From efad360d1422fefaeb1d3b916e462a305d3fc2a6 Mon Sep 17 00:00:00 2001 From: AWS Controllers for Kubernetes Bot <82905295+ack-bot@users.noreply.github.com> Date: Wed, 14 Feb 2024 08:45:03 -0600 Subject: [PATCH] Update to ACK runtime `v0.30.0`, code-generator `v0.30.0` (#99) ### Update to ACK runtime `v0.30.0`, code-generator `v0.30.0` ---------- * ACK code-generator `v0.30.0` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.30.0) * ACK runtime `v0.30.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.30.0) ---------- NOTE: This PR increments the release version of service controller from `v1.3.3` to `v1.3.4` Once this PR is merged, release `v1.3.4` will be automatically created for `iam-controller` **Please close this PR, if you do not want the new patch release for `iam-controller`** ---------- #### stdout for `make build-controller`: ``` building ack-generate ... ok. ==== building iam-controller ==== Copying common custom resource definitions into iam Building Kubernetes API objects for iam Generating deepcopy code for iam Generating custom resource definitions for iam Building service controller for iam Generating RBAC manifests for iam Running gofmt against generated code for iam Updating additional GitHub repository maintenance files ==== building iam-controller release artifacts ==== Building release artifacts for iam-v1.3.4 Generating common custom resource definitions Generating custom resource definitions for iam Generating RBAC manifests for iam ``` ---------- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- apis/v1alpha1/ack-generate-metadata.yaml | 8 +- apis/v1alpha1/zz_generated.deepcopy.go | 10 +- config/controller/kustomization.yaml | 2 +- .../bases/iam.services.k8s.aws_groups.yaml | 142 +++++---- ...iam.services.k8s.aws_instanceprofiles.yaml | 164 ++++++---- ...rvices.k8s.aws_openidconnectproviders.yaml | 172 ++++++----- .../bases/iam.services.k8s.aws_policies.yaml | 263 +++++++++++------ .../crd/bases/iam.services.k8s.aws_roles.yaml | 279 +++++++++++------- .../crd/bases/iam.services.k8s.aws_users.yaml | 237 +++++++++------ .../services.k8s.aws_adoptedresources.yaml | 206 +++++++------ .../bases/services.k8s.aws_fieldexports.yaml | 54 ++-- config/rbac/cluster-role-controller.yaml | 1 - go.mod | 56 ++-- go.sum | 158 +++++----- helm/Chart.yaml | 4 +- helm/crds/iam.services.k8s.aws_groups.yaml | 142 +++++---- ...iam.services.k8s.aws_instanceprofiles.yaml | 164 ++++++---- ...rvices.k8s.aws_openidconnectproviders.yaml | 172 ++++++----- helm/crds/iam.services.k8s.aws_policies.yaml | 263 +++++++++++------ helm/crds/iam.services.k8s.aws_roles.yaml | 279 +++++++++++------- helm/crds/iam.services.k8s.aws_users.yaml | 237 +++++++++------ .../services.k8s.aws_adoptedresources.yaml | 209 +++++++------ helm/crds/services.k8s.aws_fieldexports.yaml | 54 ++-- helm/templates/NOTES.txt | 2 +- helm/templates/_helpers.tpl | 16 +- helm/templates/cluster-role-binding.yaml | 13 +- helm/templates/cluster-role-controller.yaml | 11 +- helm/templates/deployment.yaml | 22 +- .../leader-election-role-binding.yaml | 2 +- helm/templates/metrics-service.yaml | 10 +- helm/templates/service-account.yaml | 8 +- helm/values.yaml | 2 +- 32 files changed, 1972 insertions(+), 1390 deletions(-) diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 536e33e..39422f0 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,8 +1,8 @@ ack_generate_info: - build_date: "2024-01-29T07:11:35Z" - build_hash: 92f531cde5631865cfc3dfa778cbc9611f3a64c3 - go_version: go1.21.5 - version: v0.29.2 + build_date: "2024-02-14T03:57:20Z" + build_hash: 947081ffebdeefcf2c61c4ca6d7e68810bdf9d08 + go_version: go1.22.0 + version: v0.30.0 api_directory_checksum: b438ffe12bca1f7e1c8ab3b0a379f1ffd302b49f api_version: v1alpha1 aws_sdk_go_version: v1.49.0 diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index f72094e..cc49e68 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // @@ -364,7 +363,8 @@ func (in *GroupSpec) DeepCopyInto(out *GroupSpec) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1645,7 +1645,8 @@ func (in *RoleSpec) DeepCopyInto(out *RoleSpec) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -2267,7 +2268,8 @@ func (in *UserSpec) DeepCopyInto(out *UserSpec) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index dffec81..2754b5b 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/iam-controller - newTag: 1.3.3 + newTag: 1.3.4 diff --git a/config/crd/bases/iam.services.k8s.aws_groups.yaml b/config/crd/bases/iam.services.k8s.aws_groups.yaml index 8b0cb3a..574cbf5 100644 --- a/config/crd/bases/iam.services.k8s.aws_groups.yaml +++ b/config/crd/bases/iam.services.k8s.aws_groups.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: groups.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,45 +20,71 @@ spec: description: Group is the Schema for the Groups API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "GroupSpec defines the desired state of Group. \n Contains - information about an IAM group entity. \n This data type is used as - a response element in the following operations: \n * CreateGroup \n - * GetGroup \n * ListGroups" + description: |- + GroupSpec defines the desired state of Group. + + + Contains information about an IAM group entity. + + + This data type is used as a response element in the following operations: + + + * CreateGroup + + + * GetGroup + + + * ListGroups properties: inlinePolicies: additionalProperties: type: string type: object name: - description: "The name of the group to create. Do not include the - path in this value. \n IAM user, group, role, and policy names must - be unique within the account. Names are not distinguished by case. - For example, you cannot create resources named both \"MyResource\" - and \"myresource\"." + description: |- + The name of the group to create. Do not include the path in this value. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". type: string path: - description: "The path to the group. For more information about paths, - see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path to the group. For more information about paths, see IAM identifiers + (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string policies: items: @@ -68,13 +93,14 @@ spec: policyRefs: items: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: - my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -88,24 +114,26 @@ spec: description: GroupStatus defines the observed state of Group properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -116,14 +144,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -149,13 +179,15 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the group was created. format: date-time type: string groupID: - description: The stable and unique string identifying the group. For - more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the group. For more information + about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string type: object diff --git a/config/crd/bases/iam.services.k8s.aws_instanceprofiles.yaml b/config/crd/bases/iam.services.k8s.aws_instanceprofiles.yaml index 9b58b41..2e221a3 100644 --- a/config/crd/bases/iam.services.k8s.aws_instanceprofiles.yaml +++ b/config/crd/bases/iam.services.k8s.aws_instanceprofiles.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: instanceprofiles.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,69 +20,103 @@ spec: description: InstanceProfile is the Schema for the InstanceProfiles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "InstanceProfileSpec defines the desired state of InstanceProfile. - \n Contains information about an instance profile. \n This data type - is used as a response element in the following operations: \n * CreateInstanceProfile - \n * GetInstanceProfile \n * ListInstanceProfiles \n * ListInstanceProfilesForRole" + description: |- + InstanceProfileSpec defines the desired state of InstanceProfile. + + + Contains information about an instance profile. + + + This data type is used as a response element in the following operations: + + + * CreateInstanceProfile + + + * GetInstanceProfile + + + * ListInstanceProfiles + + + * ListInstanceProfilesForRole properties: name: - description: "The name of the instance profile to create. \n This - parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-" + description: |- + The name of the instance profile to create. + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@- type: string path: - description: "The path to the instance profile. For more information - about paths, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path to the instance profile. For more information about paths, see IAM + Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string role: type: string roleRef: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string type: object type: object tags: - description: "A list of tags that you want to attach to the newly - created IAM instance profile. Each tag consists of a key name and - an associated value. For more information about tagging, see Tagging - IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the newly created IAM instance + profile. Each tag consists of a key name and an associated value. For more + information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -99,24 +132,26 @@ spec: description: InstanceProfileStatus defines the observed state of InstanceProfile properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -127,14 +162,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -164,8 +201,9 @@ spec: format: date-time type: string instanceProfileID: - description: The stable and unique string identifying the instance - profile. For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the instance profile. For more information + about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string type: object diff --git a/config/crd/bases/iam.services.k8s.aws_openidconnectproviders.yaml b/config/crd/bases/iam.services.k8s.aws_openidconnectproviders.yaml index a95fae2..7156f97 100644 --- a/config/crd/bases/iam.services.k8s.aws_openidconnectproviders.yaml +++ b/config/crd/bases/iam.services.k8s.aws_openidconnectproviders.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: openidconnectproviders.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -22,14 +21,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,31 +41,38 @@ spec: description: OpenIDConnectProviderSpec defines the desired state of OpenIDConnectProvider. properties: clientIDs: - description: "Provides a list of client IDs, also known as audiences. - When a mobile or web app registers with an OpenID Connect provider, - they establish a value that identifies the application. This is - the value that's sent as the client_id parameter on OAuth requests. - \n You can register multiple client IDs with the same provider. - For example, you might have multiple applications that use the same - OIDC provider. You cannot register more than 100 client IDs with - a single IAM OIDC provider. \n There is no defined format for a - client ID. The CreateOpenIDConnectProviderRequest operation accepts - client IDs up to 255 characters long." + description: |- + Provides a list of client IDs, also known as audiences. When a mobile or + web app registers with an OpenID Connect provider, they establish a value + that identifies the application. This is the value that's sent as the client_id + parameter on OAuth requests. + + + You can register multiple client IDs with the same provider. For example, + you might have multiple applications that use the same OIDC provider. You + cannot register more than 100 client IDs with a single IAM OIDC provider. + + + There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest + operation accepts client IDs up to 255 characters long. items: type: string type: array tags: - description: "A list of tags that you want to attach to the new IAM - OpenID Connect (OIDC) provider. Each tag consists of a key name - and an associated value. For more information about tagging, see - Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new IAM OpenID Connect (OIDC) + provider. Each tag consists of a key name and an associated value. For more + information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -71,36 +82,45 @@ spec: type: object type: array thumbprints: - description: "A list of server certificate thumbprints for the OpenID - Connect (OIDC) identity provider's server certificates. Typically - this list includes only one entry. However, IAM lets you have up - to five thumbprints for an OIDC provider. This lets you maintain - multiple thumbprints if the identity provider is rotating certificates. - \n The server certificate thumbprint is the hex-encoded SHA-1 hash - value of the X.509 certificate used by the domain where the OpenID - Connect provider makes its keys available. It is always a 40-character - string. \n You must provide at least one thumbprint when creating - an IAM OIDC provider. For example, assume that the OIDC provider - is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. - In that case, the thumbprint string would be the hex-encoded SHA-1 - hash value of the certificate used by https://keys.server.example.com. - \n For more information about obtaining the OIDC provider thumbprint, - see Obtaining the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) - in the IAM user Guide." + description: |- + A list of server certificate thumbprints for the OpenID Connect (OIDC) identity + provider's server certificates. Typically this list includes only one entry. + However, IAM lets you have up to five thumbprints for an OIDC provider. This + lets you maintain multiple thumbprints if the identity provider is rotating + certificates. + + + The server certificate thumbprint is the hex-encoded SHA-1 hash value of + the X.509 certificate used by the domain where the OpenID Connect provider + makes its keys available. It is always a 40-character string. + + + You must provide at least one thumbprint when creating an IAM OIDC provider. + For example, assume that the OIDC provider is server.example.com and the + provider stores its keys at https://keys.server.example.com/openid-connect. + In that case, the thumbprint string would be the hex-encoded SHA-1 hash value + of the certificate used by https://keys.server.example.com. + + + For more information about obtaining the OIDC provider thumbprint, see Obtaining + the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) + in the IAM user Guide. items: type: string type: array url: - description: "The URL of the identity provider. The URL must begin - with https:// and should correspond to the iss claim in the provider's - OpenID Connect ID tokens. Per the OIDC standard, path components - are allowed but query parameters are not. Typically the URL consists - of only a hostname, like https://server.example.org or https://example.com. - The URL should not contain a port number. \n You cannot register - the same provider multiple times in a single Amazon Web Services - account. If you try to submit a URL that has already been used for - an OpenID Connect provider in the Amazon Web Services account, you - will get an error." + description: |- + The URL of the identity provider. The URL must begin with https:// and should + correspond to the iss claim in the provider's OpenID Connect ID tokens. Per + the OIDC standard, path components are allowed but query parameters are not. + Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. The URL should not contain a port number. + + + You cannot register the same provider multiple times in a single Amazon Web + Services account. If you try to submit a URL that has already been used for + an OpenID Connect provider in the Amazon Web Services account, you will get + an error. type: string required: - thumbprints @@ -111,24 +131,26 @@ spec: OpenIDConnectProvider properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -139,14 +161,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/config/crd/bases/iam.services.k8s.aws_policies.yaml b/config/crd/bases/iam.services.k8s.aws_policies.yaml index 3e3216e..cb2d5ab 100644 --- a/config/crd/bases/iam.services.k8s.aws_policies.yaml +++ b/config/crd/bases/iam.services.k8s.aws_policies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: policies.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,83 +20,135 @@ spec: description: Policy is the Schema for the Policies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "PolicySpec defines the desired state of Policy. \n Contains - information about a managed policy. \n This data type is used as a response - element in the CreatePolicy, GetPolicy, and ListPolicies operations. - \n For more information about managed policies, refer to Managed policies - and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) - in the IAM User Guide." + description: |- + PolicySpec defines the desired state of Policy. + + + Contains information about a managed policy. + + + This data type is used as a response element in the CreatePolicy, GetPolicy, + and ListPolicies operations. + + + For more information about managed policies, refer to Managed policies and + inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) + in the IAM User Guide. properties: description: - description: "A friendly description of the policy. \n Typically used - to store information about the permissions defined in the policy. - For example, \"Grants access to production DynamoDB tables.\" \n - The policy description is immutable. After a value is assigned, - it cannot be changed." + description: |- + A friendly description of the policy. + + + Typically used to store information about the permissions defined in the + policy. For example, "Grants access to production DynamoDB tables." + + + The policy description is immutable. After a value is assigned, it cannot + be changed. type: string name: - description: "The friendly name of the policy. \n IAM user, group, - role, and policy names must be unique within the account. Names - are not distinguished by case. For example, you cannot create resources - named both \"MyResource\" and \"myresource\"." + description: |- + The friendly name of the policy. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". type: string path: - description: "The path for the policy. \n For more information about - paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters. \n You cannot use an asterisk - (*) in the path name." + description: |- + The path for the policy. + + + For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. + + + You cannot use an asterisk (*) in the path name. type: string policyDocument: - description: "The JSON policy document that you want to use as the - content for the new policy. \n You must provide policies in JSON - format in IAM. However, for CloudFormation templates formatted in - YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it - to IAM. \n The maximum length of the policy document that you can - pass in this operation, including whitespace, is listed below. To - view the maximum character counts of a managed policy with no whitespaces, - see IAM and STS character quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). - \n To learn more about JSON policy grammar, see Grammar of the IAM - JSON policy language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) - in the IAM User Guide. \n The regex pattern (http://wikipedia.org/wiki/regex) - used to validate this parameter is a string of characters consisting - of the following: \n * Any printable ASCII character ranging from - the space character (\\u0020) through the end of the ASCII character - range \n * The printable characters in the Basic Latin and Latin-1 - Supplement character set (through \\u00FF) \n * The special characters - tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)" + description: |- + The JSON policy document that you want to use as the content for the new + policy. + + + You must provide policies in JSON format in IAM. However, for CloudFormation + templates formatted in YAML, you can provide the policy in JSON or YAML format. + CloudFormation always converts a YAML policy to JSON format before submitting + it to IAM. + + + The maximum length of the policy document that you can pass in this operation, + including whitespace, is listed below. To view the maximum character counts + of a managed policy with no whitespaces, see IAM and STS character quotas + (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + + + To learn more about JSON policy grammar, see Grammar of the IAM JSON policy + language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) + in the IAM User Guide. + + + The regex pattern (http://wikipedia.org/wiki/regex) used to validate this + parameter is a string of characters consisting of the following: + + + * Any printable ASCII character ranging from the space character (\u0020) + through the end of the ASCII character range + + + * The printable characters in the Basic Latin and Latin-1 Supplement character + set (through \u00FF) + + + * The special characters tab (\u0009), line feed (\u000A), and carriage + return (\u000D) type: string tags: - description: "A list of tags that you want to attach to the new IAM - customer managed policy. Each tag consists of a key name and an - associated value. For more information about tagging, see Tagging - IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new IAM customer managed policy. + Each tag consists of a key name and an associated value. For more information + about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -114,24 +165,26 @@ spec: description: PolicyStatus defines the observed state of Policy properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -142,19 +195,22 @@ spec: - region type: object attachmentCount: - description: The number of entities (users, groups, and roles) that - the policy is attached to. + description: |- + The number of entities (users, groups, and roles) that the policy is attached + to. format: int64 type: integer conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -180,7 +236,8 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the policy was created. format: date-time type: string @@ -193,24 +250,34 @@ spec: user, group, or role. type: boolean permissionsBoundaryUsageCount: - description: "The number of entities (users and roles) for which the - policy is used to set the permissions boundary. \n For more information - about permissions boundaries, see Permissions boundaries for IAM - identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) - in the IAM User Guide." + description: |- + The number of entities (users and roles) for which the policy is used to + set the permissions boundary. + + + For more information about permissions boundaries, see Permissions boundaries + for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + in the IAM User Guide. format: int64 type: integer policyID: - description: "The stable and unique string identifying the policy. - \n For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide." + description: |- + The stable and unique string identifying the policy. + + + For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. type: string updateDate: - description: "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - when the policy was last updated. \n When a policy has only one - version, this field contains the date and time when the policy was - created. When a policy has more than one version, this field contains - the date and time when the most recent policy version was created." + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + when the policy was last updated. + + + When a policy has only one version, this field contains the date and time + when the policy was created. When a policy has more than one version, this + field contains the date and time when the most recent policy version was + created. format: date-time type: string type: object diff --git a/config/crd/bases/iam.services.k8s.aws_roles.yaml b/config/crd/bases/iam.services.k8s.aws_roles.yaml index 129ee0c..0fa8de8 100644 --- a/config/crd/bases/iam.services.k8s.aws_roles.yaml +++ b/config/crd/bases/iam.services.k8s.aws_roles.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: roles.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,37 +20,59 @@ spec: description: Role is the Schema for the Roles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "RoleSpec defines the desired state of Role. \n Contains - information about an IAM role. This structure is returned as a response - element in several API operations that interact with roles." + description: |- + RoleSpec defines the desired state of Role. + + + Contains information about an IAM role. This structure is returned as a response + element in several API operations that interact with roles. properties: assumeRolePolicyDocument: - description: "The trust relationship policy document that grants an - entity permission to assume the role. \n In IAM, you must provide - a JSON policy that has been converted to a string. However, for - CloudFormation templates formatted in YAML, you can provide the - policy in JSON or YAML format. CloudFormation always converts a - YAML policy to JSON format before submitting it to IAM. \n The regex - pattern (http://wikipedia.org/wiki/regex) used to validate this + description: |- + The trust relationship policy document that grants an entity permission to + assume the role. + + + In IAM, you must provide a JSON policy that has been converted to a string. + However, for CloudFormation templates formatted in YAML, you can provide + the policy in JSON or YAML format. CloudFormation always converts a YAML + policy to JSON format before submitting it to IAM. + + + The regex pattern (http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - \n * Any printable ASCII character ranging from the space character - (\\u0020) through the end of the ASCII character range \n * The - printable characters in the Basic Latin and Latin-1 Supplement character - set (through \\u00FF) \n * The special characters tab (\\u0009), - line feed (\\u000A), and carriage return (\\u000D) \n Upon success, - the response includes the same trust policy in JSON format." + + + * Any printable ASCII character ranging from the space character (\u0020) + through the end of the ASCII character range + + + * The printable characters in the Basic Latin and Latin-1 Supplement character + set (through \u00FF) + + + * The special characters tab (\u0009), line feed (\u000A), and carriage + return (\u000D) + + + Upon success, the response includes the same trust policy in JSON format. type: string description: description: A description of the role. @@ -61,64 +82,83 @@ spec: type: string type: object maxSessionDuration: - description: "The maximum session duration (in seconds) that you want - to set for the specified role. If you do not specify a value for - this setting, the default value of one hour is applied. This setting - can have a value from 1 hour to 12 hours. \n Anyone who assumes - the role from the CLI or API can use the DurationSeconds API parameter - or the duration-seconds CLI parameter to request a longer session. - The MaxSessionDuration setting determines the maximum duration that - can be requested using the DurationSeconds parameter. If users don't - specify a value for the DurationSeconds parameter, their security - credentials are valid for one hour by default. This applies when - you use the AssumeRole* API operations or the assume-role* CLI operations - but does not apply when you use those operations to create a console - URL. For more information, see Using IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) - in the IAM User Guide." + description: |- + The maximum session duration (in seconds) that you want to set for the specified + role. If you do not specify a value for this setting, the default value of + one hour is applied. This setting can have a value from 1 hour to 12 hours. + + + Anyone who assumes the role from the CLI or API can use the DurationSeconds + API parameter or the duration-seconds CLI parameter to request a longer session. + The MaxSessionDuration setting determines the maximum duration that can be + requested using the DurationSeconds parameter. If users don't specify a value + for the DurationSeconds parameter, their security credentials are valid for + one hour by default. This applies when you use the AssumeRole* API operations + or the assume-role* CLI operations but does not apply when you use those + operations to create a console URL. For more information, see Using IAM roles + (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the + IAM User Guide. format: int64 type: integer name: - description: "The name of the role to create. \n IAM user, group, - role, and policy names must be unique within the account. Names - are not distinguished by case. For example, you cannot create resources - named both \"MyResource\" and \"myresource\". \n This parameter - allows (through its regex pattern (http://wikipedia.org/wiki/regex)) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-" + description: |- + The name of the role to create. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@- type: string path: - description: "The path to the role. For more information about paths, - see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path to the role. For more information about paths, see IAM Identifiers + (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string permissionsBoundary: - description: "The ARN of the managed policy that is used to set the - permissions boundary for the role. \n A permissions boundary policy - defines the maximum permissions that identity-based policies can - grant to an entity, but does not grant permissions. Permissions - boundaries do not define the maximum permissions that a resource-based - policy can grant to an entity. To learn more, see Permissions boundaries - for IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) - in the IAM User Guide. \n For more information about policy types, - see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) - in the IAM User Guide." + description: |- + The ARN of the managed policy that is used to set the permissions boundary + for the role. + + + A permissions boundary policy defines the maximum permissions that identity-based + policies can grant to an entity, but does not grant permissions. Permissions + boundaries do not define the maximum permissions that a resource-based policy + can grant to an entity. To learn more, see Permissions boundaries for IAM + entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + in the IAM User Guide. + + + For more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) + in the IAM User Guide. type: string permissionsBoundaryRef: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -131,13 +171,14 @@ spec: policyRefs: items: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: - my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -145,16 +186,20 @@ spec: type: object type: array tags: - description: "A list of tags that you want to attach to the new role. - Each tag consists of a key name and an associated value. For more - information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new role. Each tag consists + of a key name and an associated value. For more information about tagging, + see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -171,24 +216,26 @@ spec: description: RoleStatus defines the observed state of Role properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -199,14 +246,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -232,23 +281,25 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the role was created. format: date-time type: string roleID: - description: The stable and unique string identifying the role. For - more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the role. For more information about + IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string roleLastUsed: - description: Contains information about the last time that an IAM - role was used. This includes the date and time and the Region in - which the role was last used. Activity is only reported for the - trailing 400 days. This period can be shorter if your Region began - supporting these features within the last year. The role might have - been used more than 400 days ago. For more information, see Regions - where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) + description: |- + Contains information about the last time that an IAM role was used. This + includes the date and time and the Region in which the role was last used. + Activity is only reported for the trailing 400 days. This period can be shorter + if your Region began supporting these features within the last year. The + role might have been used more than 400 days ago. For more information, see + Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) in the IAM user Guide. properties: lastUsedDate: diff --git a/config/crd/bases/iam.services.k8s.aws_users.yaml b/config/crd/bases/iam.services.k8s.aws_users.yaml index de87f79..b1de689 100644 --- a/config/crd/bases/iam.services.k8s.aws_users.yaml +++ b/config/crd/bases/iam.services.k8s.aws_users.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: users.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,65 +20,99 @@ spec: description: User is the Schema for the Users API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "UserSpec defines the desired state of User. \n Contains - information about an IAM user entity. \n This data type is used as a - response element in the following operations: \n * CreateUser \n * GetUser - \n * ListUsers" + description: |- + UserSpec defines the desired state of User. + + + Contains information about an IAM user entity. + + + This data type is used as a response element in the following operations: + + + * CreateUser + + + * GetUser + + + * ListUsers properties: inlinePolicies: additionalProperties: type: string type: object name: - description: "The name of the user to create. \n IAM user, group, - role, and policy names must be unique within the account. Names - are not distinguished by case. For example, you cannot create resources - named both \"MyResource\" and \"myresource\"." + description: |- + The name of the user to create. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". type: string path: - description: "The path for the user name. For more information about - paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path for the user name. For more information about paths, see IAM identifiers + (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string permissionsBoundary: - description: "The ARN of the managed policy that is used to set the - permissions boundary for the user. \n A permissions boundary policy - defines the maximum permissions that identity-based policies can - grant to an entity, but does not grant permissions. Permissions - boundaries do not define the maximum permissions that a resource-based - policy can grant to an entity. To learn more, see Permissions boundaries - for IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) - in the IAM User Guide. \n For more information about policy types, - see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) - in the IAM User Guide." + description: |- + The ARN of the managed policy that is used to set the permissions boundary + for the user. + + + A permissions boundary policy defines the maximum permissions that identity-based + policies can grant to an entity, but does not grant permissions. Permissions + boundaries do not define the maximum permissions that a resource-based policy + can grant to an entity. To learn more, see Permissions boundaries for IAM + entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + in the IAM User Guide. + + + For more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) + in the IAM User Guide. type: string permissionsBoundaryRef: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -92,13 +125,14 @@ spec: policyRefs: items: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: - my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -106,16 +140,20 @@ spec: type: object type: array tags: - description: "A list of tags that you want to attach to the new user. - Each tag consists of a key name and an associated value. For more - information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new user. Each tag consists + of a key name and an associated value. For more information about tagging, + see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -131,24 +169,26 @@ spec: description: UserStatus defines the observed state of User properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -159,14 +199,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -192,31 +234,42 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the user was created. format: date-time type: string passwordLastUsed: - description: "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - when the user's password was last used to sign in to an Amazon Web - Services website. For a list of Amazon Web Services websites that - capture a user's last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) - topic in the IAM User Guide. If a password is used more than once - in a five-minute span, only the first use is returned in this field. - If the field is null (no value), then it indicates that they never - signed in with a password. This can be because: \n * The user never - had a password. \n * A password exists but has not been used since - IAM started tracking this information on October 20, 2014. \n A - null value does not mean that the user never had a password. Also, - if the user does not currently have a password but had one in the - past, then this field contains the date and time the most recent - password was used. \n This value is returned only in the GetUser - and ListUsers operations." + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + when the user's password was last used to sign in to an Amazon Web Services + website. For a list of Amazon Web Services websites that capture a user's + last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) + topic in the IAM User Guide. If a password is used more than once in a five-minute + span, only the first use is returned in this field. If the field is null + (no value), then it indicates that they never signed in with a password. + This can be because: + + + * The user never had a password. + + + * A password exists but has not been used since IAM started tracking this + information on October 20, 2014. + + + A null value does not mean that the user never had a password. Also, if the + user does not currently have a password but had one in the past, then this + field contains the date and time the most recent password was used. + + + This value is returned only in the GetUser and ListUsers operations. format: date-time type: string userID: - description: The stable and unique string identifying the user. For - more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the user. For more information about + IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string type: object diff --git a/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml b/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml index 7dca541..65eff73 100644 --- a/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml +++ b/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: adoptedresources.services.k8s.aws spec: group: services.k8s.aws @@ -21,14 +20,19 @@ spec: description: AdoptedResource is the schema for the AdoptedResource API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,126 +46,149 @@ spec: additionalKeys: additionalProperties: type: string - description: AdditionalKeys represents any additional arbitrary - identifiers used when describing the target resource. + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. type: object arn: - description: ARN is the AWS Resource Name for the resource. It - is a globally unique identifier. + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. type: string nameOrID: - description: NameOrId is a user-supplied string identifier for - the resource. It may or may not be globally unique, depending - on the type of resource. + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. type: string type: object kubernetes: - description: ResourceWithMetadata provides the values necessary to - create a Kubernetes resource and override any of its metadata values. + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. properties: group: type: string kind: type: string metadata: - description: "ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. It - is not possible to use `metav1.ObjectMeta` inside spec, as the - controller-gen automatically converts this to an arbitrary string-string - map. https://github.com/kubernetes-sigs/controller-tools/issues/385 - \n Active discussion about inclusion of this field in the spec - is happening in this PR: https://github.com/kubernetes-sigs/controller-tools/pull/395 - \n Until this is allowed, or if it never is, we will produce - a subset of the object meta that contains only the fields which - the user is allowed to modify in the metadata." + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object generateName: - description: "GenerateName is an optional prefix, used by - the server, to generate a unique name ONLY IF the Name field - has not been provided. If this field is used, the name returned - to the client will be different than the name passed. This - value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and - may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is - specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the - Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency type: string labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow - a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names type: string namespace: - description: "Namespace defines the space within each name - must be unique. An empty namespace is equivalent to the - \"default\" namespace, but \"default\" is the canonical - representation. Not all objects are required to be scoped - to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces type: string ownerReferences: - description: List of objects depended by this object. If ALL - objects in the list have been deleted, this object will - be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, - with the controller field set to true. There cannot be more - than one managing controller. + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or be - cluster-scoped, so there is no namespace field. + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. properties: apiVersion: description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. type: boolean controller: description: If true, this reference points to the managing controller. type: boolean kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names type: string uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids type: string required: - apiVersion @@ -185,13 +212,14 @@ spec: AdoptedResource. properties: conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various terminal states of the adopted resource CR - and its target custom resource + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/config/crd/common/bases/services.k8s.aws_fieldexports.yaml b/config/crd/common/bases/services.k8s.aws_fieldexports.yaml index 4a7ab61..4d3a8f1 100644 --- a/config/crd/common/bases/services.k8s.aws_fieldexports.yaml +++ b/config/crd/common/bases/services.k8s.aws_fieldexports.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: fieldexports.services.k8s.aws spec: group: services.k8s.aws @@ -21,14 +20,19 @@ spec: description: FieldExport is the schema for the FieldExport API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,15 +40,17 @@ spec: description: FieldExportSpec defines the desired state of the FieldExport. properties: from: - description: ResourceFieldSelector provides the values necessary to - identify an individual field on an individual K8s resource. + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. properties: path: type: string resource: - description: NamespacedResource provides all the values necessary - to identify an ACK resource of a given type (within the same - namespace as the custom resource containing this type). + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). properties: group: type: string @@ -62,16 +68,18 @@ spec: - resource type: object to: - description: FieldExportTarget provides the values necessary to identify - the output path for a field export. + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. properties: key: description: Key overrides the default value (`.`) for the FieldExport target type: string kind: - description: FieldExportOutputType represents all types that can - be produced by a field export operation + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation enum: - configmap - secret @@ -94,12 +102,14 @@ spec: description: FieldExportStatus defines the observed status of the FieldExport. properties: conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various recoverable states of the field CR + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/config/rbac/cluster-role-controller.yaml b/config/rbac/cluster-role-controller.yaml index 817d012..17f9f56 100644 --- a/config/rbac/cluster-role-controller.yaml +++ b/config/rbac/cluster-role-controller.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: ack-iam-controller rules: - apiGroups: diff --git a/go.mod b/go.mod index eadd2d0..0bfd00b 100644 --- a/go.mod +++ b/go.mod @@ -5,16 +5,16 @@ go 1.21 toolchain go1.21.5 require ( - github.com/aws-controllers-k8s/runtime v0.29.2 + github.com/aws-controllers-k8s/runtime v0.30.0 github.com/aws/aws-sdk-go v1.49.0 - github.com/go-logr/logr v1.2.4 + github.com/go-logr/logr v1.4.1 github.com/micahhausler/aws-iam-policy v0.4.2 github.com/samber/lo v1.37.0 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.28.3 - k8s.io/apimachinery v0.28.3 - k8s.io/client-go v0.28.3 - sigs.k8s.io/controller-runtime v0.16.3 + k8s.io/api v0.29.0 + k8s.io/apimachinery v0.29.0 + k8s.io/client-go v0.29.0 + sigs.k8s.io/controller-runtime v0.17.0 ) // Temporary fix for github.com/micahhausler/aws-iam-policy. Awaiting for a-hilaly to send @@ -27,9 +27,9 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-logr/zapr v1.2.4 // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect @@ -37,7 +37,7 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect @@ -48,36 +48,36 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.12.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.28.3 // indirect - k8s.io/component-base v0.28.3 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect + k8s.io/apiextensions-apiserver v0.29.0 // indirect + k8s.io/component-base v0.29.0 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 603a225..2dca098 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,9 @@ github.com/a-hilaly/aws-iam-policy v0.0.0-20231121054900-2c56e839ca53 h1:2uNM0nR2WUDN88EYFxjEaroH+PZJ6k/h9kl+KO0dWVc= github.com/a-hilaly/aws-iam-policy v0.0.0-20231121054900-2c56e839ca53/go.mod h1:Ojgst9ZFn+VEEJpqtuw/LxVGqEf2+hwWBlkYWvF/XWM= -github.com/aws-controllers-k8s/runtime v0.29.2 h1:t6wwoKqFmtbblMcwFivpWp1FZa0gkczoUsk+maIsiRA= -github.com/aws-controllers-k8s/runtime v0.29.2/go.mod h1:mZa9l+/l+tlbxWVmMWWbUC3oAHUbeTzlI7xTOMdYHpA= +github.com/aws-controllers-k8s/runtime v0.30.0 h1:AibYRdi/7xUA3t8BA0u8g+J+OioaTAT6R4Vq8hxLiYw= +github.com/aws-controllers-k8s/runtime v0.30.0/go.mod h1:Pv1ozlUaO11KO2mwPN/HzhAtZ70ZDE9UP24mjsbkul0= github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY= github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= @@ -19,15 +18,15 @@ github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxER github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= +github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= @@ -40,7 +39,6 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= @@ -49,8 +47,9 @@ github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvR github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -66,7 +65,6 @@ github.com/itchyny/timefmt-go v0.1.3 h1:7M3LGVDsqcd0VZH2U+x393obrzZisp7C0uEe921i github.com/itchyny/timefmt-go v0.1.3/go.mod h1:0osSSCQSASBJMsIZnhAaF1C2fCBTJZXrnj37mG8/c+A= github.com/jaypipes/envutil v1.0.0 h1:u6Vwy9HwruFihoZrL0bxDLCa/YNadGVwKyPElNmZWow= github.com/jaypipes/envutil v1.0.0/go.mod h1:vgIRDly+xgBq0eeZRcflOHMMobMwgC6MkMbxo/Nw65M= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -77,7 +75,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -89,8 +86,8 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -98,23 +95,22 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= -github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/samber/lo v1.37.0 h1:XjVcB8g6tgUp8rsPsJ2CvhClfImrpL04YpQHXeHPhRw= @@ -126,23 +122,17 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -150,55 +140,42 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -209,10 +186,9 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -225,27 +201,27 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM= -k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc= -k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= -k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= -k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A= -k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8= -k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4= -k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo= -k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI= -k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= -sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= +k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= +k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= +k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= +k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= +k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= +k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= +k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= +k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= +sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 66f5276..1aaf23d 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: iam-chart description: A Helm chart for the ACK service controller for AWS Identity & Access Management (IAM) -version: 1.3.3 -appVersion: 1.3.3 +version: 1.3.4 +appVersion: 1.3.4 home: https://github.com/aws-controllers-k8s/iam-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/crds/iam.services.k8s.aws_groups.yaml b/helm/crds/iam.services.k8s.aws_groups.yaml index f04bb76..bcfb331 100644 --- a/helm/crds/iam.services.k8s.aws_groups.yaml +++ b/helm/crds/iam.services.k8s.aws_groups.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: groups.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,45 +20,71 @@ spec: description: Group is the Schema for the Groups API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "GroupSpec defines the desired state of Group. \n Contains - information about an IAM group entity. \n This data type is used as - a response element in the following operations: \n - CreateGroup \n - - GetGroup \n - ListGroups" + description: |- + GroupSpec defines the desired state of Group. + + + Contains information about an IAM group entity. + + + This data type is used as a response element in the following operations: + + + - CreateGroup + + + - GetGroup + + + - ListGroups properties: inlinePolicies: additionalProperties: type: string type: object name: - description: "The name of the group to create. Do not include the - path in this value. \n IAM user, group, role, and policy names must - be unique within the account. Names are not distinguished by case. - For example, you cannot create resources named both \"MyResource\" - and \"myresource\"." + description: |- + The name of the group to create. Do not include the path in this value. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". type: string path: - description: "The path to the group. For more information about paths, - see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path to the group. For more information about paths, see IAM identifiers + (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string policies: items: @@ -68,13 +93,14 @@ spec: policyRefs: items: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: - my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -88,24 +114,26 @@ spec: description: GroupStatus defines the observed state of Group properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -116,14 +144,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -149,13 +179,15 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the group was created. format: date-time type: string groupID: - description: The stable and unique string identifying the group. For - more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the group. For more information + about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string type: object diff --git a/helm/crds/iam.services.k8s.aws_instanceprofiles.yaml b/helm/crds/iam.services.k8s.aws_instanceprofiles.yaml index 8e70a9d..96cbc5f 100644 --- a/helm/crds/iam.services.k8s.aws_instanceprofiles.yaml +++ b/helm/crds/iam.services.k8s.aws_instanceprofiles.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: instanceprofiles.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,69 +20,103 @@ spec: description: InstanceProfile is the Schema for the InstanceProfiles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "InstanceProfileSpec defines the desired state of InstanceProfile. - \n Contains information about an instance profile. \n This data type - is used as a response element in the following operations: \n - CreateInstanceProfile - \n - GetInstanceProfile \n - ListInstanceProfiles \n - ListInstanceProfilesForRole" + description: |- + InstanceProfileSpec defines the desired state of InstanceProfile. + + + Contains information about an instance profile. + + + This data type is used as a response element in the following operations: + + + - CreateInstanceProfile + + + - GetInstanceProfile + + + - ListInstanceProfiles + + + - ListInstanceProfilesForRole properties: name: - description: "The name of the instance profile to create. \n This - parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-" + description: |- + The name of the instance profile to create. + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@- type: string path: - description: "The path to the instance profile. For more information - about paths, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path to the instance profile. For more information about paths, see IAM + Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string role: type: string roleRef: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string type: object type: object tags: - description: "A list of tags that you want to attach to the newly - created IAM instance profile. Each tag consists of a key name and - an associated value. For more information about tagging, see Tagging - IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the newly created IAM instance + profile. Each tag consists of a key name and an associated value. For more + information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -99,24 +132,26 @@ spec: description: InstanceProfileStatus defines the observed state of InstanceProfile properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -127,14 +162,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -164,8 +201,9 @@ spec: format: date-time type: string instanceProfileID: - description: The stable and unique string identifying the instance - profile. For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the instance profile. For more information + about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string type: object diff --git a/helm/crds/iam.services.k8s.aws_openidconnectproviders.yaml b/helm/crds/iam.services.k8s.aws_openidconnectproviders.yaml index a95fae2..7156f97 100644 --- a/helm/crds/iam.services.k8s.aws_openidconnectproviders.yaml +++ b/helm/crds/iam.services.k8s.aws_openidconnectproviders.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: openidconnectproviders.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -22,14 +21,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,31 +41,38 @@ spec: description: OpenIDConnectProviderSpec defines the desired state of OpenIDConnectProvider. properties: clientIDs: - description: "Provides a list of client IDs, also known as audiences. - When a mobile or web app registers with an OpenID Connect provider, - they establish a value that identifies the application. This is - the value that's sent as the client_id parameter on OAuth requests. - \n You can register multiple client IDs with the same provider. - For example, you might have multiple applications that use the same - OIDC provider. You cannot register more than 100 client IDs with - a single IAM OIDC provider. \n There is no defined format for a - client ID. The CreateOpenIDConnectProviderRequest operation accepts - client IDs up to 255 characters long." + description: |- + Provides a list of client IDs, also known as audiences. When a mobile or + web app registers with an OpenID Connect provider, they establish a value + that identifies the application. This is the value that's sent as the client_id + parameter on OAuth requests. + + + You can register multiple client IDs with the same provider. For example, + you might have multiple applications that use the same OIDC provider. You + cannot register more than 100 client IDs with a single IAM OIDC provider. + + + There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest + operation accepts client IDs up to 255 characters long. items: type: string type: array tags: - description: "A list of tags that you want to attach to the new IAM - OpenID Connect (OIDC) provider. Each tag consists of a key name - and an associated value. For more information about tagging, see - Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new IAM OpenID Connect (OIDC) + provider. Each tag consists of a key name and an associated value. For more + information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -71,36 +82,45 @@ spec: type: object type: array thumbprints: - description: "A list of server certificate thumbprints for the OpenID - Connect (OIDC) identity provider's server certificates. Typically - this list includes only one entry. However, IAM lets you have up - to five thumbprints for an OIDC provider. This lets you maintain - multiple thumbprints if the identity provider is rotating certificates. - \n The server certificate thumbprint is the hex-encoded SHA-1 hash - value of the X.509 certificate used by the domain where the OpenID - Connect provider makes its keys available. It is always a 40-character - string. \n You must provide at least one thumbprint when creating - an IAM OIDC provider. For example, assume that the OIDC provider - is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect. - In that case, the thumbprint string would be the hex-encoded SHA-1 - hash value of the certificate used by https://keys.server.example.com. - \n For more information about obtaining the OIDC provider thumbprint, - see Obtaining the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) - in the IAM user Guide." + description: |- + A list of server certificate thumbprints for the OpenID Connect (OIDC) identity + provider's server certificates. Typically this list includes only one entry. + However, IAM lets you have up to five thumbprints for an OIDC provider. This + lets you maintain multiple thumbprints if the identity provider is rotating + certificates. + + + The server certificate thumbprint is the hex-encoded SHA-1 hash value of + the X.509 certificate used by the domain where the OpenID Connect provider + makes its keys available. It is always a 40-character string. + + + You must provide at least one thumbprint when creating an IAM OIDC provider. + For example, assume that the OIDC provider is server.example.com and the + provider stores its keys at https://keys.server.example.com/openid-connect. + In that case, the thumbprint string would be the hex-encoded SHA-1 hash value + of the certificate used by https://keys.server.example.com. + + + For more information about obtaining the OIDC provider thumbprint, see Obtaining + the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html) + in the IAM user Guide. items: type: string type: array url: - description: "The URL of the identity provider. The URL must begin - with https:// and should correspond to the iss claim in the provider's - OpenID Connect ID tokens. Per the OIDC standard, path components - are allowed but query parameters are not. Typically the URL consists - of only a hostname, like https://server.example.org or https://example.com. - The URL should not contain a port number. \n You cannot register - the same provider multiple times in a single Amazon Web Services - account. If you try to submit a URL that has already been used for - an OpenID Connect provider in the Amazon Web Services account, you - will get an error." + description: |- + The URL of the identity provider. The URL must begin with https:// and should + correspond to the iss claim in the provider's OpenID Connect ID tokens. Per + the OIDC standard, path components are allowed but query parameters are not. + Typically the URL consists of only a hostname, like https://server.example.org + or https://example.com. The URL should not contain a port number. + + + You cannot register the same provider multiple times in a single Amazon Web + Services account. If you try to submit a URL that has already been used for + an OpenID Connect provider in the Amazon Web Services account, you will get + an error. type: string required: - thumbprints @@ -111,24 +131,26 @@ spec: OpenIDConnectProvider properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -139,14 +161,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/helm/crds/iam.services.k8s.aws_policies.yaml b/helm/crds/iam.services.k8s.aws_policies.yaml index efbacb7..b6b280e 100644 --- a/helm/crds/iam.services.k8s.aws_policies.yaml +++ b/helm/crds/iam.services.k8s.aws_policies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: policies.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,83 +20,135 @@ spec: description: Policy is the Schema for the Policies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "PolicySpec defines the desired state of Policy. \n Contains - information about a managed policy. \n This data type is used as a response - element in the CreatePolicy, GetPolicy, and ListPolicies operations. - \n For more information about managed policies, refer to Managed policies - and inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) - in the IAM User Guide." + description: |- + PolicySpec defines the desired state of Policy. + + + Contains information about a managed policy. + + + This data type is used as a response element in the CreatePolicy, GetPolicy, + and ListPolicies operations. + + + For more information about managed policies, refer to Managed policies and + inline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) + in the IAM User Guide. properties: description: - description: "A friendly description of the policy. \n Typically used - to store information about the permissions defined in the policy. - For example, \"Grants access to production DynamoDB tables.\" \n - The policy description is immutable. After a value is assigned, - it cannot be changed." + description: |- + A friendly description of the policy. + + + Typically used to store information about the permissions defined in the + policy. For example, "Grants access to production DynamoDB tables." + + + The policy description is immutable. After a value is assigned, it cannot + be changed. type: string name: - description: "The friendly name of the policy. \n IAM user, group, - role, and policy names must be unique within the account. Names - are not distinguished by case. For example, you cannot create resources - named both \"MyResource\" and \"myresource\"." + description: |- + The friendly name of the policy. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". type: string path: - description: "The path for the policy. \n For more information about - paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters. \n You cannot use an asterisk - (*) in the path name." + description: |- + The path for the policy. + + + For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. + + + You cannot use an asterisk (*) in the path name. type: string policyDocument: - description: "The JSON policy document that you want to use as the - content for the new policy. \n You must provide policies in JSON - format in IAM. However, for CloudFormation templates formatted in - YAML, you can provide the policy in JSON or YAML format. CloudFormation - always converts a YAML policy to JSON format before submitting it - to IAM. \n The maximum length of the policy document that you can - pass in this operation, including whitespace, is listed below. To - view the maximum character counts of a managed policy with no whitespaces, - see IAM and STS character quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). - \n To learn more about JSON policy grammar, see Grammar of the IAM - JSON policy language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) - in the IAM User Guide. \n The regex pattern (http://wikipedia.org/wiki/regex) - used to validate this parameter is a string of characters consisting - of the following: \n - Any printable ASCII character ranging from - the space character (\\u0020) through the end of the ASCII character - range \n - The printable characters in the Basic Latin and Latin-1 - Supplement character set (through \\u00FF) \n - The special characters - tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)" + description: |- + The JSON policy document that you want to use as the content for the new + policy. + + + You must provide policies in JSON format in IAM. However, for CloudFormation + templates formatted in YAML, you can provide the policy in JSON or YAML format. + CloudFormation always converts a YAML policy to JSON format before submitting + it to IAM. + + + The maximum length of the policy document that you can pass in this operation, + including whitespace, is listed below. To view the maximum character counts + of a managed policy with no whitespaces, see IAM and STS character quotas + (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + + + To learn more about JSON policy grammar, see Grammar of the IAM JSON policy + language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) + in the IAM User Guide. + + + The regex pattern (http://wikipedia.org/wiki/regex) used to validate this + parameter is a string of characters consisting of the following: + + + - Any printable ASCII character ranging from the space character (\u0020) + through the end of the ASCII character range + + + - The printable characters in the Basic Latin and Latin-1 Supplement character + set (through \u00FF) + + + - The special characters tab (\u0009), line feed (\u000A), and carriage + return (\u000D) type: string tags: - description: "A list of tags that you want to attach to the new IAM - customer managed policy. Each tag consists of a key name and an - associated value. For more information about tagging, see Tagging - IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new IAM customer managed policy. + Each tag consists of a key name and an associated value. For more information + about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -114,24 +165,26 @@ spec: description: PolicyStatus defines the observed state of Policy properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -142,19 +195,22 @@ spec: - region type: object attachmentCount: - description: The number of entities (users, groups, and roles) that - the policy is attached to. + description: |- + The number of entities (users, groups, and roles) that the policy is attached + to. format: int64 type: integer conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -180,7 +236,8 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the policy was created. format: date-time type: string @@ -193,24 +250,34 @@ spec: user, group, or role. type: boolean permissionsBoundaryUsageCount: - description: "The number of entities (users and roles) for which the - policy is used to set the permissions boundary. \n For more information - about permissions boundaries, see Permissions boundaries for IAM - identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) - in the IAM User Guide." + description: |- + The number of entities (users and roles) for which the policy is used to + set the permissions boundary. + + + For more information about permissions boundaries, see Permissions boundaries + for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + in the IAM User Guide. format: int64 type: integer policyID: - description: "The stable and unique string identifying the policy. - \n For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide." + description: |- + The stable and unique string identifying the policy. + + + For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. type: string updateDate: - description: "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - when the policy was last updated. \n When a policy has only one - version, this field contains the date and time when the policy was - created. When a policy has more than one version, this field contains - the date and time when the most recent policy version was created." + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + when the policy was last updated. + + + When a policy has only one version, this field contains the date and time + when the policy was created. When a policy has more than one version, this + field contains the date and time when the most recent policy version was + created. format: date-time type: string type: object diff --git a/helm/crds/iam.services.k8s.aws_roles.yaml b/helm/crds/iam.services.k8s.aws_roles.yaml index cbdbcb4..6912347 100644 --- a/helm/crds/iam.services.k8s.aws_roles.yaml +++ b/helm/crds/iam.services.k8s.aws_roles.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: roles.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,37 +20,59 @@ spec: description: Role is the Schema for the Roles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "RoleSpec defines the desired state of Role. \n Contains - information about an IAM role. This structure is returned as a response - element in several API operations that interact with roles." + description: |- + RoleSpec defines the desired state of Role. + + + Contains information about an IAM role. This structure is returned as a response + element in several API operations that interact with roles. properties: assumeRolePolicyDocument: - description: "The trust relationship policy document that grants an - entity permission to assume the role. \n In IAM, you must provide - a JSON policy that has been converted to a string. However, for - CloudFormation templates formatted in YAML, you can provide the - policy in JSON or YAML format. CloudFormation always converts a - YAML policy to JSON format before submitting it to IAM. \n The regex - pattern (http://wikipedia.org/wiki/regex) used to validate this + description: |- + The trust relationship policy document that grants an entity permission to + assume the role. + + + In IAM, you must provide a JSON policy that has been converted to a string. + However, for CloudFormation templates formatted in YAML, you can provide + the policy in JSON or YAML format. CloudFormation always converts a YAML + policy to JSON format before submitting it to IAM. + + + The regex pattern (http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: - \n - Any printable ASCII character ranging from the space character - (\\u0020) through the end of the ASCII character range \n - The - printable characters in the Basic Latin and Latin-1 Supplement character - set (through \\u00FF) \n - The special characters tab (\\u0009), - line feed (\\u000A), and carriage return (\\u000D) \n Upon success, - the response includes the same trust policy in JSON format." + + + - Any printable ASCII character ranging from the space character (\u0020) + through the end of the ASCII character range + + + - The printable characters in the Basic Latin and Latin-1 Supplement character + set (through \u00FF) + + + - The special characters tab (\u0009), line feed (\u000A), and carriage + return (\u000D) + + + Upon success, the response includes the same trust policy in JSON format. type: string description: description: A description of the role. @@ -61,64 +82,83 @@ spec: type: string type: object maxSessionDuration: - description: "The maximum session duration (in seconds) that you want - to set for the specified role. If you do not specify a value for - this setting, the default value of one hour is applied. This setting - can have a value from 1 hour to 12 hours. \n Anyone who assumes - the role from the CLI or API can use the DurationSeconds API parameter - or the duration-seconds CLI parameter to request a longer session. - The MaxSessionDuration setting determines the maximum duration that - can be requested using the DurationSeconds parameter. If users don't - specify a value for the DurationSeconds parameter, their security - credentials are valid for one hour by default. This applies when - you use the AssumeRole* API operations or the assume-role* CLI operations - but does not apply when you use those operations to create a console - URL. For more information, see Using IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) - in the IAM User Guide." + description: |- + The maximum session duration (in seconds) that you want to set for the specified + role. If you do not specify a value for this setting, the default value of + one hour is applied. This setting can have a value from 1 hour to 12 hours. + + + Anyone who assumes the role from the CLI or API can use the DurationSeconds + API parameter or the duration-seconds CLI parameter to request a longer session. + The MaxSessionDuration setting determines the maximum duration that can be + requested using the DurationSeconds parameter. If users don't specify a value + for the DurationSeconds parameter, their security credentials are valid for + one hour by default. This applies when you use the AssumeRole* API operations + or the assume-role* CLI operations but does not apply when you use those + operations to create a console URL. For more information, see Using IAM roles + (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the + IAM User Guide. format: int64 type: integer name: - description: "The name of the role to create. \n IAM user, group, - role, and policy names must be unique within the account. Names - are not distinguished by case. For example, you cannot create resources - named both \"MyResource\" and \"myresource\". \n This parameter - allows (through its regex pattern (http://wikipedia.org/wiki/regex)) - a string of characters consisting of upper and lowercase alphanumeric - characters with no spaces. You can also include any of the following - characters: _+=,.@-" + description: |- + The name of the role to create. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of upper and lowercase alphanumeric characters + with no spaces. You can also include any of the following characters: _+=,.@- type: string path: - description: "The path to the role. For more information about paths, - see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path to the role. For more information about paths, see IAM Identifiers + (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string permissionsBoundary: - description: "The ARN of the managed policy that is used to set the - permissions boundary for the role. \n A permissions boundary policy - defines the maximum permissions that identity-based policies can - grant to an entity, but does not grant permissions. Permissions - boundaries do not define the maximum permissions that a resource-based - policy can grant to an entity. To learn more, see Permissions boundaries - for IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) - in the IAM User Guide. \n For more information about policy types, - see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) - in the IAM User Guide." + description: |- + The ARN of the managed policy that is used to set the permissions boundary + for the role. + + + A permissions boundary policy defines the maximum permissions that identity-based + policies can grant to an entity, but does not grant permissions. Permissions + boundaries do not define the maximum permissions that a resource-based policy + can grant to an entity. To learn more, see Permissions boundaries for IAM + entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + in the IAM User Guide. + + + For more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) + in the IAM User Guide. type: string permissionsBoundaryRef: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -131,13 +171,14 @@ spec: policyRefs: items: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: - my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -145,16 +186,20 @@ spec: type: object type: array tags: - description: "A list of tags that you want to attach to the new role. - Each tag consists of a key name and an associated value. For more - information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new role. Each tag consists + of a key name and an associated value. For more information about tagging, + see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -171,24 +216,26 @@ spec: description: RoleStatus defines the observed state of Role properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -199,14 +246,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -232,23 +281,25 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the role was created. format: date-time type: string roleID: - description: The stable and unique string identifying the role. For - more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the role. For more information about + IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string roleLastUsed: - description: Contains information about the last time that an IAM - role was used. This includes the date and time and the Region in - which the role was last used. Activity is only reported for the - trailing 400 days. This period can be shorter if your Region began - supporting these features within the last year. The role might have - been used more than 400 days ago. For more information, see Regions - where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) + description: |- + Contains information about the last time that an IAM role was used. This + includes the date and time and the Region in which the role was last used. + Activity is only reported for the trailing 400 days. This period can be shorter + if your Region began supporting these features within the last year. The + role might have been used more than 400 days ago. For more information, see + Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) in the IAM user Guide. properties: lastUsedDate: diff --git a/helm/crds/iam.services.k8s.aws_users.yaml b/helm/crds/iam.services.k8s.aws_users.yaml index ec76099..3276673 100644 --- a/helm/crds/iam.services.k8s.aws_users.yaml +++ b/helm/crds/iam.services.k8s.aws_users.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: users.iam.services.k8s.aws spec: group: iam.services.k8s.aws @@ -21,65 +20,99 @@ spec: description: User is the Schema for the Users API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "UserSpec defines the desired state of User. \n Contains - information about an IAM user entity. \n This data type is used as a - response element in the following operations: \n - CreateUser \n - GetUser - \n - ListUsers" + description: |- + UserSpec defines the desired state of User. + + + Contains information about an IAM user entity. + + + This data type is used as a response element in the following operations: + + + - CreateUser + + + - GetUser + + + - ListUsers properties: inlinePolicies: additionalProperties: type: string type: object name: - description: "The name of the user to create. \n IAM user, group, - role, and policy names must be unique within the account. Names - are not distinguished by case. For example, you cannot create resources - named both \"MyResource\" and \"myresource\"." + description: |- + The name of the user to create. + + + IAM user, group, role, and policy names must be unique within the account. + Names are not distinguished by case. For example, you cannot create resources + named both "MyResource" and "myresource". type: string path: - description: "The path for the user name. For more information about - paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) - in the IAM User Guide. \n This parameter is optional. If it is not - included, it defaults to a slash (/). \n This parameter allows (through - its regex pattern (http://wikipedia.org/wiki/regex)) a string of - characters consisting of either a forward slash (/) by itself or - a string that must begin and end with forward slashes. In addition, - it can contain any ASCII character from the ! (\\u0021) through - the DEL character (\\u007F), including most punctuation characters, - digits, and upper and lowercased letters." + description: |- + The path for the user name. For more information about paths, see IAM identifiers + (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + in the IAM User Guide. + + + This parameter is optional. If it is not included, it defaults to a slash + (/). + + + This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + a string of characters consisting of either a forward slash (/) by itself + or a string that must begin and end with forward slashes. In addition, it + can contain any ASCII character from the ! (\u0021) through the DEL character + (\u007F), including most punctuation characters, digits, and upper and lowercased + letters. type: string permissionsBoundary: - description: "The ARN of the managed policy that is used to set the - permissions boundary for the user. \n A permissions boundary policy - defines the maximum permissions that identity-based policies can - grant to an entity, but does not grant permissions. Permissions - boundaries do not define the maximum permissions that a resource-based - policy can grant to an entity. To learn more, see Permissions boundaries - for IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) - in the IAM User Guide. \n For more information about policy types, - see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) - in the IAM User Guide." + description: |- + The ARN of the managed policy that is used to set the permissions boundary + for the user. + + + A permissions boundary policy defines the maximum permissions that identity-based + policies can grant to an entity, but does not grant permissions. Permissions + boundaries do not define the maximum permissions that a resource-based policy + can grant to an entity. To learn more, see Permissions boundaries for IAM + entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + in the IAM User Guide. + + + For more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) + in the IAM User Guide. type: string permissionsBoundaryRef: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -92,13 +125,14 @@ spec: policyRefs: items: description: "AWSResourceReferenceWrapper provides a wrapper around - *AWSResourceReference type to provide more user friendly syntax - for references using 'from' field Ex: APIIDRef: \n from: name: - my-api" + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" properties: from: - description: AWSResourceReference provides all the values necessary - to reference another k8s resource for finding the identifier(Id/ARN/Name) + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) properties: name: type: string @@ -106,16 +140,20 @@ spec: type: object type: array tags: - description: "A list of tags that you want to attach to the new user. - Each tag consists of a key name and an associated value. For more - information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) - in the IAM User Guide. \n If any one of the tags is invalid or if - you exceed the allowed maximum number of tags, then the entire request - fails and the resource is not created." + description: |- + A list of tags that you want to attach to the new user. Each tag consists + of a key name and an associated value. For more information about tagging, + see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + in the IAM User Guide. + + + If any one of the tags is invalid or if you exceed the allowed maximum number + of tags, then the entire request fails and the resource is not created. items: - description: A structure that represents user-provided metadata - that can be associated with an IAM resource. For more information - about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) + description: |- + A structure that represents user-provided metadata that can be associated + with an IAM resource. For more information about tagging, see Tagging IAM + resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. properties: key: @@ -131,24 +169,26 @@ spec: description: UserStatus defines the observed state of User properties: ackResourceMetadata: - description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` - member that is used to contain resource sync state, account ownership, + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, constructed ARN for the resource properties: arn: - description: 'ARN is the Amazon Resource Name for the resource. - This is a globally-unique identifier and is set only by the - ACK service controller once the controller has orchestrated - the creation of the resource OR when it has verified that an - "adopted" resource (a resource where the ARN annotation was - set by the Kubernetes user on the CR) exists and matches the - supplied CR''s Spec field values. TODO(vijat@): Find a better - strategy for resources that do not have ARN in CreateOutputResponse - https://github.com/aws/aws-controllers-k8s/issues/270' + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 type: string ownerAccountID: - description: OwnerAccountID is the AWS Account ID of the account - that owns the backend AWS service API resource. + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. type: string region: description: Region is the AWS region in which the resource exists @@ -159,14 +199,16 @@ spec: - region type: object conditions: - description: All CRS managed by ACK have a common `Status.Conditions` - member that contains a collection of `ackv1alpha1.Condition` objects - that describe the various terminal states of the CR and its backend - AWS service API resource + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -192,31 +234,42 @@ spec: type: object type: array createDate: - description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the user was created. format: date-time type: string passwordLastUsed: - description: "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - when the user's password was last used to sign in to an Amazon Web - Services website. For a list of Amazon Web Services websites that - capture a user's last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) - topic in the IAM User Guide. If a password is used more than once - in a five-minute span, only the first use is returned in this field. - If the field is null (no value), then it indicates that they never - signed in with a password. This can be because: \n * The user never - had a password. \n * A password exists but has not been used since - IAM started tracking this information on October 20, 2014. \n A - null value does not mean that the user never had a password. Also, - if the user does not currently have a password but had one in the - past, then this field contains the date and time the most recent - password was used. \n This value is returned only in the GetUser - and ListUsers operations." + description: |- + The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + when the user's password was last used to sign in to an Amazon Web Services + website. For a list of Amazon Web Services websites that capture a user's + last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) + topic in the IAM User Guide. If a password is used more than once in a five-minute + span, only the first use is returned in this field. If the field is null + (no value), then it indicates that they never signed in with a password. + This can be because: + + + * The user never had a password. + + + * A password exists but has not been used since IAM started tracking this + information on October 20, 2014. + + + A null value does not mean that the user never had a password. Also, if the + user does not currently have a password but had one in the past, then this + field contains the date and time the most recent password was used. + + + This value is returned only in the GetUser and ListUsers operations. format: date-time type: string userID: - description: The stable and unique string identifying the user. For - more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + description: |- + The stable and unique string identifying the user. For more information about + IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. type: string type: object diff --git a/helm/crds/services.k8s.aws_adoptedresources.yaml b/helm/crds/services.k8s.aws_adoptedresources.yaml index 9a12ef7..65eff73 100644 --- a/helm/crds/services.k8s.aws_adoptedresources.yaml +++ b/helm/crds/services.k8s.aws_adoptedresources.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: adoptedresources.services.k8s.aws spec: group: services.k8s.aws @@ -21,14 +20,19 @@ spec: description: AdoptedResource is the schema for the AdoptedResource API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,129 +46,149 @@ spec: additionalKeys: additionalProperties: type: string - description: AdditionalKeys represents any additional arbitrary - identifiers used when describing the target resource. + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. type: object arn: - description: ARN is the AWS Resource Name for the resource. It - is a globally unique identifier. + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. type: string nameOrID: - description: NameOrId is a user-supplied string identifier for - the resource. It may or may not be globally unique, depending - on the type of resource. + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. type: string type: object kubernetes: - description: ResourceWithMetadata provides the values necessary to - create a Kubernetes resource and override any of its metadata values. + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. properties: group: type: string kind: type: string metadata: - description: "ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. It - is not possible to use `metav1.ObjectMeta` inside spec, as the - controller-gen automatically converts this to an arbitrary string-string - map. https://github.com/kubernetes-sigs/controller-tools/issues/385 - \n Active discussion about inclusion of this field in the spec - is happening in this PR: https://github.com/kubernetes-sigs/controller-tools/pull/395 - \n Until this is allowed, or if it never is, we will produce - a subset of the object meta that contains only the fields which - the user is allowed to modify in the metadata." + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations type: object generateName: - description: "GenerateName is an optional prefix, used by - the server, to generate a unique name ONLY IF the Name field - has not been provided. If this field is used, the name returned - to the client will be different than the name passed. This - value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and - may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is - specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the - Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency type: string labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow - a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names type: string namespace: - description: "Namespace defines the space within each name - must be unique. An empty namespace is equivalent to the - \"default\" namespace, but \"default\" is the canonical - representation. Not all objects are required to be scoped - to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces type: string ownerReferences: - description: List of objects depended by this object. If ALL - objects in the list have been deleted, this object will - be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, - with the controller field set to true. There cannot be more - than one managing controller. + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or be - cluster-scoped, so there is no namespace field. + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. properties: apiVersion: description: API version of the referent. type: string blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this - field and enforces the foreground deletion. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. type: boolean controller: description: If true, this reference points to the managing controller. type: boolean kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids type: string required: - apiVersion @@ -188,13 +212,14 @@ spec: AdoptedResource. properties: conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various terminal states of the adopted resource CR - and its target custom resource + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/helm/crds/services.k8s.aws_fieldexports.yaml b/helm/crds/services.k8s.aws_fieldexports.yaml index 4a7ab61..4d3a8f1 100644 --- a/helm/crds/services.k8s.aws_fieldexports.yaml +++ b/helm/crds/services.k8s.aws_fieldexports.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: fieldexports.services.k8s.aws spec: group: services.k8s.aws @@ -21,14 +20,19 @@ spec: description: FieldExport is the schema for the FieldExport API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,15 +40,17 @@ spec: description: FieldExportSpec defines the desired state of the FieldExport. properties: from: - description: ResourceFieldSelector provides the values necessary to - identify an individual field on an individual K8s resource. + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. properties: path: type: string resource: - description: NamespacedResource provides all the values necessary - to identify an ACK resource of a given type (within the same - namespace as the custom resource containing this type). + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). properties: group: type: string @@ -62,16 +68,18 @@ spec: - resource type: object to: - description: FieldExportTarget provides the values necessary to identify - the output path for a field export. + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. properties: key: description: Key overrides the default value (`.`) for the FieldExport target type: string kind: - description: FieldExportOutputType represents all types that can - be produced by a field export operation + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation enum: - configmap - secret @@ -94,12 +102,14 @@ spec: description: FieldExportStatus defines the observed status of the FieldExport. properties: conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various recoverable states of the field CR + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource properties: lastTransitionTime: description: Last time the condition transitioned from one status diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 79111c6..737be9d 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/iam-controller:1.3.3". +This chart deploys "public.ecr.aws/aws-controllers-k8s/iam-controller:1.3.4". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 19828be..3a8df16 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -1,5 +1,5 @@ {{/* The name of the application this chart installs */}} -{{- define "app.name" -}} +{{- define "ack-iam-controller.app.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -8,7 +8,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "app.fullname" -}} +{{- define "ack-iam-controller.app.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -22,33 +22,33 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{/* The name and version as used by the chart label */}} -{{- define "chart.name-version" -}} +{{- define "ack-iam-controller.chart.name-version" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* The name of the service account to use */}} -{{- define "service-account.name" -}} +{{- define "ack-iam-controller.service-account.name" -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} -{{- define "watch-namespace" -}} +{{- define "ack-iam-controller.watch-namespace" -}} {{- if eq .Values.installScope "namespace" -}} {{ .Values.watchNamespace | default .Release.Namespace }} {{- end -}} {{- end -}} {{/* The mount path for the shared credentials file */}} -{{- define "aws.credentials.secret_mount_path" -}} +{{- define "ack-iam-controller.aws.credentials.secret_mount_path" -}} {{- "/var/run/secrets/aws" -}} {{- end -}} {{/* The path the shared credentials file is mounted */}} -{{- define "aws.credentials.path" -}} +{{- define "ack-iam-controller.aws.credentials.path" -}} {{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}} {{- end -}} {{/* The rules a of ClusterRole or Role */}} -{{- define "controller-role-rules" }} +{{- define "ack-iam-controller.rbac-rules" -}} rules: - apiGroups: - "" diff --git a/helm/templates/cluster-role-binding.yaml b/helm/templates/cluster-role-binding.yaml index 7f5286f..449bdc0 100644 --- a/helm/templates/cluster-role-binding.yaml +++ b/helm/templates/cluster-role-binding.yaml @@ -2,20 +2,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "app.fullname" . }} + name: {{ include "ack-iam-controller.app.fullname" . }} roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io name: ack-iam-controller subjects: - kind: ServiceAccount - name: {{ include "service-account.name" . }} + name: {{ include "ack-iam-controller.service-account.name" . }} namespace: {{ .Release.Namespace }} -{{ else if .Values.watchNamespace }} -{{ $namespaces := split "," .Values.watchNamespace }} -{{ $fullname := include "app.fullname" . }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-iam-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ $fullname := include "ack-iam-controller.app.fullname" . }} {{ $releaseNamespace := .Release.Namespace }} -{{ $serviceAccountName := include "service-account.name" . }} +{{ $serviceAccountName := include "ack-iam-controller.service-account.name" . }} {{ range $namespaces }} --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm/templates/cluster-role-controller.yaml b/helm/templates/cluster-role-controller.yaml index 2dbcf42..f3e3eb9 100644 --- a/helm/templates/cluster-role-controller.yaml +++ b/helm/templates/cluster-role-controller.yaml @@ -1,5 +1,5 @@ {{ $labels := .Values.role.labels }} -{{ $rules := include "controller-role-rules" . }} +{{ $rbacRules := include "ack-iam-controller.rbac-rules" . }} {{ if eq .Values.installScope "cluster" }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -9,9 +9,10 @@ metadata: {{- range $key, $value := $labels }} {{ $key }}: {{ $value | quote }} {{- end }} -{{- $rules }} -{{ else if .Values.watchNamespace }} -{{ $namespaces := split "," .Values.watchNamespace }} +{{$rbacRules }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-iam-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} {{ range $namespaces }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -23,6 +24,6 @@ metadata: {{- range $key, $value := $labels }} {{ $key }}: {{ $value | quote }} {{- end }} -{{- $rules }} +{{ $rbacRules }} {{ end }} {{ end }} \ No newline at end of file diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index cea38ec..488ab0d 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -1,20 +1,20 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "app.fullname" . }} + name: {{ include "ack-iam-controller.app.fullname" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-iam-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - k8s-app: {{ include "app.name" . }} - helm.sh/chart: {{ include "chart.name-version" . }} + k8s-app: {{ include "ack-iam-controller.app.name" . }} + helm.sh/chart: {{ include "ack-iam-controller.chart.name-version" . }} spec: replicas: {{ .Values.deployment.replicas }} selector: matchLabels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-iam-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: @@ -25,15 +25,15 @@ spec: {{- end }} {{- end }} labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-iam-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm - k8s-app: {{ include "app.name" . }} + k8s-app: {{ include "ack-iam-controller.app.name" . }} {{- range $key, $value := .Values.deployment.labels }} {{ $key }}: {{ $value | quote }} {{- end }} spec: - serviceAccountName: {{ include "service-account.name" . }} + serviceAccountName: {{ include "ack-iam-controller.service-account.name" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -90,7 +90,7 @@ spec: - name: AWS_ENDPOINT_URL value: {{ .Values.aws.endpoint_url | quote }} - name: ACK_WATCH_NAMESPACE - value: {{ include "watch-namespace" . }} + value: {{ include "ack-iam-controller.watch-namespace" . }} - name: DELETION_POLICY value: {{ .Values.deletionPolicy }} - name: LEADER_ELECTION_NAMESPACE @@ -109,7 +109,7 @@ spec: {{- end }} {{- if .Values.aws.credentials.secretName }} - name: AWS_SHARED_CREDENTIALS_FILE - value: {{ include "aws.credentials.path" . }} + value: {{ include "ack-iam-controller.aws.credentials.path" . }} - name: AWS_PROFILE value: {{ .Values.aws.credentials.profile }} {{- end }} @@ -119,7 +119,7 @@ spec: volumeMounts: {{- if .Values.aws.credentials.secretName }} - name: {{ .Values.aws.credentials.secretName }} - mountPath: {{ include "aws.credentials.secret_mount_path" . }} + mountPath: {{ include "ack-iam-controller.aws.credentials.secret_mount_path" . }} readOnly: true {{- end }} {{- if .Values.deployment.extraVolumeMounts -}} diff --git a/helm/templates/leader-election-role-binding.yaml b/helm/templates/leader-election-role-binding.yaml index 1fa03ab..3b02f48 100644 --- a/helm/templates/leader-election-role-binding.yaml +++ b/helm/templates/leader-election-role-binding.yaml @@ -14,5 +14,5 @@ roleRef: name: iam-leader-election-role subjects: - kind: ServiceAccount - name: {{ include "service-account.name" . }} + name: {{ include "ack-iam-controller.service-account.name" . }} namespace: {{ .Release.Namespace }}{{- end }} diff --git a/helm/templates/metrics-service.yaml b/helm/templates/metrics-service.yaml index 638858a..03874e9 100644 --- a/helm/templates/metrics-service.yaml +++ b/helm/templates/metrics-service.yaml @@ -5,18 +5,18 @@ metadata: name: {{ .Chart.Name | trimSuffix "-chart" | trunc 44 }}-controller-metrics namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-iam-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - k8s-app: {{ include "app.name" . }} - helm.sh/chart: {{ include "chart.name-version" . }} + k8s-app: {{ include "ack-iam-controller.app.name" . }} + helm.sh/chart: {{ include "ack-iam-controller.chart.name-version" . }} spec: selector: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-iam-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm - k8s-app: {{ include "app.name" . }} + k8s-app: {{ include "ack-iam-controller.app.name" . }} {{- range $key, $value := .Values.deployment.labels }} {{ $key }}: {{ $value | quote }} {{- end }} diff --git a/helm/templates/service-account.yaml b/helm/templates/service-account.yaml index 7330639..74a638a 100644 --- a/helm/templates/service-account.yaml +++ b/helm/templates/service-account.yaml @@ -3,13 +3,13 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/name: {{ include "ack-iam-controller.app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - k8s-app: {{ include "app.name" . }} - helm.sh/chart: {{ include "chart.name-version" . }} - name: {{ include "service-account.name" . }} + k8s-app: {{ include "ack-iam-controller.app.name" . }} + helm.sh/chart: {{ include "ack-iam-controller.chart.name-version" . }} + name: {{ include "ack-iam-controller.service-account.name" . }} namespace: {{ .Release.Namespace }} annotations: {{- range $key, $value := .Values.serviceAccount.annotations }} diff --git a/helm/values.yaml b/helm/values.yaml index ca006e1..285719c 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/iam-controller - tag: 1.3.3 + tag: 1.3.4 pullPolicy: IfNotPresent pullSecrets: []