From 63b09f08ac7cb848aeee90929bfd19988dcd5f31 Mon Sep 17 00:00:00 2001 From: Nicholas Thomson Date: Thu, 14 Mar 2024 15:44:49 -0700 Subject: [PATCH 1/3] Use tool env var Kustomize in Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f5f557daa..8ece20f2a 100644 --- a/Makefile +++ b/Makefile @@ -317,7 +317,7 @@ kustomize-crds: output.init $(KUSTOMIZE) $(YQ) @rm -fr $(OUTPUT_DIR)/package || $(FAIL) @cp -R package $(OUTPUT_DIR) && \ cd $(OUTPUT_DIR)/package/crds && \ - kustomize create --autodetect || $(FAIL) + $(KUSTOMIZE) create --autodetect || $(FAIL) @export YQ=$(YQ) && \ XDG_CONFIG_HOME=$(PWD)/package $(KUSTOMIZE) build --enable-alpha-plugins $(OUTPUT_DIR)/package/kustomize -o $(OUTPUT_DIR)/package/crds.yaml || $(FAIL) @$(OK) Kustomizing CRDs. From 2995711d0823e80ab0ba54bb02afa0e7ac66fa91 Mon Sep 17 00:00:00 2001 From: Nicholas Thomson Date: Thu, 14 Mar 2024 15:45:39 -0700 Subject: [PATCH 2/3] Create stock containerattached with Cluster --- .../v1beta1/zz_cluster_terraformed.go | 129 ++ .../v1beta1/zz_cluster_types.go | 629 ++++++++ .../v1beta1/zz_generated.conversion_hubs.go | 10 + .../v1beta1/zz_generated.deepcopy.go | 1334 +++++++++++++++++ .../v1beta1/zz_generated.managed.go | 68 + .../v1beta1/zz_generated.managedlist.go | 17 + .../v1beta1/zz_groupversion_info.go | 32 + apis/zz_register.go | 2 + cmd/provider/containerattached/zz_main.go | 204 +++ config/containerattached/config.go | 17 + config/externalname.go | 5 + config/externalnamenottested.go | 5 - config/generated.lst | 2 +- config/overrides.go | 1 + config/provider.go | 2 + .../containerattached/v1beta1/cluster.yaml | 19 + .../containerattached/v1beta1/cluster.yaml | 23 + .../cluster/zz_controller.go | 79 + .../controller/zz_containerattached_setup.go | 26 + internal/controller/zz_monolith_setup.go | 2 + ...ainerattached.gcp.upbound.io_clusters.yaml | 934 ++++++++++++ 21 files changed, 3534 insertions(+), 6 deletions(-) create mode 100755 apis/containerattached/v1beta1/zz_cluster_terraformed.go create mode 100755 apis/containerattached/v1beta1/zz_cluster_types.go create mode 100755 apis/containerattached/v1beta1/zz_generated.conversion_hubs.go create mode 100644 apis/containerattached/v1beta1/zz_generated.deepcopy.go create mode 100644 apis/containerattached/v1beta1/zz_generated.managed.go create mode 100644 apis/containerattached/v1beta1/zz_generated.managedlist.go create mode 100755 apis/containerattached/v1beta1/zz_groupversion_info.go create mode 100644 cmd/provider/containerattached/zz_main.go create mode 100644 config/containerattached/config.go create mode 100644 examples-generated/containerattached/v1beta1/cluster.yaml create mode 100644 examples/containerattached/v1beta1/cluster.yaml create mode 100755 internal/controller/containerattached/cluster/zz_controller.go create mode 100755 internal/controller/zz_containerattached_setup.go create mode 100644 package/crds/containerattached.gcp.upbound.io_clusters.yaml diff --git a/apis/containerattached/v1beta1/zz_cluster_terraformed.go b/apis/containerattached/v1beta1/zz_cluster_terraformed.go new file mode 100755 index 000000000..ad05322b5 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_cluster_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Cluster +func (mg *Cluster) GetTerraformResourceType() string { + return "google_container_attached_cluster" +} + +// GetConnectionDetailsMapping for this Cluster +func (tr *Cluster) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Cluster +func (tr *Cluster) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Cluster +func (tr *Cluster) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Cluster +func (tr *Cluster) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Cluster +func (tr *Cluster) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Cluster +func (tr *Cluster) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Cluster +func (tr *Cluster) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Cluster +func (tr *Cluster) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Cluster using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Cluster) LateInitialize(attrs []byte) (bool, error) { + params := &ClusterParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Cluster) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/containerattached/v1beta1/zz_cluster_types.go b/apis/containerattached/v1beta1/zz_cluster_types.go new file mode 100755 index 000000000..ae35db794 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_cluster_types.go @@ -0,0 +1,629 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AuthorizationInitParameters struct { + + // Groups that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + // to the groups. Up to ten admin groups can be provided. + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []*string `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + + // Users that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + // to the users. Up to ten admin users can be provided. + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminUsers []*string `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` +} + +type AuthorizationObservation struct { + + // Groups that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + // to the groups. Up to ten admin groups can be provided. + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminGroups []*string `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + + // Users that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + // to the users. Up to ten admin users can be provided. + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + AdminUsers []*string `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` +} + +type AuthorizationParameters struct { + + // Groups that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + // to the groups. Up to ten admin groups can be provided. + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + // +kubebuilder:validation:Optional + AdminGroups []*string `json:"adminGroups,omitempty" tf:"admin_groups,omitempty"` + + // Users that can perform operations as a cluster admin. A managed + // ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + // to the users. Up to ten admin users can be provided. + // For more info on RBAC, see + // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + // +kubebuilder:validation:Optional + AdminUsers []*string `json:"adminUsers,omitempty" tf:"admin_users,omitempty"` +} + +type BinaryAuthorizationInitParameters struct { + + // Configure Binary Authorization evaluation mode. + // Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. + EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` +} + +type BinaryAuthorizationObservation struct { + + // Configure Binary Authorization evaluation mode. + // Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. + EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` +} + +type BinaryAuthorizationParameters struct { + + // Configure Binary Authorization evaluation mode. + // Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. + // +kubebuilder:validation:Optional + EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` +} + +type ClusterInitParameters struct { + + // Optional. Annotations on the cluster. This field has the same + // restrictions as Kubernetes annotations. The total size of all keys and + // values combined is limited to 256k. Key can have 2 segments: prefix + // and name , separated by a slash (/). Prefix must be a DNS subdomain. + // Name must be 63 characters or less, begin and end with alphanumerics, + // with dashes (-), underscores (_), dots (.), and alphanumerics between. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + + // Configuration related to the cluster RBAC settings. + // Structure is documented below. + Authorization []AuthorizationInitParameters `json:"authorization,omitempty" tf:"authorization,omitempty"` + + // Binary Authorization configuration. + // Structure is documented below. + BinaryAuthorization []BinaryAuthorizationInitParameters `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` + + // Policy to determine what flags to send on delete. + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + + // A human readable description of this attached cluster. Cannot be longer + // than 255 UTF-8 encoded bytes. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The Kubernetes distribution of the underlying attached cluster. Supported values: + // "eks", "aks". + Distribution *string `json:"distribution,omitempty" tf:"distribution,omitempty"` + + // Fleet configuration. + // Structure is documented below. + Fleet []FleetInitParameters `json:"fleet,omitempty" tf:"fleet,omitempty"` + + // Logging configuration. + // Structure is documented below. + LoggingConfig []LoggingConfigInitParameters `json:"loggingConfig,omitempty" tf:"logging_config,omitempty"` + + // Monitoring configuration. + // Structure is documented below. + MonitoringConfig []MonitoringConfigInitParameters `json:"monitoringConfig,omitempty" tf:"monitoring_config,omitempty"` + + // OIDC discovery information of the target cluster. + // Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + // API server. This fields indicates how GCP services + // validate KSA tokens in order to allow system workloads (such as GKE Connect + // and telemetry agents) to authenticate back to GCP. + // Both clusters with public and private issuer URLs are supported. + // Clusters with public issuers only need to specify the issuer_url field + // while clusters with private issuers need to provide both + // issuer_url and jwks. + // Structure is documented below. + OidcConfig []OidcConfigInitParameters `json:"oidcConfig,omitempty" tf:"oidc_config,omitempty"` + + // The platform version for the cluster (e.g. 1.23.0-gke.1). + PlatformVersion *string `json:"platformVersion,omitempty" tf:"platform_version,omitempty"` + + // The number of the Fleet host project where this cluster will be registered. + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Support for proxy configuration. + // Structure is documented below. + ProxyConfig []ProxyConfigInitParameters `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` +} + +type ClusterObservation struct { + + // Optional. Annotations on the cluster. This field has the same + // restrictions as Kubernetes annotations. The total size of all keys and + // values combined is limited to 256k. Key can have 2 segments: prefix + // and name , separated by a slash (/). Prefix must be a DNS subdomain. + // Name must be 63 characters or less, begin and end with alphanumerics, + // with dashes (-), underscores (_), dots (.), and alphanumerics between. + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + + // Configuration related to the cluster RBAC settings. + // Structure is documented below. + Authorization []AuthorizationObservation `json:"authorization,omitempty" tf:"authorization,omitempty"` + + // Binary Authorization configuration. + // Structure is documented below. + BinaryAuthorization []BinaryAuthorizationObservation `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` + + // Output only. The region where this cluster runs. + // For EKS clusters, this is an AWS region. For AKS clusters, + // this is an Azure region. + ClusterRegion *string `json:"clusterRegion,omitempty" tf:"cluster_region,omitempty"` + + // Output only. The time at which this cluster was created. + CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + + // Policy to determine what flags to send on delete. + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + + // A human readable description of this attached cluster. Cannot be longer + // than 255 UTF-8 encoded bytes. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The Kubernetes distribution of the underlying attached cluster. Supported values: + // "eks", "aks". + Distribution *string `json:"distribution,omitempty" tf:"distribution,omitempty"` + + // +mapType=granular + EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` + + // A set of errors found in the cluster. + // Structure is documented below. + Errors []ErrorsObservation `json:"errors,omitempty" tf:"errors,omitempty"` + + // Fleet configuration. + // Structure is documented below. + Fleet []FleetObservation `json:"fleet,omitempty" tf:"fleet,omitempty"` + + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Kubernetes version of the cluster. + KubernetesVersion *string `json:"kubernetesVersion,omitempty" tf:"kubernetes_version,omitempty"` + + // The location for the resource + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Logging configuration. + // Structure is documented below. + LoggingConfig []LoggingConfigObservation `json:"loggingConfig,omitempty" tf:"logging_config,omitempty"` + + // Monitoring configuration. + // Structure is documented below. + MonitoringConfig []MonitoringConfigObservation `json:"monitoringConfig,omitempty" tf:"monitoring_config,omitempty"` + + // OIDC discovery information of the target cluster. + // Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + // API server. This fields indicates how GCP services + // validate KSA tokens in order to allow system workloads (such as GKE Connect + // and telemetry agents) to authenticate back to GCP. + // Both clusters with public and private issuer URLs are supported. + // Clusters with public issuers only need to specify the issuer_url field + // while clusters with private issuers need to provide both + // issuer_url and jwks. + // Structure is documented below. + OidcConfig []OidcConfigObservation `json:"oidcConfig,omitempty" tf:"oidc_config,omitempty"` + + // The platform version for the cluster (e.g. 1.23.0-gke.1). + PlatformVersion *string `json:"platformVersion,omitempty" tf:"platform_version,omitempty"` + + // The number of the Fleet host project where this cluster will be registered. + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Support for proxy configuration. + // Structure is documented below. + ProxyConfig []ProxyConfigObservation `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` + + // If set, there are currently changes in flight to the cluster. + Reconciling *bool `json:"reconciling,omitempty" tf:"reconciling,omitempty"` + + // The current state of the cluster. Possible values: + // STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, + // DEGRADED + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // A globally unique identifier for the cluster. + UID *string `json:"uid,omitempty" tf:"uid,omitempty"` + + // The time at which this cluster was last updated. + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` + + // Workload Identity settings. + // Structure is documented below. + WorkloadIdentityConfig []WorkloadIdentityConfigObservation `json:"workloadIdentityConfig,omitempty" tf:"workload_identity_config,omitempty"` +} + +type ClusterParameters struct { + + // Optional. Annotations on the cluster. This field has the same + // restrictions as Kubernetes annotations. The total size of all keys and + // values combined is limited to 256k. Key can have 2 segments: prefix + // and name , separated by a slash (/). Prefix must be a DNS subdomain. + // Name must be 63 characters or less, begin and end with alphanumerics, + // with dashes (-), underscores (_), dots (.), and alphanumerics between. + // +kubebuilder:validation:Optional + // +mapType=granular + Annotations map[string]*string `json:"annotations,omitempty" tf:"annotations,omitempty"` + + // Configuration related to the cluster RBAC settings. + // Structure is documented below. + // +kubebuilder:validation:Optional + Authorization []AuthorizationParameters `json:"authorization,omitempty" tf:"authorization,omitempty"` + + // Binary Authorization configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + BinaryAuthorization []BinaryAuthorizationParameters `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` + + // Policy to determine what flags to send on delete. + // +kubebuilder:validation:Optional + DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` + + // A human readable description of this attached cluster. Cannot be longer + // than 255 UTF-8 encoded bytes. + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // The Kubernetes distribution of the underlying attached cluster. Supported values: + // "eks", "aks". + // +kubebuilder:validation:Optional + Distribution *string `json:"distribution,omitempty" tf:"distribution,omitempty"` + + // Fleet configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + Fleet []FleetParameters `json:"fleet,omitempty" tf:"fleet,omitempty"` + + // The location for the resource + // +kubebuilder:validation:Required + Location *string `json:"location" tf:"location,omitempty"` + + // Logging configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + LoggingConfig []LoggingConfigParameters `json:"loggingConfig,omitempty" tf:"logging_config,omitempty"` + + // Monitoring configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + MonitoringConfig []MonitoringConfigParameters `json:"monitoringConfig,omitempty" tf:"monitoring_config,omitempty"` + + // OIDC discovery information of the target cluster. + // Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + // API server. This fields indicates how GCP services + // validate KSA tokens in order to allow system workloads (such as GKE Connect + // and telemetry agents) to authenticate back to GCP. + // Both clusters with public and private issuer URLs are supported. + // Clusters with public issuers only need to specify the issuer_url field + // while clusters with private issuers need to provide both + // issuer_url and jwks. + // Structure is documented below. + // +kubebuilder:validation:Optional + OidcConfig []OidcConfigParameters `json:"oidcConfig,omitempty" tf:"oidc_config,omitempty"` + + // The platform version for the cluster (e.g. 1.23.0-gke.1). + // +kubebuilder:validation:Optional + PlatformVersion *string `json:"platformVersion,omitempty" tf:"platform_version,omitempty"` + + // The number of the Fleet host project where this cluster will be registered. + // +kubebuilder:validation:Optional + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Support for proxy configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + ProxyConfig []ProxyConfigParameters `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` +} + +type ComponentConfigInitParameters struct { + + // The components to be enabled. + // Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS. + EnableComponents []*string `json:"enableComponents,omitempty" tf:"enable_components,omitempty"` +} + +type ComponentConfigObservation struct { + + // The components to be enabled. + // Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS. + EnableComponents []*string `json:"enableComponents,omitempty" tf:"enable_components,omitempty"` +} + +type ComponentConfigParameters struct { + + // The components to be enabled. + // Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS. + // +kubebuilder:validation:Optional + EnableComponents []*string `json:"enableComponents,omitempty" tf:"enable_components,omitempty"` +} + +type ErrorsInitParameters struct { +} + +type ErrorsObservation struct { + + // Human-friendly description of the error. + Message *string `json:"message,omitempty" tf:"message,omitempty"` +} + +type ErrorsParameters struct { +} + +type FleetInitParameters struct { + + // The number of the Fleet host project where this cluster will be registered. + Project *string `json:"project,omitempty" tf:"project,omitempty"` +} + +type FleetObservation struct { + + // (Output) + // The name of the managed Hub Membership resource associated to this + // cluster. Membership names are formatted as + // projects//locations/global/membership/. + Membership *string `json:"membership,omitempty" tf:"membership,omitempty"` + + // The number of the Fleet host project where this cluster will be registered. + Project *string `json:"project,omitempty" tf:"project,omitempty"` +} + +type FleetParameters struct { + + // The number of the Fleet host project where this cluster will be registered. + // +kubebuilder:validation:Optional + Project *string `json:"project" tf:"project,omitempty"` +} + +type KubernetesSecretInitParameters struct { + + // Name of the kubernetes secret containing the proxy config. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Namespace of the kubernetes secret containing the proxy config. + Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` +} + +type KubernetesSecretObservation struct { + + // Name of the kubernetes secret containing the proxy config. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Namespace of the kubernetes secret containing the proxy config. + Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` +} + +type KubernetesSecretParameters struct { + + // Name of the kubernetes secret containing the proxy config. + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // Namespace of the kubernetes secret containing the proxy config. + // +kubebuilder:validation:Optional + Namespace *string `json:"namespace" tf:"namespace,omitempty"` +} + +type LoggingConfigInitParameters struct { + + // The configuration of the logging components + // Structure is documented below. + ComponentConfig []ComponentConfigInitParameters `json:"componentConfig,omitempty" tf:"component_config,omitempty"` +} + +type LoggingConfigObservation struct { + + // The configuration of the logging components + // Structure is documented below. + ComponentConfig []ComponentConfigObservation `json:"componentConfig,omitempty" tf:"component_config,omitempty"` +} + +type LoggingConfigParameters struct { + + // The configuration of the logging components + // Structure is documented below. + // +kubebuilder:validation:Optional + ComponentConfig []ComponentConfigParameters `json:"componentConfig,omitempty" tf:"component_config,omitempty"` +} + +type ManagedPrometheusConfigInitParameters struct { + + // Enable Managed Collection. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type ManagedPrometheusConfigObservation struct { + + // Enable Managed Collection. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type ManagedPrometheusConfigParameters struct { + + // Enable Managed Collection. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type MonitoringConfigInitParameters struct { + + // Enable Google Cloud Managed Service for Prometheus in the cluster. + // Structure is documented below. + ManagedPrometheusConfig []ManagedPrometheusConfigInitParameters `json:"managedPrometheusConfig,omitempty" tf:"managed_prometheus_config,omitempty"` +} + +type MonitoringConfigObservation struct { + + // Enable Google Cloud Managed Service for Prometheus in the cluster. + // Structure is documented below. + ManagedPrometheusConfig []ManagedPrometheusConfigObservation `json:"managedPrometheusConfig,omitempty" tf:"managed_prometheus_config,omitempty"` +} + +type MonitoringConfigParameters struct { + + // Enable Google Cloud Managed Service for Prometheus in the cluster. + // Structure is documented below. + // +kubebuilder:validation:Optional + ManagedPrometheusConfig []ManagedPrometheusConfigParameters `json:"managedPrometheusConfig,omitempty" tf:"managed_prometheus_config,omitempty"` +} + +type OidcConfigInitParameters struct { + + // A JSON Web Token (JWT) issuer URI. issuer must start with https:// + IssuerURL *string `json:"issuerUrl,omitempty" tf:"issuer_url,omitempty"` + + // OIDC verification keys in JWKS format (RFC 7517). + Jwks *string `json:"jwks,omitempty" tf:"jwks,omitempty"` +} + +type OidcConfigObservation struct { + + // A JSON Web Token (JWT) issuer URI. issuer must start with https:// + IssuerURL *string `json:"issuerUrl,omitempty" tf:"issuer_url,omitempty"` + + // OIDC verification keys in JWKS format (RFC 7517). + Jwks *string `json:"jwks,omitempty" tf:"jwks,omitempty"` +} + +type OidcConfigParameters struct { + + // A JSON Web Token (JWT) issuer URI. issuer must start with https:// + // +kubebuilder:validation:Optional + IssuerURL *string `json:"issuerUrl" tf:"issuer_url,omitempty"` + + // OIDC verification keys in JWKS format (RFC 7517). + // +kubebuilder:validation:Optional + Jwks *string `json:"jwks,omitempty" tf:"jwks,omitempty"` +} + +type ProxyConfigInitParameters struct { + + // The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + // Structure is documented below. + KubernetesSecret []KubernetesSecretInitParameters `json:"kubernetesSecret,omitempty" tf:"kubernetes_secret,omitempty"` +} + +type ProxyConfigObservation struct { + + // The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + // Structure is documented below. + KubernetesSecret []KubernetesSecretObservation `json:"kubernetesSecret,omitempty" tf:"kubernetes_secret,omitempty"` +} + +type ProxyConfigParameters struct { + + // The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + KubernetesSecret []KubernetesSecretParameters `json:"kubernetesSecret,omitempty" tf:"kubernetes_secret,omitempty"` +} + +type WorkloadIdentityConfigInitParameters struct { +} + +type WorkloadIdentityConfigObservation struct { + + // The ID of the OIDC Identity Provider (IdP) associated to + // the Workload Identity Pool. + IdentityProvider *string `json:"identityProvider,omitempty" tf:"identity_provider,omitempty"` + + // The OIDC issuer URL for this cluster. + IssuerURI *string `json:"issuerUri,omitempty" tf:"issuer_uri,omitempty"` + + // The Workload Identity Pool associated to the cluster. + WorkloadPool *string `json:"workloadPool,omitempty" tf:"workload_pool,omitempty"` +} + +type WorkloadIdentityConfigParameters struct { +} + +// ClusterSpec defines the desired state of Cluster +type ClusterSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider ClusterParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider ClusterInitParameters `json:"initProvider,omitempty"` +} + +// ClusterStatus defines the observed state of Cluster. +type ClusterStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider ClusterObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// Cluster is the Schema for the Clusters API. An Anthos cluster running on customer owned infrastructure. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} +type Cluster struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.distribution) || (has(self.initProvider) && has(self.initProvider.distribution))",message="spec.forProvider.distribution is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.fleet) || (has(self.initProvider) && has(self.initProvider.fleet))",message="spec.forProvider.fleet is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.oidcConfig) || (has(self.initProvider) && has(self.initProvider.oidcConfig))",message="spec.forProvider.oidcConfig is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.platformVersion) || (has(self.initProvider) && has(self.initProvider.platformVersion))",message="spec.forProvider.platformVersion is a required parameter" + Spec ClusterSpec `json:"spec"` + Status ClusterStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClusterList contains a list of Clusters +type ClusterList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Cluster `json:"items"` +} + +// Repository type metadata. +var ( + Cluster_Kind = "Cluster" + Cluster_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Cluster_Kind}.String() + Cluster_KindAPIVersion = Cluster_Kind + "." + CRDGroupVersion.String() + Cluster_GroupVersionKind = CRDGroupVersion.WithKind(Cluster_Kind) +) + +func init() { + SchemeBuilder.Register(&Cluster{}, &ClusterList{}) +} diff --git a/apis/containerattached/v1beta1/zz_generated.conversion_hubs.go b/apis/containerattached/v1beta1/zz_generated.conversion_hubs.go new file mode 100755 index 000000000..9f962cae0 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_generated.conversion_hubs.go @@ -0,0 +1,10 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +// Hub marks this type as a conversion hub. +func (tr *Cluster) Hub() {} diff --git a/apis/containerattached/v1beta1/zz_generated.deepcopy.go b/apis/containerattached/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 000000000..3aa3f69d7 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,1334 @@ +//go:build !ignore_autogenerated + +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationInitParameters) DeepCopyInto(out *AuthorizationInitParameters) { + *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AdminUsers != nil { + in, out := &in.AdminUsers, &out.AdminUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationInitParameters. +func (in *AuthorizationInitParameters) DeepCopy() *AuthorizationInitParameters { + if in == nil { + return nil + } + out := new(AuthorizationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationObservation) DeepCopyInto(out *AuthorizationObservation) { + *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AdminUsers != nil { + in, out := &in.AdminUsers, &out.AdminUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationObservation. +func (in *AuthorizationObservation) DeepCopy() *AuthorizationObservation { + if in == nil { + return nil + } + out := new(AuthorizationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationParameters) DeepCopyInto(out *AuthorizationParameters) { + *out = *in + if in.AdminGroups != nil { + in, out := &in.AdminGroups, &out.AdminGroups + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AdminUsers != nil { + in, out := &in.AdminUsers, &out.AdminUsers + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationParameters. +func (in *AuthorizationParameters) DeepCopy() *AuthorizationParameters { + if in == nil { + return nil + } + out := new(AuthorizationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorizationInitParameters) DeepCopyInto(out *BinaryAuthorizationInitParameters) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationInitParameters. +func (in *BinaryAuthorizationInitParameters) DeepCopy() *BinaryAuthorizationInitParameters { + if in == nil { + return nil + } + out := new(BinaryAuthorizationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorizationObservation) DeepCopyInto(out *BinaryAuthorizationObservation) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationObservation. +func (in *BinaryAuthorizationObservation) DeepCopy() *BinaryAuthorizationObservation { + if in == nil { + return nil + } + out := new(BinaryAuthorizationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BinaryAuthorizationParameters) DeepCopyInto(out *BinaryAuthorizationParameters) { + *out = *in + if in.EvaluationMode != nil { + in, out := &in.EvaluationMode, &out.EvaluationMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationParameters. +func (in *BinaryAuthorizationParameters) DeepCopy() *BinaryAuthorizationParameters { + if in == nil { + return nil + } + out := new(BinaryAuthorizationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Cluster) DeepCopyInto(out *Cluster) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster. +func (in *Cluster) DeepCopy() *Cluster { + if in == nil { + return nil + } + out := new(Cluster) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Cluster) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Authorization != nil { + in, out := &in.Authorization, &out.Authorization + *out = make([]AuthorizationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = make([]BinaryAuthorizationInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Distribution != nil { + in, out := &in.Distribution, &out.Distribution + *out = new(string) + **out = **in + } + if in.Fleet != nil { + in, out := &in.Fleet, &out.Fleet + *out = make([]FleetInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LoggingConfig != nil { + in, out := &in.LoggingConfig, &out.LoggingConfig + *out = make([]LoggingConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MonitoringConfig != nil { + in, out := &in.MonitoringConfig, &out.MonitoringConfig + *out = make([]MonitoringConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OidcConfig != nil { + in, out := &in.OidcConfig, &out.OidcConfig + *out = make([]OidcConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PlatformVersion != nil { + in, out := &in.PlatformVersion, &out.PlatformVersion + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ProxyConfig != nil { + in, out := &in.ProxyConfig, &out.ProxyConfig + *out = make([]ProxyConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInitParameters. +func (in *ClusterInitParameters) DeepCopy() *ClusterInitParameters { + if in == nil { + return nil + } + out := new(ClusterInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterList) DeepCopyInto(out *ClusterList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Cluster, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterList. +func (in *ClusterList) DeepCopy() *ClusterList { + if in == nil { + return nil + } + out := new(ClusterList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Authorization != nil { + in, out := &in.Authorization, &out.Authorization + *out = make([]AuthorizationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = make([]BinaryAuthorizationObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ClusterRegion != nil { + in, out := &in.ClusterRegion, &out.ClusterRegion + *out = new(string) + **out = **in + } + if in.CreateTime != nil { + in, out := &in.CreateTime, &out.CreateTime + *out = new(string) + **out = **in + } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Distribution != nil { + in, out := &in.Distribution, &out.Distribution + *out = new(string) + **out = **in + } + if in.EffectiveAnnotations != nil { + in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Errors != nil { + in, out := &in.Errors, &out.Errors + *out = make([]ErrorsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Fleet != nil { + in, out := &in.Fleet, &out.Fleet + *out = make([]FleetObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.KubernetesVersion != nil { + in, out := &in.KubernetesVersion, &out.KubernetesVersion + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.LoggingConfig != nil { + in, out := &in.LoggingConfig, &out.LoggingConfig + *out = make([]LoggingConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MonitoringConfig != nil { + in, out := &in.MonitoringConfig, &out.MonitoringConfig + *out = make([]MonitoringConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OidcConfig != nil { + in, out := &in.OidcConfig, &out.OidcConfig + *out = make([]OidcConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PlatformVersion != nil { + in, out := &in.PlatformVersion, &out.PlatformVersion + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ProxyConfig != nil { + in, out := &in.ProxyConfig, &out.ProxyConfig + *out = make([]ProxyConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Reconciling != nil { + in, out := &in.Reconciling, &out.Reconciling + *out = new(bool) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + if in.UID != nil { + in, out := &in.UID, &out.UID + *out = new(string) + **out = **in + } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } + if in.WorkloadIdentityConfig != nil { + in, out := &in.WorkloadIdentityConfig, &out.WorkloadIdentityConfig + *out = make([]WorkloadIdentityConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterObservation. +func (in *ClusterObservation) DeepCopy() *ClusterObservation { + if in == nil { + return nil + } + out := new(ClusterObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Authorization != nil { + in, out := &in.Authorization, &out.Authorization + *out = make([]AuthorizationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.BinaryAuthorization != nil { + in, out := &in.BinaryAuthorization, &out.BinaryAuthorization + *out = make([]BinaryAuthorizationParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DeletionPolicy != nil { + in, out := &in.DeletionPolicy, &out.DeletionPolicy + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Distribution != nil { + in, out := &in.Distribution, &out.Distribution + *out = new(string) + **out = **in + } + if in.Fleet != nil { + in, out := &in.Fleet, &out.Fleet + *out = make([]FleetParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.LoggingConfig != nil { + in, out := &in.LoggingConfig, &out.LoggingConfig + *out = make([]LoggingConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MonitoringConfig != nil { + in, out := &in.MonitoringConfig, &out.MonitoringConfig + *out = make([]MonitoringConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OidcConfig != nil { + in, out := &in.OidcConfig, &out.OidcConfig + *out = make([]OidcConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PlatformVersion != nil { + in, out := &in.PlatformVersion, &out.PlatformVersion + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ProxyConfig != nil { + in, out := &in.ProxyConfig, &out.ProxyConfig + *out = make([]ProxyConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters. +func (in *ClusterParameters) DeepCopy() *ClusterParameters { + if in == nil { + return nil + } + out := new(ClusterParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSpec. +func (in *ClusterSpec) DeepCopy() *ClusterSpec { + if in == nil { + return nil + } + out := new(ClusterSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterStatus) DeepCopyInto(out *ClusterStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStatus. +func (in *ClusterStatus) DeepCopy() *ClusterStatus { + if in == nil { + return nil + } + out := new(ClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentConfigInitParameters) DeepCopyInto(out *ComponentConfigInitParameters) { + *out = *in + if in.EnableComponents != nil { + in, out := &in.EnableComponents, &out.EnableComponents + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentConfigInitParameters. +func (in *ComponentConfigInitParameters) DeepCopy() *ComponentConfigInitParameters { + if in == nil { + return nil + } + out := new(ComponentConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentConfigObservation) DeepCopyInto(out *ComponentConfigObservation) { + *out = *in + if in.EnableComponents != nil { + in, out := &in.EnableComponents, &out.EnableComponents + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentConfigObservation. +func (in *ComponentConfigObservation) DeepCopy() *ComponentConfigObservation { + if in == nil { + return nil + } + out := new(ComponentConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentConfigParameters) DeepCopyInto(out *ComponentConfigParameters) { + *out = *in + if in.EnableComponents != nil { + in, out := &in.EnableComponents, &out.EnableComponents + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentConfigParameters. +func (in *ComponentConfigParameters) DeepCopy() *ComponentConfigParameters { + if in == nil { + return nil + } + out := new(ComponentConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ErrorsInitParameters) DeepCopyInto(out *ErrorsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ErrorsInitParameters. +func (in *ErrorsInitParameters) DeepCopy() *ErrorsInitParameters { + if in == nil { + return nil + } + out := new(ErrorsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ErrorsObservation) DeepCopyInto(out *ErrorsObservation) { + *out = *in + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ErrorsObservation. +func (in *ErrorsObservation) DeepCopy() *ErrorsObservation { + if in == nil { + return nil + } + out := new(ErrorsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ErrorsParameters) DeepCopyInto(out *ErrorsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ErrorsParameters. +func (in *ErrorsParameters) DeepCopy() *ErrorsParameters { + if in == nil { + return nil + } + out := new(ErrorsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetInitParameters) DeepCopyInto(out *FleetInitParameters) { + *out = *in + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetInitParameters. +func (in *FleetInitParameters) DeepCopy() *FleetInitParameters { + if in == nil { + return nil + } + out := new(FleetInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetObservation) DeepCopyInto(out *FleetObservation) { + *out = *in + if in.Membership != nil { + in, out := &in.Membership, &out.Membership + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetObservation. +func (in *FleetObservation) DeepCopy() *FleetObservation { + if in == nil { + return nil + } + out := new(FleetObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FleetParameters) DeepCopyInto(out *FleetParameters) { + *out = *in + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FleetParameters. +func (in *FleetParameters) DeepCopy() *FleetParameters { + if in == nil { + return nil + } + out := new(FleetParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesSecretInitParameters) DeepCopyInto(out *KubernetesSecretInitParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretInitParameters. +func (in *KubernetesSecretInitParameters) DeepCopy() *KubernetesSecretInitParameters { + if in == nil { + return nil + } + out := new(KubernetesSecretInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesSecretObservation) DeepCopyInto(out *KubernetesSecretObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretObservation. +func (in *KubernetesSecretObservation) DeepCopy() *KubernetesSecretObservation { + if in == nil { + return nil + } + out := new(KubernetesSecretObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesSecretParameters) DeepCopyInto(out *KubernetesSecretParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretParameters. +func (in *KubernetesSecretParameters) DeepCopy() *KubernetesSecretParameters { + if in == nil { + return nil + } + out := new(KubernetesSecretParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingConfigInitParameters) DeepCopyInto(out *LoggingConfigInitParameters) { + *out = *in + if in.ComponentConfig != nil { + in, out := &in.ComponentConfig, &out.ComponentConfig + *out = make([]ComponentConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfigInitParameters. +func (in *LoggingConfigInitParameters) DeepCopy() *LoggingConfigInitParameters { + if in == nil { + return nil + } + out := new(LoggingConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingConfigObservation) DeepCopyInto(out *LoggingConfigObservation) { + *out = *in + if in.ComponentConfig != nil { + in, out := &in.ComponentConfig, &out.ComponentConfig + *out = make([]ComponentConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfigObservation. +func (in *LoggingConfigObservation) DeepCopy() *LoggingConfigObservation { + if in == nil { + return nil + } + out := new(LoggingConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingConfigParameters) DeepCopyInto(out *LoggingConfigParameters) { + *out = *in + if in.ComponentConfig != nil { + in, out := &in.ComponentConfig, &out.ComponentConfig + *out = make([]ComponentConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfigParameters. +func (in *LoggingConfigParameters) DeepCopy() *LoggingConfigParameters { + if in == nil { + return nil + } + out := new(LoggingConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPrometheusConfigInitParameters) DeepCopyInto(out *ManagedPrometheusConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPrometheusConfigInitParameters. +func (in *ManagedPrometheusConfigInitParameters) DeepCopy() *ManagedPrometheusConfigInitParameters { + if in == nil { + return nil + } + out := new(ManagedPrometheusConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPrometheusConfigObservation) DeepCopyInto(out *ManagedPrometheusConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPrometheusConfigObservation. +func (in *ManagedPrometheusConfigObservation) DeepCopy() *ManagedPrometheusConfigObservation { + if in == nil { + return nil + } + out := new(ManagedPrometheusConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPrometheusConfigParameters) DeepCopyInto(out *ManagedPrometheusConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPrometheusConfigParameters. +func (in *ManagedPrometheusConfigParameters) DeepCopy() *ManagedPrometheusConfigParameters { + if in == nil { + return nil + } + out := new(ManagedPrometheusConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MonitoringConfigInitParameters) DeepCopyInto(out *MonitoringConfigInitParameters) { + *out = *in + if in.ManagedPrometheusConfig != nil { + in, out := &in.ManagedPrometheusConfig, &out.ManagedPrometheusConfig + *out = make([]ManagedPrometheusConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringConfigInitParameters. +func (in *MonitoringConfigInitParameters) DeepCopy() *MonitoringConfigInitParameters { + if in == nil { + return nil + } + out := new(MonitoringConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MonitoringConfigObservation) DeepCopyInto(out *MonitoringConfigObservation) { + *out = *in + if in.ManagedPrometheusConfig != nil { + in, out := &in.ManagedPrometheusConfig, &out.ManagedPrometheusConfig + *out = make([]ManagedPrometheusConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringConfigObservation. +func (in *MonitoringConfigObservation) DeepCopy() *MonitoringConfigObservation { + if in == nil { + return nil + } + out := new(MonitoringConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MonitoringConfigParameters) DeepCopyInto(out *MonitoringConfigParameters) { + *out = *in + if in.ManagedPrometheusConfig != nil { + in, out := &in.ManagedPrometheusConfig, &out.ManagedPrometheusConfig + *out = make([]ManagedPrometheusConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringConfigParameters. +func (in *MonitoringConfigParameters) DeepCopy() *MonitoringConfigParameters { + if in == nil { + return nil + } + out := new(MonitoringConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OidcConfigInitParameters) DeepCopyInto(out *OidcConfigInitParameters) { + *out = *in + if in.IssuerURL != nil { + in, out := &in.IssuerURL, &out.IssuerURL + *out = new(string) + **out = **in + } + if in.Jwks != nil { + in, out := &in.Jwks, &out.Jwks + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcConfigInitParameters. +func (in *OidcConfigInitParameters) DeepCopy() *OidcConfigInitParameters { + if in == nil { + return nil + } + out := new(OidcConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OidcConfigObservation) DeepCopyInto(out *OidcConfigObservation) { + *out = *in + if in.IssuerURL != nil { + in, out := &in.IssuerURL, &out.IssuerURL + *out = new(string) + **out = **in + } + if in.Jwks != nil { + in, out := &in.Jwks, &out.Jwks + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcConfigObservation. +func (in *OidcConfigObservation) DeepCopy() *OidcConfigObservation { + if in == nil { + return nil + } + out := new(OidcConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OidcConfigParameters) DeepCopyInto(out *OidcConfigParameters) { + *out = *in + if in.IssuerURL != nil { + in, out := &in.IssuerURL, &out.IssuerURL + *out = new(string) + **out = **in + } + if in.Jwks != nil { + in, out := &in.Jwks, &out.Jwks + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcConfigParameters. +func (in *OidcConfigParameters) DeepCopy() *OidcConfigParameters { + if in == nil { + return nil + } + out := new(OidcConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyConfigInitParameters) DeepCopyInto(out *ProxyConfigInitParameters) { + *out = *in + if in.KubernetesSecret != nil { + in, out := &in.KubernetesSecret, &out.KubernetesSecret + *out = make([]KubernetesSecretInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfigInitParameters. +func (in *ProxyConfigInitParameters) DeepCopy() *ProxyConfigInitParameters { + if in == nil { + return nil + } + out := new(ProxyConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyConfigObservation) DeepCopyInto(out *ProxyConfigObservation) { + *out = *in + if in.KubernetesSecret != nil { + in, out := &in.KubernetesSecret, &out.KubernetesSecret + *out = make([]KubernetesSecretObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfigObservation. +func (in *ProxyConfigObservation) DeepCopy() *ProxyConfigObservation { + if in == nil { + return nil + } + out := new(ProxyConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyConfigParameters) DeepCopyInto(out *ProxyConfigParameters) { + *out = *in + if in.KubernetesSecret != nil { + in, out := &in.KubernetesSecret, &out.KubernetesSecret + *out = make([]KubernetesSecretParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfigParameters. +func (in *ProxyConfigParameters) DeepCopy() *ProxyConfigParameters { + if in == nil { + return nil + } + out := new(ProxyConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkloadIdentityConfigInitParameters) DeepCopyInto(out *WorkloadIdentityConfigInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityConfigInitParameters. +func (in *WorkloadIdentityConfigInitParameters) DeepCopy() *WorkloadIdentityConfigInitParameters { + if in == nil { + return nil + } + out := new(WorkloadIdentityConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkloadIdentityConfigObservation) DeepCopyInto(out *WorkloadIdentityConfigObservation) { + *out = *in + if in.IdentityProvider != nil { + in, out := &in.IdentityProvider, &out.IdentityProvider + *out = new(string) + **out = **in + } + if in.IssuerURI != nil { + in, out := &in.IssuerURI, &out.IssuerURI + *out = new(string) + **out = **in + } + if in.WorkloadPool != nil { + in, out := &in.WorkloadPool, &out.WorkloadPool + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityConfigObservation. +func (in *WorkloadIdentityConfigObservation) DeepCopy() *WorkloadIdentityConfigObservation { + if in == nil { + return nil + } + out := new(WorkloadIdentityConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkloadIdentityConfigParameters) DeepCopyInto(out *WorkloadIdentityConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityConfigParameters. +func (in *WorkloadIdentityConfigParameters) DeepCopy() *WorkloadIdentityConfigParameters { + if in == nil { + return nil + } + out := new(WorkloadIdentityConfigParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/containerattached/v1beta1/zz_generated.managed.go b/apis/containerattached/v1beta1/zz_generated.managed.go new file mode 100644 index 000000000..534dc9f73 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_generated.managed.go @@ -0,0 +1,68 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Cluster. +func (mg *Cluster) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Cluster. +func (mg *Cluster) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Cluster. +func (mg *Cluster) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Cluster. +func (mg *Cluster) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Cluster. +func (mg *Cluster) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Cluster. +func (mg *Cluster) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Cluster. +func (mg *Cluster) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Cluster. +func (mg *Cluster) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Cluster. +func (mg *Cluster) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Cluster. +func (mg *Cluster) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Cluster. +func (mg *Cluster) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Cluster. +func (mg *Cluster) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/containerattached/v1beta1/zz_generated.managedlist.go b/apis/containerattached/v1beta1/zz_generated.managedlist.go new file mode 100644 index 000000000..1442b1136 --- /dev/null +++ b/apis/containerattached/v1beta1/zz_generated.managedlist.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this ClusterList. +func (l *ClusterList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/containerattached/v1beta1/zz_groupversion_info.go b/apis/containerattached/v1beta1/zz_groupversion_info.go new file mode 100755 index 000000000..eb3167e5e --- /dev/null +++ b/apis/containerattached/v1beta1/zz_groupversion_info.go @@ -0,0 +1,32 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=containerattached.gcp.upbound.io +// +versionName=v1beta1 +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "containerattached.gcp.upbound.io" + CRDVersion = "v1beta1" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/zz_register.go b/apis/zz_register.go index 82b12d444..8ac6f7b41 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -33,6 +33,7 @@ import ( v1beta1compute "github.com/upbound/provider-gcp/apis/compute/v1beta1" v1beta1container "github.com/upbound/provider-gcp/apis/container/v1beta1" v1beta1containeranalysis "github.com/upbound/provider-gcp/apis/containeranalysis/v1beta1" + v1beta1containerattached "github.com/upbound/provider-gcp/apis/containerattached/v1beta1" v1beta1containeraws "github.com/upbound/provider-gcp/apis/containeraws/v1beta1" v1beta1containerazure "github.com/upbound/provider-gcp/apis/containerazure/v1beta1" v1beta1datacatalog "github.com/upbound/provider-gcp/apis/datacatalog/v1beta1" @@ -110,6 +111,7 @@ func init() { v1beta1compute.SchemeBuilder.AddToScheme, v1beta1container.SchemeBuilder.AddToScheme, v1beta1containeranalysis.SchemeBuilder.AddToScheme, + v1beta1containerattached.SchemeBuilder.AddToScheme, v1beta1containeraws.SchemeBuilder.AddToScheme, v1beta1containerazure.SchemeBuilder.AddToScheme, v1beta1datacatalog.SchemeBuilder.AddToScheme, diff --git a/cmd/provider/containerattached/zz_main.go b/cmd/provider/containerattached/zz_main.go new file mode 100644 index 000000000..6932a0891 --- /dev/null +++ b/cmd/provider/containerattached/zz_main.go @@ -0,0 +1,204 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "context" + "fmt" + "io" + "log" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + "github.com/upbound/provider-gcp/apis" + "github.com/upbound/provider-gcp/apis/v1alpha1" + "github.com/upbound/provider-gcp/config" + resolverapis "github.com/upbound/provider-gcp/internal/apis" + "github.com/upbound/provider-gcp/internal/clients" + "github.com/upbound/provider-gcp/internal/controller" + "github.com/upbound/provider-gcp/internal/features" +) + +const ( + webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" + tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" + certsDirEnvVar = "CERTS_DIR" + tlsServerCertDir = "/tls/server" +) + +func deprecationAction(flagName string) kingpin.Action { + return func(c *kingpin.ParseContext) error { + _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) + kingpin.FatalIfError(err, "Failed to print the deprecation notice.") + return nil + } +} + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for GCP").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + + certsDirSet = false + // we record whether the command-line option "--certs-dir" was supplied + // in the registered PreAction for the flag. + certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { + certsDirSet = true + return nil + }).String() + + // now deprecated command-line arguments with the Terraform SDK-based upjet architecture + _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() + _ = app.Flag("terraform-version", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform version.").Envar("TERRAFORM_VERSION").Hidden().Action(deprecationAction("terraform-version")).String() + _ = app.Flag("terraform-provider-version", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform provider version.").Envar("TERRAFORM_PROVIDER_VERSION").Hidden().Action(deprecationAction("terraform-provider-version")).String() + _ = app.Flag("terraform-native-provider-path", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform native provider path for shared execution.").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").Hidden().Action(deprecationAction("terraform-native-provider-path")).String() + _ = app.Flag("terraform-provider-source", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform provider source.").Envar("TERRAFORM_PROVIDER_SOURCE").Hidden().Action(deprecationAction("terraform-provider-source")).String() + ) + + kingpin.MustParse(app.Parse(os.Args[1:])) + log.Default().SetOutput(io.Discard) + ctrl.SetLogger(zap.New(zap.WriteTo(io.Discard))) + + zl := zap.New(zap.UseDevMode(*debug)) + logr := logging.NewLogrLogger(zl.WithName("provider-gcp")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + // currently, we configure the jitter to be the 5% of the poll interval + pollJitter := time.Duration(float64(*pollInterval) * 0.05) + logr.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "poll-jitter", pollJitter, "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + // Get the TLS certs directory from the environment variables set by + // Crossplane if they're available. + // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions + // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied + // via the command-line options, then these environment variables are used + // instead. + if !certsDirSet { + // backwards-compatibility concerns + xpCertsDir := os.Getenv(certsDirEnvVar) + if xpCertsDir == "" { + xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) + } + if xpCertsDir == "" { + xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) + } + // we probably don't need this condition but just to be on the + // safe side, if we are missing any kingpin machinery details... + if xpCertsDir != "" { + *certsDir = xpCertsDir + } + } + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-gcp-containerattached", + Cache: cache.Options{ + SyncPeriod: syncInterval, + }, + WebhookServer: webhook.NewServer( + webhook.Options{ + CertDir: *certsDir, + }), + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add GCP APIs to scheme") + kingpin.FatalIfError(resolverapis.BuildScheme(apis.AddToSchemes), "Cannot register the GCP APIs with the API resolver's runtime scheme") + + ctx := context.Background() + provider, err := config.GetProvider(ctx, false) + kingpin.FatalIfError(err, "Cannot initialize the provider configuration") + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: logr, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: provider, + SetupFn: clients.TerraformSetupBuilder(provider.TerraformProvider), + PollJitter: pollJitter, + OperationTrackerStore: tjcontroller.NewOperationStore(logr), + StartWebhooks: *certsDir != "", + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableBetaManagementPolicies) + logr.Info("Beta feature enabled", "flag", features.EnableBetaManagementPolicies) + } + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + logr.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + logr.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(ctx, &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + kingpin.FatalIfError(controller.Setup_containerattached(mgr, o), "Cannot setup GCP controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/config/containerattached/config.go b/config/containerattached/config.go new file mode 100644 index 000000000..8135a6dab --- /dev/null +++ b/config/containerattached/config.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: CC0-1.0 + +package containerattached + +import ( + "github.com/crossplane/upjet/pkg/config" +) + +// Configure configures individual resources by adding custom +// ResourceConfigurators. +func Configure(p *config.Provider) { //nolint:gocyclo + p.AddResourceConfigurator("google_container_attached_cluster", func(r *config.Resource) { + r.Kind = "Cluster" + }) +} diff --git a/config/externalname.go b/config/externalname.go index 4e20c1aa1..13523e118 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -330,6 +330,11 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // Imported by using the following format: projects/{{project}}/occurrences/{{name}} // "google_container_analysis_occurrence": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/occurrences/{{ .external_name }}"), + // containerattached + // + // Imported by using the following projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} + "google_container_attached_cluster": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/attachedClusters/{{ .external_name }}"), + // containeraws // // Imported by using the following format: projects/my-gcp-project/locations/us-east1-a/clusters/my-cluster diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index c44b57369..60dc8e8b2 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -310,11 +310,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ // Imported by using the following projects/{{project}}/global/sslPolicies/{{name}} "google_compute_ssl_policy": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/global/sslPolicies/{{ .external_name }}"), - // containerattached - // - // Imported by using the following projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} - "google_container_attached_cluster": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/attachedClusters/{{ .external_name }}"), - // datafusion // // Imported by using the following projects/{{project}}/locations/{{location}}/instances/{{instance}} roles/viewer user:jane@example.com diff --git a/config/generated.lst b/config/generated.lst index 333af3250..cfd25481b 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_envgroup","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file +["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_envgroup","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file diff --git a/config/overrides.go b/config/overrides.go index a14baa1f5..57f3e3602 100644 --- a/config/overrides.go +++ b/config/overrides.go @@ -74,6 +74,7 @@ var groupMap = map[string]GroupKindCalculator{ "google_assured_workloads.+": ReplaceGroupWords("", 2), "google_binary_authorization.+": ReplaceGroupWords("", 2), "google_container_analysis.+": ReplaceGroupWords("", 2), + "google_container_attached.+": ReplaceGroupWords("", 2), "google_container_aws.+": ReplaceGroupWords("", 2), "google_container_azure.+": ReplaceGroupWords("", 2), "google_deployment_manager.+": ReplaceGroupWords("", 2), diff --git a/config/provider.go b/config/provider.go index d1d494776..50d7052ae 100644 --- a/config/provider.go +++ b/config/provider.go @@ -31,6 +31,7 @@ import ( "github.com/upbound/provider-gcp/config/cloudtasks" "github.com/upbound/provider-gcp/config/compute" "github.com/upbound/provider-gcp/config/container" + "github.com/upbound/provider-gcp/config/containerattached" "github.com/upbound/provider-gcp/config/containeraws" "github.com/upbound/provider-gcp/config/containerazure" "github.com/upbound/provider-gcp/config/dataflow" @@ -196,6 +197,7 @@ func GetProvider(_ context.Context, generationProvider bool) (*tjconfig.Provider cloudrun.Configure, cloudscheduler.Configure, cloudtasks.Configure, + containerattached.Configure, containeraws.Configure, containerazure.Configure, compute.Configure, diff --git a/examples-generated/containerattached/v1beta1/cluster.yaml b/examples-generated/containerattached/v1beta1/cluster.yaml new file mode 100644 index 000000000..3aaccf987 --- /dev/null +++ b/examples-generated/containerattached/v1beta1/cluster.yaml @@ -0,0 +1,19 @@ +apiVersion: containerattached.gcp.upbound.io/v1beta1 +kind: Cluster +metadata: + annotations: + meta.upbound.io/example-id: containerattached/v1beta1/cluster + labels: + testing.upbound.io/example-name: primary + name: primary +spec: + forProvider: + description: Test cluster + distribution: aks + fleet: + - project: projects/${data.google_project.project.number} + location: us-west1 + oidcConfig: + - issuerUrl: https://oidc.issuer.url + platformVersion: ${data.google_container_attached_versions.versions.valid_versions[0]} + project: ${data.google_project.project.project_id} diff --git a/examples/containerattached/v1beta1/cluster.yaml b/examples/containerattached/v1beta1/cluster.yaml new file mode 100644 index 000000000..d74871c72 --- /dev/null +++ b/examples/containerattached/v1beta1/cluster.yaml @@ -0,0 +1,23 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: containerattached.gcp.upbound.io/v1beta1 +kind: Cluster +metadata: + annotations: + meta.upbound.io/example-id: containerattached/v1beta1/cluster + labels: + testing.upbound.io/example-name: primary + name: primary +spec: + forProvider: + description: Test cluster + distribution: aks + fleet: + - project: projects/${data.google_project.project.number} + location: us-west1 + oidcConfig: + - issuerUrl: https://oidc.issuer.url + platformVersion: ${data.google_container_attached_versions.versions.valid_versions[0]} + project: ${data.google_project.project.project_id} \ No newline at end of file diff --git a/internal/controller/containerattached/cluster/zz_controller.go b/internal/controller/containerattached/cluster/zz_controller.go new file mode 100755 index 000000000..ce27b9d27 --- /dev/null +++ b/internal/controller/containerattached/cluster/zz_controller.go @@ -0,0 +1,79 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package cluster + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-gcp/apis/containerattached/v1beta1" + features "github.com/upbound/provider-gcp/internal/features" +) + +// Setup adds a controller that reconciles Cluster managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.Cluster_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Cluster_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Cluster_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_container_attached_cluster"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Cluster_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + + // register webhooks for the kind v1beta1.Cluster + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.Cluster{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Cluster") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Cluster_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.Cluster{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_containerattached_setup.go b/internal/controller/zz_containerattached_setup.go new file mode 100755 index 000000000..27fe1d848 --- /dev/null +++ b/internal/controller/zz_containerattached_setup.go @@ -0,0 +1,26 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/crossplane/upjet/pkg/controller" + + cluster "github.com/upbound/provider-gcp/internal/controller/containerattached/cluster" +) + +// Setup_containerattached creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_containerattached(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + cluster.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index b05ae1eea..7ad441962 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -196,6 +196,7 @@ import ( nodepool "github.com/upbound/provider-gcp/internal/controller/container/nodepool" registry "github.com/upbound/provider-gcp/internal/controller/container/registry" note "github.com/upbound/provider-gcp/internal/controller/containeranalysis/note" + clustercontainerattached "github.com/upbound/provider-gcp/internal/controller/containerattached/cluster" clustercontaineraws "github.com/upbound/provider-gcp/internal/controller/containeraws/cluster" nodepoolcontaineraws "github.com/upbound/provider-gcp/internal/controller/containeraws/nodepool" client "github.com/upbound/provider-gcp/internal/controller/containerazure/client" @@ -546,6 +547,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { nodepool.Setup, registry.Setup, note.Setup, + clustercontainerattached.Setup, clustercontaineraws.Setup, nodepoolcontaineraws.Setup, client.Setup, diff --git a/package/crds/containerattached.gcp.upbound.io_clusters.yaml b/package/crds/containerattached.gcp.upbound.io_clusters.yaml new file mode 100644 index 000000000..40083ca0a --- /dev/null +++ b/package/crds/containerattached.gcp.upbound.io_clusters.yaml @@ -0,0 +1,934 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: clusters.containerattached.gcp.upbound.io +spec: + group: containerattached.gcp.upbound.io + names: + categories: + - crossplane + - managed + - gcp + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the Clusters API. An Anthos cluster + running on customer owned infrastructure. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Annotations on the cluster. This field has the same + restrictions as Kubernetes annotations. The total size of all keys and + values combined is limited to 256k. Key can have 2 segments: prefix + and name , separated by a slash (/). Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: object + x-kubernetes-map-type: granular + authorization: + description: |- + Configuration related to the cluster RBAC settings. + Structure is documented below. + items: + properties: + adminGroups: + description: |- + Groups that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the groups. Up to ten admin groups can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + adminUsers: + description: |- + Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the users. Up to ten admin users can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + type: object + type: array + binaryAuthorization: + description: |- + Binary Authorization configuration. + Structure is documented below. + items: + properties: + evaluationMode: + description: |- + Configure Binary Authorization evaluation mode. + Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. + type: string + type: object + type: array + deletionPolicy: + description: Policy to determine what flags to send on delete. + type: string + description: + description: |- + A human readable description of this attached cluster. Cannot be longer + than 255 UTF-8 encoded bytes. + type: string + distribution: + description: |- + The Kubernetes distribution of the underlying attached cluster. Supported values: + "eks", "aks". + type: string + fleet: + description: |- + Fleet configuration. + Structure is documented below. + items: + properties: + project: + description: The number of the Fleet host project where + this cluster will be registered. + type: string + type: object + type: array + location: + description: The location for the resource + type: string + loggingConfig: + description: |- + Logging configuration. + Structure is documented below. + items: + properties: + componentConfig: + description: |- + The configuration of the logging components + Structure is documented below. + items: + properties: + enableComponents: + description: |- + The components to be enabled. + Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS. + items: + type: string + type: array + type: object + type: array + type: object + type: array + monitoringConfig: + description: |- + Monitoring configuration. + Structure is documented below. + items: + properties: + managedPrometheusConfig: + description: |- + Enable Google Cloud Managed Service for Prometheus in the cluster. + Structure is documented below. + items: + properties: + enabled: + description: Enable Managed Collection. + type: boolean + type: object + type: array + type: object + type: array + oidcConfig: + description: |- + OIDC discovery information of the target cluster. + Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + API server. This fields indicates how GCP services + validate KSA tokens in order to allow system workloads (such as GKE Connect + and telemetry agents) to authenticate back to GCP. + Both clusters with public and private issuer URLs are supported. + Clusters with public issuers only need to specify the issuer_url field + while clusters with private issuers need to provide both + issuer_url and jwks. + Structure is documented below. + items: + properties: + issuerUrl: + description: A JSON Web Token (JWT) issuer URI. issuer must + start with https:// + type: string + jwks: + description: OIDC verification keys in JWKS format (RFC + 7517). + type: string + type: object + type: array + platformVersion: + description: The platform version for the cluster (e.g. 1.23.0-gke.1). + type: string + project: + description: The number of the Fleet host project where this cluster + will be registered. + type: string + proxyConfig: + description: |- + Support for proxy configuration. + Structure is documented below. + items: + properties: + kubernetesSecret: + description: |- + The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + Structure is documented below. + items: + properties: + name: + description: Name of the kubernetes secret containing + the proxy config. + type: string + namespace: + description: Namespace of the kubernetes secret containing + the proxy config. + type: string + type: object + type: array + type: object + type: array + required: + - location + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Annotations on the cluster. This field has the same + restrictions as Kubernetes annotations. The total size of all keys and + values combined is limited to 256k. Key can have 2 segments: prefix + and name , separated by a slash (/). Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: object + x-kubernetes-map-type: granular + authorization: + description: |- + Configuration related to the cluster RBAC settings. + Structure is documented below. + items: + properties: + adminGroups: + description: |- + Groups that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the groups. Up to ten admin groups can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + adminUsers: + description: |- + Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the users. Up to ten admin users can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + type: object + type: array + binaryAuthorization: + description: |- + Binary Authorization configuration. + Structure is documented below. + items: + properties: + evaluationMode: + description: |- + Configure Binary Authorization evaluation mode. + Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. + type: string + type: object + type: array + deletionPolicy: + description: Policy to determine what flags to send on delete. + type: string + description: + description: |- + A human readable description of this attached cluster. Cannot be longer + than 255 UTF-8 encoded bytes. + type: string + distribution: + description: |- + The Kubernetes distribution of the underlying attached cluster. Supported values: + "eks", "aks". + type: string + fleet: + description: |- + Fleet configuration. + Structure is documented below. + items: + properties: + project: + description: The number of the Fleet host project where + this cluster will be registered. + type: string + type: object + type: array + loggingConfig: + description: |- + Logging configuration. + Structure is documented below. + items: + properties: + componentConfig: + description: |- + The configuration of the logging components + Structure is documented below. + items: + properties: + enableComponents: + description: |- + The components to be enabled. + Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS. + items: + type: string + type: array + type: object + type: array + type: object + type: array + monitoringConfig: + description: |- + Monitoring configuration. + Structure is documented below. + items: + properties: + managedPrometheusConfig: + description: |- + Enable Google Cloud Managed Service for Prometheus in the cluster. + Structure is documented below. + items: + properties: + enabled: + description: Enable Managed Collection. + type: boolean + type: object + type: array + type: object + type: array + oidcConfig: + description: |- + OIDC discovery information of the target cluster. + Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + API server. This fields indicates how GCP services + validate KSA tokens in order to allow system workloads (such as GKE Connect + and telemetry agents) to authenticate back to GCP. + Both clusters with public and private issuer URLs are supported. + Clusters with public issuers only need to specify the issuer_url field + while clusters with private issuers need to provide both + issuer_url and jwks. + Structure is documented below. + items: + properties: + issuerUrl: + description: A JSON Web Token (JWT) issuer URI. issuer must + start with https:// + type: string + jwks: + description: OIDC verification keys in JWKS format (RFC + 7517). + type: string + type: object + type: array + platformVersion: + description: The platform version for the cluster (e.g. 1.23.0-gke.1). + type: string + project: + description: The number of the Fleet host project where this cluster + will be registered. + type: string + proxyConfig: + description: |- + Support for proxy configuration. + Structure is documented below. + items: + properties: + kubernetesSecret: + description: |- + The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + Structure is documented below. + items: + properties: + name: + description: Name of the kubernetes secret containing + the proxy config. + type: string + namespace: + description: Namespace of the kubernetes secret containing + the proxy config. + type: string + type: object + type: array + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.distribution is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.distribution) + || (has(self.initProvider) && has(self.initProvider.distribution))' + - message: spec.forProvider.fleet is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.fleet) + || (has(self.initProvider) && has(self.initProvider.fleet))' + - message: spec.forProvider.oidcConfig is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.oidcConfig) + || (has(self.initProvider) && has(self.initProvider.oidcConfig))' + - message: spec.forProvider.platformVersion is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.platformVersion) + || (has(self.initProvider) && has(self.initProvider.platformVersion))' + status: + description: ClusterStatus defines the observed state of Cluster. + properties: + atProvider: + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Annotations on the cluster. This field has the same + restrictions as Kubernetes annotations. The total size of all keys and + values combined is limited to 256k. Key can have 2 segments: prefix + and name , separated by a slash (/). Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: object + x-kubernetes-map-type: granular + authorization: + description: |- + Configuration related to the cluster RBAC settings. + Structure is documented below. + items: + properties: + adminGroups: + description: |- + Groups that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the groups. Up to ten admin groups can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + adminUsers: + description: |- + Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the cluster-admin ClusterRole + to the users. Up to ten admin users can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + type: object + type: array + binaryAuthorization: + description: |- + Binary Authorization configuration. + Structure is documented below. + items: + properties: + evaluationMode: + description: |- + Configure Binary Authorization evaluation mode. + Possible values are: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE. + type: string + type: object + type: array + clusterRegion: + description: |- + Output only. The region where this cluster runs. + For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region. + type: string + createTime: + description: Output only. The time at which this cluster was created. + type: string + deletionPolicy: + description: Policy to determine what flags to send on delete. + type: string + description: + description: |- + A human readable description of this attached cluster. Cannot be longer + than 255 UTF-8 encoded bytes. + type: string + distribution: + description: |- + The Kubernetes distribution of the underlying attached cluster. Supported values: + "eks", "aks". + type: string + effectiveAnnotations: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + errors: + description: |- + A set of errors found in the cluster. + Structure is documented below. + items: + properties: + message: + description: Human-friendly description of the error. + type: string + type: object + type: array + fleet: + description: |- + Fleet configuration. + Structure is documented below. + items: + properties: + membership: + description: |- + (Output) + The name of the managed Hub Membership resource associated to this + cluster. Membership names are formatted as + projects//locations/global/membership/. + type: string + project: + description: The number of the Fleet host project where + this cluster will be registered. + type: string + type: object + type: array + id: + description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} + type: string + kubernetesVersion: + description: The Kubernetes version of the cluster. + type: string + location: + description: The location for the resource + type: string + loggingConfig: + description: |- + Logging configuration. + Structure is documented below. + items: + properties: + componentConfig: + description: |- + The configuration of the logging components + Structure is documented below. + items: + properties: + enableComponents: + description: |- + The components to be enabled. + Each value may be one of: SYSTEM_COMPONENTS, WORKLOADS. + items: + type: string + type: array + type: object + type: array + type: object + type: array + monitoringConfig: + description: |- + Monitoring configuration. + Structure is documented below. + items: + properties: + managedPrometheusConfig: + description: |- + Enable Google Cloud Managed Service for Prometheus in the cluster. + Structure is documented below. + items: + properties: + enabled: + description: Enable Managed Collection. + type: boolean + type: object + type: array + type: object + type: array + oidcConfig: + description: |- + OIDC discovery information of the target cluster. + Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + API server. This fields indicates how GCP services + validate KSA tokens in order to allow system workloads (such as GKE Connect + and telemetry agents) to authenticate back to GCP. + Both clusters with public and private issuer URLs are supported. + Clusters with public issuers only need to specify the issuer_url field + while clusters with private issuers need to provide both + issuer_url and jwks. + Structure is documented below. + items: + properties: + issuerUrl: + description: A JSON Web Token (JWT) issuer URI. issuer must + start with https:// + type: string + jwks: + description: OIDC verification keys in JWKS format (RFC + 7517). + type: string + type: object + type: array + platformVersion: + description: The platform version for the cluster (e.g. 1.23.0-gke.1). + type: string + project: + description: The number of the Fleet host project where this cluster + will be registered. + type: string + proxyConfig: + description: |- + Support for proxy configuration. + Structure is documented below. + items: + properties: + kubernetesSecret: + description: |- + The Kubernetes Secret resource that contains the HTTP(S) proxy configuration. + Structure is documented below. + items: + properties: + name: + description: Name of the kubernetes secret containing + the proxy config. + type: string + namespace: + description: Namespace of the kubernetes secret containing + the proxy config. + type: string + type: object + type: array + type: object + type: array + reconciling: + description: If set, there are currently changes in flight to + the cluster. + type: boolean + state: + description: |- + The current state of the cluster. Possible values: + STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, + DEGRADED + type: string + uid: + description: A globally unique identifier for the cluster. + type: string + updateTime: + description: The time at which this cluster was last updated. + type: string + workloadIdentityConfig: + description: |- + Workload Identity settings. + Structure is documented below. + items: + properties: + identityProvider: + description: |- + The ID of the OIDC Identity Provider (IdP) associated to + the Workload Identity Pool. + type: string + issuerUri: + description: The OIDC issuer URL for this cluster. + type: string + workloadPool: + description: The Workload Identity Pool associated to the + cluster. + type: string + type: object + type: array + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} From c477978ced8fa396540fca1c5579aa245e9b1d35 Mon Sep 17 00:00:00 2001 From: Nicholas Thomson Date: Mon, 18 Mar 2024 12:55:00 -0700 Subject: [PATCH 3/3] Attach manual intervention annotation to test example --- examples/containerattached/v1beta1/cluster.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/containerattached/v1beta1/cluster.yaml b/examples/containerattached/v1beta1/cluster.yaml index d74871c72..e94d85223 100644 --- a/examples/containerattached/v1beta1/cluster.yaml +++ b/examples/containerattached/v1beta1/cluster.yaml @@ -7,6 +7,7 @@ kind: Cluster metadata: annotations: meta.upbound.io/example-id: containerattached/v1beta1/cluster + upjet.upbound.io/manual-intervention: "This resource requires a valid issuerUrl value from the AKS or EKS cluster." labels: testing.upbound.io/example-name: primary name: primary