Merge branch 'master' into mockgcp-autokeyconfig

Makefile

@@ -70,7 +70,6 @@ manifests: generate
 	rm -rf config/crds/resources
 	rm -rf config/crds/tmp_resources
 	go build -o bin/generate-crds ./scripts/generate-crds && ./bin/generate-crds -output-dir=config/crds/tmp_resources
-	go run ./scripts/generate-cnrm-cluster-roles/main.go
 	# add kustomize patches on all CRDs
 	mkdir config/crds/resources
 	cp config/crds/kustomization.yaml kustomization.yaml
@@ -82,6 +81,10 @@ manifests: generate
 	# for direct controllers
 	dev/tasks/generate-crds
 
+	# Generating cnrm cluster roles is dependent on the existence of directory
+	# config/crds/resources with all the freshly generated CRDs.
+	go run ./scripts/generate-cnrm-cluster-roles/main.go
+
 # Format code
 .PHONY: fmt
 fmt:
@@ -356,7 +359,7 @@ TEST_TARGET ?= mock
 
 .PHONY: e2e-sample-tests
 e2e-sample-tests:
-	RUN_E2E=1 E2E_KUBE_TARGET=envtest E2E_GCP_TARGET=${TEST_TARGET} KCC_USE_DIRECT_RECONCILERS="SQLInstance,ComputeForwardingRule" \ go test -test.count=1 -timeout 3600s -v ./tests/e2e -run ${SAMPLE_TESTCASE}
+	RUN_E2E=1 E2E_KUBE_TARGET=envtest E2E_GCP_TARGET=${TEST_TARGET} KCC_USE_DIRECT_RECONCILERS="ComputeForwardingRule" \ go test -test.count=1 -timeout 3600s -v ./tests/e2e -run ${SAMPLE_TESTCASE}
 
 # orgnization ID for google.com
 ORG_ID ?= 433637338589

apis/bigqueryconnection/v1alpha1/connection_types.go

@@ -51,10 +51,8 @@ type BigQueryConnectionConnectionSpec struct {
 	// Cloud SQL properties.
 	CloudSQLSpec *CloudSqlPropertiesSpec `json:"cloudSql,omitempty"`
 
-	/* NOTYET
 	// Amazon Web Services (AWS) properties.
-	Aws *AwsProperties `json:"aws,omitempty"`
-	*/
+	AwsSpec *AwsPropertiesSpec `json:"aws,omitempty"`
 
 	/* NOTYET
 	// Azure properties.
@@ -101,6 +99,8 @@ type BigQueryConnectionConnectionStatus struct {
 // BigQueryConnectionConnectionSpec defines the desired state of BigQueryConnectionConnection
 // +kcc:proto=google.cloud.bigquery.connection.v1.Connection
 type BigQueryConnectionConnectionObservedState struct {
+	Aws *AwsPropertiesStatus `json:"aws,omitempty"`
+
 	CloudResource *CloudResourcePropertiesStatus `json:"cloudResource,omitempty"`
 
 	CloudSql *CloudSqlPropertiesStatus `json:"cloudSql,omitempty"`
@@ -137,6 +137,18 @@ type BigQueryConnectionConnectionObservedState struct {
 	HasCredential *bool `json:"hasCredential,omitempty"`
 }
 
+type AwsPropertiesSpec struct {
+	// Authentication using Google owned service account to assume into
+	//  customer's AWS IAM Role.
+	AccessRole *AwsAccessRoleSpec `json:"accessRole,omitempty"`
+}
+
+type AwsAccessRoleSpec struct {
+	// The user’s AWS IAM Role that trusts the Google-owned AWS IAM user
+	//  Connection.
+	IamRoleID *string `json:"iamRoleID,omitempty"`
+}
+
 type CloudResourcePropertiesSpec struct{}
 
 type CloudSqlPropertiesSpec struct {
@@ -153,6 +165,18 @@ type CloudSqlPropertiesSpec struct {
 	Credential *CloudSqlCredential `json:"credential,omitempty"`
 }
 
+// +kcc:proto=google.cloud.bigquery.connection.v1.AwsProperties
+type AwsPropertiesStatus struct {
+	AccessRole *AwsAccessRoleStatus `json:"accessRole,omitempty"`
+}
+
+// +kcc:proto=google.cloud.bigquery.connection.v1.AwsAccessRole
+type AwsAccessRoleStatus struct {
+	// A unique Google-owned and Google-generated identity for the Connection.
+	//  This identity will be used to access the user's AWS IAM Role.
+	Identity *string `json:"identity,omitempty"`
+}
+
 // +kcc:proto=google.cloud.bigquery.connection.v1.CloudSqlProperties
 type CloudSqlPropertiesStatus struct {
 	// The account ID of the service used for the purpose of this connection.

apis/compute/v1beta1/computeforwardingrule_types.go

@@ -88,7 +88,7 @@ type ForwardingruleServiceDirectoryRegistrations struct {
 
 type ForwardingruleTarget struct {
 	// +optional
-	GoogleAPIBundle *string `json:"googleAPIBundle,omitempty"`
+	GoogleAPIsBundle *string `json:"googleAPIsBundle,omitempty"`
 
 	// +optional
 	ServiceAttachmentRef *refs.ComputeServiceAttachmentRef `json:"serviceAttachmentRef,omitempty"`

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com.yaml

@@ -61,6 +61,19 @@ spec:
             description: BigQueryConnectionConnectionSpec defines the desired state
               to connect BigQuery to external resources
             properties:
+              aws:
+                description: Amazon Web Services (AWS) properties.
+                properties:
+                  accessRole:
+                    description: Authentication using Google owned service account
+                      to assume into customer's AWS IAM Role.
+                    properties:
+                      iamRoleID:
+                        description: The user’s AWS IAM Role that trusts the Google-owned
+                          AWS IAM user Connection.
+                        type: string
+                    type: object
+                type: object
               cloudResource:
                 description: Use Cloud Resource properties.
                 type: object
@@ -212,6 +225,17 @@ spec:
                 description: ObservedState is the state of the resource as most recently
                   observed in GCP.
                 properties:
+                  aws:
+                    properties:
+                      accessRole:
+                        properties:
+                          identity:
+                            description: A unique Google-owned and Google-generated
+                              identity for the Connection. This identity will be used
+                              to access the user's AWS IAM Role.
+                            type: string
+                        type: object
+                    type: object
                   cloudResource:
                     properties:
                       serviceAccountID:

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_computeforwardingrules.compute.cnrm.cloud.google.com.yaml

@@ -473,7 +473,7 @@ spec:
                   For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
                   are valid.
                 properties:
-                  googleAPIBundle:
+                  googleAPIsBundle:
                     type: string
                   serviceAttachmentRef:
                     oneOf:

config/installbundle/components/clusterroles/cnrm_admin.yaml

@@ -1159,3 +1159,15 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - workstations.cnrm.cloud.google.com
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete

config/installbundle/components/clusterroles/cnrm_viewer.yaml

@@ -774,3 +774,11 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - workstations.cnrm.cloud.google.com
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch

config/tests/samples/create/harness.go

@@ -649,6 +649,8 @@ func MaybeSkip(t *testing.T, name string, resources []*unstructured.Unstructured
 
 			case schema.GroupKind{Group: "bigqueryconnection.cnrm.cloud.google.com", Kind: "BigQueryConnectionConnection"}:
 
+			case schema.GroupKind{Group: "bigquerydatatransfer.cnrm.cloud.google.com", Kind: "BigQueryDataTransferConfig"}:
+
 			case schema.GroupKind{Group: "gkehub.cnrm.cloud.google.com", Kind: "GKEHubFeature"}:
 			case schema.GroupKind{Group: "gkehub.cnrm.cloud.google.com", Kind: "GKEHubMembership"}:
 			case schema.GroupKind{Group: "gkehub.cnrm.cloud.google.com", Kind: "GKEHubFeatureMembership"}:
@@ -674,7 +676,7 @@ func MaybeSkip(t *testing.T, name string, resources []*unstructured.Unstructured
 			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeNodeGroup"}:
 			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeNodeTemplate"}:
 			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeManagedSSLCertificate"}:
-			//case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeServiceAttachment"}:
+			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeServiceAttachment"}:
 			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeSSLCertificate"}:
 			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeSubnetwork"}:
 			case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeTargetHTTPProxy"}:

dev/tasks/run-e2e

@@ -24,7 +24,7 @@ echo "Downloading envtest assets..."
 export KUBEBUILDER_ASSETS=$(go run sigs.k8s.io/controller-runtime/tools/setup-envtest@latest use -p path)
 
 if [[ -z "${KCC_USE_DIRECT_RECONCILERS:-}" ]]; then
-  KCC_USE_DIRECT_RECONCILERS=SQLInstance,ComputeForwardingRule,GKEHubFeatureMembership,CertificateManagerDNSAuthorization
+  KCC_USE_DIRECT_RECONCILERS=ComputeForwardingRule,GKEHubFeatureMembership,CertificateManagerDNSAuthorization
 fi
 echo "Using direct controllers: $KCC_USE_DIRECT_RECONCILERS"
 export KCC_USE_DIRECT_RECONCILERS

dev/tools/controllerbuilder/template/controller/controller.go

@@ -74,7 +74,7 @@ import (
 )
 
 const (
-	ctrlName = "{{.KCCService}}-controller"
+	ctrlName = "{{.KCCService}}-{{.ProtoResource | ToLower }}-controller"
     // TODO(user): Confirm service domain
 	serviceDomain = "//{{.KCCService}}.googleapis.com"
 )

docs/develop-resources/guides/2-define-apis.md

@@ -50,7 +50,7 @@ The apis directory to where to write the result to. Shall always be   $REPO_ROO
 
 The Config Connector resource kind, camel case. Normally it should contain the service name for example `SpannerInstance`, `SQLInstance`.
 
-* `--proto-source`
+* `--proto-resource`
 
 The proto name of the resource, you can find them in [https://github.com/googleapis/googleapis.git](https://github.com/googleapis/googleapis.git). For example, the SQLInstance is named `instance` under [https://github.com/googleapis/googleapis/tree/master/google/cloud/sql/v1beta4](https://github.com/googleapis/googleapis/tree/master/google/cloud/sql/v1beta4). The proto-source should be `instance` instead of `SQLInstance`
 

docs/develop-resources/guides/4-add-controller.md

@@ -4,7 +4,7 @@ Run the following command to generate a controller template
 
 ```
 cd dev/tools/controllerbuilder
-go run main.go add --service <YOUR_SERVICE> --api-version <VERSION> --resourceInKind <YOUR_RESOURCE>
+go run main.go add --service <YOUR_SERVICE> --api-version <VERSION> --kind <YOUR_RESOURCE> --proto-resource <PROTO_RESOURCE>
 ```
 
 Fix the generated code to make your SciFi running!

docs/releasenotes/release-1.123.md

@@ -12,7 +12,7 @@
   details about the Absent behavior can be found
   [here](https://cloud.google.com/config-connector/docs/concepts/ignore-unspecified-fields#absent).
 
-* You can use the `alpha.cnrm.cloud.google.com/reconciler: direct` label on `DataflowFlexTemplateJob` resource to opt-in
+* You can use the `alpha.cnrm.cloud.google.com/reconciler: direct` annotation on `DataflowFlexTemplateJob` resource to opt-in
 the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.
 
 

mockgcp/Makefile

@@ -65,6 +65,7 @@ gen-proto-no-fixup:
 		./third_party/googleapis/mockgcp/cloud/aiplatform/v1beta1/user_action_reference.proto \
 		./third_party/googleapis/mockgcp/cloud/alloydb/v1beta/*.proto \
 		./third_party/googleapis/mockgcp/cloud/bigquery/connection/v1/*.proto \
+		./third_party/googleapis/mockgcp/cloud/bigquery/datatransfer/v1/*.proto \
 		./third_party/googleapis/mockgcp/cloud/billing/v1/*.proto \
 		./third_party/googleapis/mockgcp/cloud/certificatemanager/v1/*.proto \
 		./third_party/googleapis/mockgcp/cloud/common/*.proto \