphaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.StorageHMACKey_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + For(&v1beta1.StorageHMACKey{}). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_cloudplatform_setup.go b/internal/controller/zz_cloudplatform_setup.go index ac19d01f2..5da0f3fdb 100755 --- a/internal/controller/zz_cloudplatform_setup.go +++ b/internal/controller/zz_cloudplatform_setup.go @@ -25,6 +25,7 @@ import ( serviceaccountiammember "github.com/upbound/provider-gcp/internal/controller/cloudplatform/serviceaccountiammember" serviceaccountkey "github.com/upbound/provider-gcp/internal/controller/cloudplatform/serviceaccountkey" servicenetworkingpeereddnsdomain "github.com/upbound/provider-gcp/internal/controller/cloudplatform/servicenetworkingpeereddnsdomain" + storagehmackey "github.com/upbound/provider-gcp/internal/controller/cloudplatform/storagehmackey" ) // Setup_cloudplatform creates all controllers with the supplied logger and adds them to @@ -47,6 +48,7 @@ func Setup_cloudplatform(mgr ctrl.Manager, o controller.Options) error { serviceaccountiammember.Setup, serviceaccountkey.Setup, servicenetworkingpeereddnsdomain.Setup, + storagehmackey.Setup, } { if err := setup(mgr, o); err != nil { return err diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 95af120c0..31d84f394 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -84,6 +84,7 @@ import ( serviceaccountiammember "github.com/upbound/provider-gcp/internal/controller/cloudplatform/serviceaccountiammember" serviceaccountkey "github.com/upbound/provider-gcp/internal/controller/cloudplatform/serviceaccountkey" servicenetworkingpeereddnsdomain "github.com/upbound/provider-gcp/internal/controller/cloudplatform/servicenetworkingpeereddnsdomain" + storagehmackey "github.com/upbound/provider-gcp/internal/controller/cloudplatform/storagehmackey" domainmapping "github.com/upbound/provider-gcp/internal/controller/cloudrun/domainmapping" service "github.com/upbound/provider-gcp/internal/controller/cloudrun/service" serviceiammember "github.com/upbound/provider-gcp/internal/controller/cloudrun/serviceiammember" @@ -420,6 +421,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { serviceaccountiammember.Setup, serviceaccountkey.Setup, servicenetworkingpeereddnsdomain.Setup, + storagehmackey.Setup, domainmapping.Setup, service.Setup, serviceiammember.Setup, diff --git a/package/crds/cloudplatform.gcp.upbound.io_storagehmackeys.yaml b/package/crds/cloudplatform.gcp.upbound.io_storagehmackeys.yaml new file mode 100644 index 000000000..1cef80f34 --- /dev/null +++ b/package/crds/cloudplatform.gcp.upbound.io_storagehmackeys.yaml @@ -0,0 +1,417 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: storagehmackeys.cloudplatform.gcp.upbound.io +spec: + group: cloudplatform.gcp.upbound.io + names: + categories: + - crossplane + - managed + - gcp + kind: StorageHMACKey + listKind: StorageHMACKeyList + plural: storagehmackeys + singular: storagehmackey + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: StorageHMACKey is the Schema for the StorageHMACKeys API. The + hmacKeys resource represents an HMAC key within Cloud Storage. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: StorageHMACKeySpec defines the desired state of StorageHMACKey + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicy field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + project: + description: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + serviceAccountEmail: + description: The email address of the key's associated service + account. + type: string + serviceAccountEmailRef: + description: Reference to a ServiceAccount to populate serviceAccountEmail. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountEmailSelector: + description: Selector for a ServiceAccount to populate serviceAccountEmail. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + state: + description: 'The state of the key. Can be set to one of ACTIVE, + INACTIVE. Default value is ACTIVE. Possible values are: ACTIVE, + INACTIVE.' + type: string + type: object + managementPolicy: + default: FullControl + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicy + specifies the level of control Crossplane has over the managed external + resource. This field is planned to replace the DeletionPolicy field + in a future release. Currently, both could be set independently + and non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - FullControl + - ObserveOnly + - OrphanOnDelete + type: string + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: StorageHMACKeyStatus defines the observed state of StorageHMACKey. + properties: + atProvider: + properties: + accessId: + description: The access ID of the HMAC Key. + type: string + id: + description: an identifier for the resource with format projects/{{project}}/hmacKeys/{{access_id}} + type: string + project: + description: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + serviceAccountEmail: + description: The email address of the key's associated service + account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, + INACTIVE. Default value is ACTIVE. Possible values are: ACTIVE, + INACTIVE.' + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 + format. ''' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''' + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} From a5bb2aa35e0b5ed88db9d775321f862d2655cc5f Mon Sep 17 00:00:00 2001 From: Julien Duchesne Date: Tue, 11 Apr 2023 10:44:15 -0400 Subject: [PATCH 2/2] Use shorter example name. It was failing due to a SA name length Signed-off-by: Julien Duchesne --- examples/cloudplatform/storagehmackey.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/cloudplatform/storagehmackey.yaml b/examples/cloudplatform/storagehmackey.yaml index c7b5c29a6..fcf7bf2c8 100644 --- a/examples/cloudplatform/storagehmackey.yaml +++ b/examples/cloudplatform/storagehmackey.yaml @@ -4,13 +4,13 @@ metadata: annotations: meta.upbound.io/example-id: cloudplatform/v1beta1/storagehmackey labels: - testing.upbound.io/example-name: example-service-account-hmac-key - name: example-service-account-hmac-key + testing.upbound.io/example-name: example-sa-hmac-key + name: example-sa-hmac-key spec: forProvider: serviceAccountEmailSelector: matchLabels: - testing.upbound.io/example-name: example-service-account-hmac-key + testing.upbound.io/example-name: example-sa-hmac-key --- @@ -20,7 +20,7 @@ metadata: annotations: meta.upbound.io/example-id: cloudplatform/v1beta1/storagehmackey labels: - testing.upbound.io/example-name: example-service-account-hmac-key - name: example-service-account-hmac-key + testing.upbound.io/example-name: example-sa-hmac-key + name: example-sa-hmac-key spec: forProvider: {}