From f2ecf5bc29c0c2a2153dd8f51064a05faf537f92 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Tue, 10 Oct 2023 16:15:40 -0700 Subject: [PATCH 01/11] config to generate references for permission set --- config/provider.go | 2 ++ config/ssoadmin/config.go | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 config/ssoadmin/config.go diff --git a/config/provider.go b/config/provider.go index 4da72716b2..2ce4cb0ae1 100644 --- a/config/provider.go +++ b/config/provider.go @@ -96,6 +96,7 @@ import ( "github.com/upbound/provider-aws/config/sfn" "github.com/upbound/provider-aws/config/sns" "github.com/upbound/provider-aws/config/sqs" + "github.com/upbound/provider-aws/config/ssoadmin" "github.com/upbound/provider-aws/config/transfer" "github.com/upbound/provider-aws/hack" ) @@ -273,6 +274,7 @@ func GetProvider(ctx context.Context, generationProvider bool) (*config.Provider redshiftserverless.Configure, kendra.Configure, medialive.Configure, + ssoadmin.Configure, } { configure(pc) } diff --git a/config/ssoadmin/config.go b/config/ssoadmin/config.go new file mode 100644 index 0000000000..4d6ecaa4eb --- /dev/null +++ b/config/ssoadmin/config.go @@ -0,0 +1,17 @@ +package ssoadmin + +import ( + "github.com/crossplane/upjet/pkg/config" + + "github.com/upbound/provider-aws/config/common" +) + +// Configure adds configurations for the ssoadmin group. +func Configure(p *config.Provider) { + p.AddResourceConfigurator("aws_ssoadmin_account_assignment", func(r *config.Resource) { + r.References["permission_set_arn"] = config.Reference{ + TerraformName: "aws_ssoadmin_permission_set", + Extractor: common.PathARNExtractor, + } + }) +} From d992649a0d8f5d6f198dbf887bf34782966e170d Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Wed, 11 Oct 2023 10:40:44 -0700 Subject: [PATCH 02/11] example --- config/ssoadmin/config.go | 2 +- examples/ssoadmin/accountassignment.yaml | 29 ++++++++++++++++++++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/config/ssoadmin/config.go b/config/ssoadmin/config.go index 4d6ecaa4eb..17708b1937 100644 --- a/config/ssoadmin/config.go +++ b/config/ssoadmin/config.go @@ -11,7 +11,7 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("aws_ssoadmin_account_assignment", func(r *config.Resource) { r.References["permission_set_arn"] = config.Reference{ TerraformName: "aws_ssoadmin_permission_set", - Extractor: common.PathARNExtractor, + Extractor: common.PathARNExtractor, } }) } diff --git a/examples/ssoadmin/accountassignment.yaml b/examples/ssoadmin/accountassignment.yaml index f7bd31a196..1b977123de 100644 --- a/examples/ssoadmin/accountassignment.yaml +++ b/examples/ssoadmin/accountassignment.yaml @@ -4,17 +4,38 @@ metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/accountassignment upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed), permissionSetArn(The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal - access to), principalId(An identifier for an object in SSO, such as a user or group) and targetId(An AWS account identifier)" + the operation will be executed), principalId(An identifier for an object in SSO, such as a user or group) and targetId(An AWS account identifier)" labels: testing.upbound.io/example-name: example name: example spec: forProvider: - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} - permissionSetArn: ${data.aws_ssoadmin_permission_set.example.arn} + instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin/v1beta1/accountassignment principalId: ${data.aws_identitystore_group.example.group_id} principalType: GROUP region: us-east-1 targetId: "012347678910" targetType: AWS_ACCOUNT + +--- +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/accountassignment + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which + the operation will be executed)." + labels: + testing.upbound.io/example-name: ssoadmin/v1beta1/accountassignment + name: example +spec: + forProvider: + description: An example + instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + name: Example + region: us-east-1 + relayState: https://s3.console.aws.amazon.com/s3/home?region=us-east-1# + sessionDuration: PT2H From 120646b932ef024f1f408298aad832b23c767bd8 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 20 Oct 2023 09:10:17 -0700 Subject: [PATCH 03/11] add 3 resources in identitystore group to v1beta1 --- config/externalname.go | 30 +++++++++++ config/externalnamenottested.go | 9 ---- config/identitystore/config.go | 14 +++++ config/provider.go | 2 + examples/identitystore/group.yaml | 15 ++++++ examples/identitystore/groupmembership.yaml | 58 +++++++++++++++++++++ examples/identitystore/user.yaml | 20 +++++++ 7 files changed, 139 insertions(+), 9 deletions(-) create mode 100644 config/identitystore/config.go create mode 100644 examples/identitystore/group.yaml create mode 100644 examples/identitystore/groupmembership.yaml create mode 100644 examples/identitystore/user.yaml diff --git a/config/externalname.go b/config/externalname.go index e20445733d..d0f3a3229b 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2461,6 +2461,15 @@ var NoForkExternalNameConfigs = map[string]config.ExternalName{ // Example: arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 "aws_ssoadmin_permission_set_inline_policy": config.TemplatedStringAsIdentifier("", "{{ .parameters.permission_set_arn }},{{ .parameters.instance_arn }}"), + // identitystore + // + // An Identity Store Group can be imported using the combination identity_store_id/group_id + "aws_identitystore_group": TemplatedStringAsProviderDefinedIdentifier("{{ .parameters.identity_store_id }}/{{ .external_name }}"), + // aws_identitystore_group_membership can be imported using the identity_store_id/membership_id + "aws_identitystore_group_membership": TemplatedStringAsProviderDefinedIdentifier("{{ .parameters.identity_store_id }}/{{ .external_name }}"), + // An Identity Store User can be imported using the combination identity_store_id/user_id + "aws_identitystore_user": TemplatedStringAsProviderDefinedIdentifier("{{ .parameters.identity_store_id }}/{{ .external_name }}"), + // applicationinsights // // ApplicationInsights Applications can be imported using the resource_group_name @@ -2880,11 +2889,32 @@ func FormattedIdentifierUserDefinedNameFirst(param, separator string, keys ...st return e } +// TemplatedStringAsProviderDefinedIdentifier uses TemplatedStringAsIdentifier but +// without the name initializer, and with a GetIdFn that exits early if the external name is empty. +// This allows it to be used in cases where the ID is constructed with parameters and a provider-defined value, meaning +// no user-defined input. Since the external name is not user-defined, the name +// initializer has to be disabled. +func TemplatedStringAsProviderDefinedIdentifier(tmpl string) config.ExternalName { + e := config.TemplatedStringAsIdentifier("", tmpl) + e.DisableNameInitializer = true + getId := e.GetIDFn + e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { + if externalName == "" { + return "", nil + } + return getId(ctx, externalName, parameters, cfg) + } + return e +} + // TemplatedStringAsIdentifierWithNoName uses TemplatedStringAsIdentifier but // without the name initializer. This allows it to be used in cases where the ID // is constructed with parameters and a provider-defined value, meaning no // user-defined input. Since the external name is not user-defined, the name // initializer has to be disabled. +// TODO: This seems to have some problems with handling the initial creation, when +// the parameters in the template are defined but the external name is empty, because +// the provider hasn't assigned its provider-defined identifier yet. func TemplatedStringAsIdentifierWithNoName(tmpl string) config.ExternalName { e := config.TemplatedStringAsIdentifier("", tmpl) e.DisableNameInitializer = true diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 2df591ef5b..0aeb121d0a 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -616,15 +616,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ // Amazon File Cache cache can be imported using the resource id "aws_fsx_file_cache": config.IdentifierFromProvider, - // identitystore - // - // An Identity Store Group can be imported using the combination identity_store_id/group_id - "aws_identitystore_group": config.TemplatedStringAsIdentifier("", "{{ .parameters.identity_store_id }}/{{ .external_name }}"), - // aws_identitystore_group_membership can be imported using the identity_store_id/membership_id - "aws_identitystore_group_membership": config.TemplatedStringAsIdentifier("", "{{ .parameters.identity_store_id }}/{{ .external_name }}"), - // An Identity Store User can be imported using the combination identity_store_id/user_id - "aws_identitystore_user": config.TemplatedStringAsIdentifier("", "{{ .parameters.identity_store_id }}/{{ .external_name }}"), - // inspector2 // // Inspector V2 Delegated Admin Account can be imported using the account_id diff --git a/config/identitystore/config.go b/config/identitystore/config.go new file mode 100644 index 0000000000..4b744e8731 --- /dev/null +++ b/config/identitystore/config.go @@ -0,0 +1,14 @@ +package identitystore + +import ( + "github.com/crossplane/upjet/pkg/config" +) + +// Configure adds configurations for the identitystore group. +func Configure(p *config.Provider) { + p.AddResourceConfigurator("aws_identitystore_group", func(r *config.Resource) { + // Display name is required by terraform, and while it's not part of the external name or terraform id, it is + // how the group is displayed, and it's immutable. + r.ExternalName.IdentifierFields = append(r.ExternalName.IdentifierFields, "display_name") + }) +} diff --git a/config/provider.go b/config/provider.go index 2ce4cb0ae1..be6cd5c94a 100644 --- a/config/provider.go +++ b/config/provider.go @@ -61,6 +61,7 @@ import ( "github.com/upbound/provider-aws/config/glue" "github.com/upbound/provider-aws/config/grafana" "github.com/upbound/provider-aws/config/iam" + "github.com/upbound/provider-aws/config/identitystore" "github.com/upbound/provider-aws/config/kafka" "github.com/upbound/provider-aws/config/kendra" "github.com/upbound/provider-aws/config/kinesis" @@ -275,6 +276,7 @@ func GetProvider(ctx context.Context, generationProvider bool) (*config.Provider kendra.Configure, medialive.Configure, ssoadmin.Configure, + identitystore.Configure, } { configure(pc) } diff --git a/examples/identitystore/group.yaml b/examples/identitystore/group.yaml new file mode 100644 index 0000000000..8432cc18e7 --- /dev/null +++ b/examples/identitystore/group.yaml @@ -0,0 +1,15 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/group + upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" + labels: + testing.upbound.io/example-name: this + name: this +spec: + forProvider: + description: Example description + displayName: Example group + identityStoreId: FILL IN MANUALLY + region: us-east-1 diff --git a/examples/identitystore/groupmembership.yaml b/examples/identitystore/groupmembership.yaml new file mode 100644 index 0000000000..cdede12ba9 --- /dev/null +++ b/examples/identitystore/groupmembership.yaml @@ -0,0 +1,58 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: GroupMembership +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + groupIdSelector: + matchLabels: + testing.upbound.io/example-name: example + identityStoreId: FILL IN MANUALLY + memberIdSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-east-1 + +--- + +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: Some group name + displayName: MyGroup + identityStoreId: FILL IN MANUALLY + region: us-east-1 + +--- + +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: John Doe + identityStoreId: FILL IN MANUALLY + name: + - familyName: Doe + givenName: John + region: us-east-1 + userName: john.doe@example.com diff --git a/examples/identitystore/user.yaml b/examples/identitystore/user.yaml new file mode 100644 index 0000000000..86306a48c4 --- /dev/null +++ b/examples/identitystore/user.yaml @@ -0,0 +1,20 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/user + upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: John Doe + emails: + - value: john@example.com + identityStoreId: FILL IN MANUALLY + name: + - familyName: Doe + givenName: John + region: us-east-1 + userName: johndoe From 553b84b095b244b492a7b439cad5a3f31ad537d8 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 20 Oct 2023 09:21:55 -0700 Subject: [PATCH 04/11] Add 3 resources in ssoadmin to v1beta1 --- config/externalname.go | 66 ++++++++++++++++++++++++++++++++- config/externalnamenottested.go | 7 ---- config/ssoadmin/config.go | 19 ++++++++++ 3 files changed, 84 insertions(+), 8 deletions(-) diff --git a/config/externalname.go b/config/externalname.go index d0f3a3229b..c3afe3e77b 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2449,17 +2449,31 @@ var NoForkExternalNameConfigs = map[string]config.ExternalName{ // // SSO Account Assignments can be imported using the principal_id, principal_type, target_id, target_type, permission_set_arn, instance_arn separated by commas (,) // Example: f81d4fae-7dec-11d0-a765-00a0c91e6bf6,GROUP,1234567890,AWS_ACCOUNT,arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef,arn:aws:sso:::instance/ssoins-0123456789abcdef + // This can't really be normalized. "aws_ssoadmin_account_assignment": config.TemplatedStringAsIdentifier("", "{{ .parameters.principal_id }},{{ .parameters.principal_type }},{{ .parameters.target_id }},{{ .parameters.target_type }},{{ .parameters.permission_set_arn }},{{ .parameters.instance_arn }}"), // SSO Managed Policy Attachments can be imported using the managed_policy_arn, permission_set_arn, and instance_arn separated by a comma (,) // Example: arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup,arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 + // This can't really be normalized. "aws_ssoadmin_managed_policy_attachment": config.TemplatedStringAsIdentifier("", "{{ .parameters.managed_policy_arn }},{{ .parameters.permission_set_arn }},{{ .parameters.instance_arn}}"), // SSO Permission Sets can be imported using the arn and instance_arn separated by a comma (,) // Example: arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 - // TODO: Normalize external_name while testing + // TODO: Normalize to the permission set id once breaking changes are acceptable or multiple versions are supported "aws_ssoadmin_permission_set": config.IdentifierFromProvider, + // SSO Managed Policy Attachments can be imported using the name, path, permission_set_arn, and instance_arn separated by a comma (,) + // Example: TestPolicy,/,arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 + // This can't really be normalized. + "aws_ssoadmin_customer_managed_policy_attachment": config.TemplatedStringAsIdentifier("", "{{ (index .parameters.customer_managed_policy_reference 0).name }},{{ (index .parameters.customer_managed_policy_reference 0).path }},{{ .parameters.permission_set_arn }},{{ .parameters.instance_arn }}"), + // SSO Instance Access Control Attributes can be imported using the instance_arn + "aws_ssoadmin_instance_access_control_attributes": config.TemplatedStringAsIdentifier("", "{{ .parameters.instance_arn }}"), + // The best name is the permission set id // SSO Permission Set Inline Policies can be imported using the permission_set_arn and instance_arn separated by a comma (,) // Example: arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 + // TODO: Normalize to the permission set id once breaking changes are acceptable or multiple versions are supported "aws_ssoadmin_permission_set_inline_policy": config.TemplatedStringAsIdentifier("", "{{ .parameters.permission_set_arn }},{{ .parameters.instance_arn }}"), + // The best name is the permission set id + // SSO Admin Permissions Boundary Attachments can be imported using the permission_set_arn and instance_arn, separated by a comma (,) + // Example: arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 + "aws_ssoadmin_permissions_boundary_attachment": PermissionSetIdAsExternalName(), // identitystore // @@ -2785,6 +2799,56 @@ func route() config.ExternalName { return e } +// PermissionSetIdAsExternalName uses the id of the permission set (ps-80383020jr9302rk) as the external name, with +// the comma-separated pair permission_set_arn,instance_arn as the terraform id, when both arns are parameters and known +// ahead of time. +// Example: arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 +func PermissionSetIdAsExternalName() config.ExternalName { + return config.ExternalName{ + SetIdentifierArgumentFn: config.NopSetIdentifierArgument, + IdentifierFields: []string{"instance_arn", "permission_set_arn"}, + GetExternalNameFn: getPermissionSetId, + GetIDFn: func(ctx context.Context, externalName string, parameters map[string]any, setup map[string]any) (string, error) { + if externalName == "" { + psa, ok := parameters["permission_set_arn"] + if !ok { + return "", errors.New("permission_set_arn cannot be empty") + } + psaStr, ok := psa.(string) + if !ok { + return "", errors.New("value of permission_set_arn needs to be a string") + } + externalName = strings.Split(psaStr, "/")[2] + } + ia, ok := parameters["instance_arn"] + if !ok { + return "", errors.New("instance_arn cannot be empty") + } + + iaStr, ok := ia.(string) + if !ok { + return "", errors.New("value of instance_arn needs to be a string") + } + instanceId := strings.Split(iaStr, "/")[1] + + return fmt.Sprintf("arn:aws:sso:::permissionSet/%s/%s,%s", instanceId, externalName, iaStr), nil + }, + DisableNameInitializer: true, + } +} + +// getPermissionSetId extracts the id of the permission set to use as an external name, from a terraform id formed by +// a comma-separated pair of ARNs, permission_set_arn,instance_arn. +// Example: arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 +func getPermissionSetId(tfstate map[string]any) (string, error) { + id, ok := tfstate["id"] + if !ok { + return "", errors.New("id does not exist in tfstate") + } + arn := strings.Split(id.(string), ",")[0] + return strings.Split(arn, "/")[2], nil +} + // FormattedIdentifierFromProvider is a helper function to construct Terraform // IDs that use elements from the parameters in a certain string format. // It should be used in cases where all information in the ID is gathered from diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 0aeb121d0a..c31a502fdc 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -747,13 +747,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ // ssoadmin // - // SSO Managed Policy Attachments can be imported using the name, path, permission_set_arn, and instance_arn separated by a comma (,) - // Example: TestPolicy,/,arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 - "aws_ssoadmin_customer_managed_policy_attachment": config.IdentifierFromProvider, - // SSO Account Assignments can be imported using the instance_arn - "aws_ssoadmin_instance_access_control_attributes": config.ParameterAsIdentifier("instance_arn"), - // SSO Admin Permissions Boundary Attachments can be imported using the permission_set_arn and instance_arn, separated by a comma (,) - "aws_ssoadmin_permissions_boundary_attachment": config.IdentifierFromProvider, // transcribe // diff --git a/config/ssoadmin/config.go b/config/ssoadmin/config.go index 17708b1937..960dc5a53f 100644 --- a/config/ssoadmin/config.go +++ b/config/ssoadmin/config.go @@ -9,9 +9,28 @@ import ( // Configure adds configurations for the ssoadmin group. func Configure(p *config.Provider) { p.AddResourceConfigurator("aws_ssoadmin_account_assignment", func(r *config.Resource) { + r.References["principal_id"] = config.Reference{ + TerraformName: "aws_identitystore_group", + Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("group_id",true)`, + RefFieldName: "PrincipalGroupRef", + SelectorFieldName: "PrincipalGroupSelector", + } r.References["permission_set_arn"] = config.Reference{ TerraformName: "aws_ssoadmin_permission_set", Extractor: common.PathARNExtractor, } }) + p.AddResourceConfigurator("aws_ssoadmin_customer_managed_policy_attachment", func(r *config.Resource) { + r.References["customer_managed_policy_reference.name"] = config.Reference{ + TerraformName: "aws_iam_policy", + RefFieldName: "PolicyNameRef", + SelectorFieldName: "PolicyNameSelector", + } + }) + p.AddResourceConfigurator("aws_ssoadmin_permission_set_inline_policy", func(r *config.Resource) { + r.References["instance_arn"] = config.Reference{ + TerraformName: "aws_ssoadmin_permission_set", + Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("instance_arn",false)`, + } + }) } From 29553b6508d4c041804d88aeca8b26a2869c14c0 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 20 Oct 2023 09:33:04 -0700 Subject: [PATCH 05/11] Examples for all 7 ssoadmin resources --- examples/ssoadmin/accountassignment.yaml | 35 +++++++--- .../customermanagedpolicyattachment.yaml | 66 +++++++++++++++++++ .../instanceaccesscontrolattributes.yaml | 23 +++++++ .../ssoadmin/managedpolicyattachment.yaml | 14 ++-- .../permissionsboundaryattachment.yaml | 66 +++++++++++++++++++ examples/ssoadmin/permissionset.yaml | 6 +- .../ssoadmin/permissionsetinlinepolicy.yaml | 17 ++--- 7 files changed, 200 insertions(+), 27 deletions(-) create mode 100644 examples/ssoadmin/customermanagedpolicyattachment.yaml create mode 100644 examples/ssoadmin/instanceaccesscontrolattributes.yaml create mode 100644 examples/ssoadmin/permissionsboundaryattachment.yaml diff --git a/examples/ssoadmin/accountassignment.yaml b/examples/ssoadmin/accountassignment.yaml index 1b977123de..454a0817d9 100644 --- a/examples/ssoadmin/accountassignment.yaml +++ b/examples/ssoadmin/accountassignment.yaml @@ -4,17 +4,19 @@ metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/accountassignment upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed), principalId(An identifier for an object in SSO, such as a user or group) and targetId(An AWS account identifier)" + the operation will be executed) and targetId(An AWS account identifier)" labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: ssoadmin-accountassignment + name: ssoadmin-accountassignment spec: forProvider: instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE permissionSetArnSelector: matchLabels: - testing.upbound.io/example-name: ssoadmin/v1beta1/accountassignment - principalId: ${data.aws_identitystore_group.example.group_id} + testing.upbound.io/example-name: ssoadmin-accountassignment + principalGroupSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-accountassignment principalType: GROUP region: us-east-1 targetId: "012347678910" @@ -29,13 +31,28 @@ metadata: upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: - testing.upbound.io/example-name: ssoadmin/v1beta1/accountassignment - name: example + testing.upbound.io/example-name: ssoadmin-accountassignment + name: ssoadmin-accountassignment spec: forProvider: description: An example instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE - name: Example + name: example-acct-assignment region: us-east-1 - relayState: https://s3.console.aws.amazon.com/s3/home?region=us-east-1# sessionDuration: PT2H + +--- +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/accountassignment + upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" + labels: + testing.upbound.io/example-name: ssoadmin-accountassignment + name: ssoadmin-accountassignment +spec: + forProvider: + identityStoreId: FILL IN MANUALLY + region: us-east-1 + displayName: example-acct-assignment diff --git a/examples/ssoadmin/customermanagedpolicyattachment.yaml b/examples/ssoadmin/customermanagedpolicyattachment.yaml new file mode 100644 index 0000000000..61b9e3ed04 --- /dev/null +++ b/examples/ssoadmin/customermanagedpolicyattachment.yaml @@ -0,0 +1,66 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: CustomerManagedPolicyAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + name: ssoadmin-customer-managed-policy-attachment +spec: + deletionPolicy: Delete + forProvider: + customerManagedPolicyReference: + - policyNameSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + path: "/" + instanceArnSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + region: us-east-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + name: ssoadmin-customer-managed-policy-attachment +spec: + forProvider: + description: My test policy + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "ec2:Describe*", + "Resource": "*" + } + ] + } + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which + the operation will be executed)." + name: ssoadmin-customer-managed-policy-attachment +spec: + forProvider: + instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + name: example-cmpa + region: us-east-1 diff --git a/examples/ssoadmin/instanceaccesscontrolattributes.yaml b/examples/ssoadmin/instanceaccesscontrolattributes.yaml new file mode 100644 index 0000000000..5886f7a533 --- /dev/null +++ b/examples/ssoadmin/instanceaccesscontrolattributes.yaml @@ -0,0 +1,23 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: InstanceAccessControlAttributes +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/instanceaccesscontrolattributes + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which + the operation will be executed)." + labels: + testing.upbound.io/example-name: ssoadmin-instance-access-control-attributes + name: ssoadmin-instance-access-control-attributes +spec: + forProvider: + instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + attribute: + - key: name + value: + - source: + - $${path:name.givenName} + - key: last + value: + - source: + - $${path:name.familyName} + region: us-east-1 diff --git a/examples/ssoadmin/managedpolicyattachment.yaml b/examples/ssoadmin/managedpolicyattachment.yaml index 6ffb35ed5a..7d3efdd536 100644 --- a/examples/ssoadmin/managedpolicyattachment.yaml +++ b/examples/ssoadmin/managedpolicyattachment.yaml @@ -3,18 +3,18 @@ kind: ManagedPolicyAttachment metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/managedpolicyattachment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: ssoadmin-managed-policy-attachment + name: ssoadmin-managed-policy-attachment spec: forProvider: instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} managedPolicyArn: arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup permissionSetArnSelector: matchLabels: - testing.upbound.io/example-name: example + testing.upbound.io/example-name: ssoadmin-managed-policy-attachment region: us-east-1 --- @@ -27,10 +27,10 @@ metadata: upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: ssoadmin-managed-policy-attachment + name: ssoadmin-managed-policy-attachment spec: forProvider: instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} - name: Example + name: example-mpa region: us-east-1 diff --git a/examples/ssoadmin/permissionsboundaryattachment.yaml b/examples/ssoadmin/permissionsboundaryattachment.yaml new file mode 100644 index 0000000000..0c1f8deb6c --- /dev/null +++ b/examples/ssoadmin/permissionsboundaryattachment.yaml @@ -0,0 +1,66 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionsBoundaryAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + name: ssoadmin-permissions-boundary-attachment +spec: + forProvider: + instanceArnSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + permissionsBoundary: + - customerManagedPolicyReference: + - nameSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + path: / + region: us-east-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + name: ssoadmin-permissions-boundary-attachment +spec: + forProvider: + description: My test policy + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "ec2:Describe*", + "Resource": "*" + } + ] + } + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which + the operation will be executed)." + labels: + testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + name: ssoadmin-permissions-boundary-attachment +spec: + forProvider: + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + name: example-pba + region: us-east-1 diff --git a/examples/ssoadmin/permissionset.yaml b/examples/ssoadmin/permissionset.yaml index 145e5f5125..0657f07342 100644 --- a/examples/ssoadmin/permissionset.yaml +++ b/examples/ssoadmin/permissionset.yaml @@ -6,13 +6,13 @@ metadata: upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: ssoadmin-permission-set + name: ssoadmin-permission-set spec: forProvider: description: An example instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} - name: Example + name: example-ps region: us-east-1 relayState: https://s3.console.aws.amazon.com/s3/home?region=us-east-1# sessionDuration: PT2H diff --git a/examples/ssoadmin/permissionsetinlinepolicy.yaml b/examples/ssoadmin/permissionsetinlinepolicy.yaml index b989e45d38..27ca30786c 100644 --- a/examples/ssoadmin/permissionsetinlinepolicy.yaml +++ b/examples/ssoadmin/permissionsetinlinepolicy.yaml @@ -6,21 +6,22 @@ metadata: upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy + name: ssoadmin-permission-set-inline-policy spec: forProvider: - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + instanceArnSelector: + matchLabels: + testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy permissionSetArnSelector: matchLabels: - testing.upbound.io/example-name: example + testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy region: us-east-1 inlinePolicy: | { "Version": "2012-10-17", "Statement": [ { - "Sid": "1", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", @@ -41,10 +42,10 @@ metadata: upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy + name: ssoadmin-permission-set-inline-policy spec: forProvider: instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} - name: Example + name: example-inline region: us-east-1 From 6c490aa340d5076295983f06d011024ed6ea8292 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 20 Oct 2023 14:28:46 -0700 Subject: [PATCH 06/11] Use unique names for identitystore examples so they can all be tested at once --- examples/identitystore/group.yaml | 4 ++-- examples/identitystore/groupmembership.yaml | 16 ++++++++-------- examples/identitystore/user.yaml | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/examples/identitystore/group.yaml b/examples/identitystore/group.yaml index 8432cc18e7..eb33c30baa 100644 --- a/examples/identitystore/group.yaml +++ b/examples/identitystore/group.yaml @@ -5,8 +5,8 @@ metadata: meta.upbound.io/example-id: identitystore/v1beta1/group upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" labels: - testing.upbound.io/example-name: this - name: this + testing.upbound.io/example-name: example-group + name: example-group spec: forProvider: description: Example description diff --git a/examples/identitystore/groupmembership.yaml b/examples/identitystore/groupmembership.yaml index cdede12ba9..cf4f9dbc85 100644 --- a/examples/identitystore/groupmembership.yaml +++ b/examples/identitystore/groupmembership.yaml @@ -5,17 +5,17 @@ metadata: meta.upbound.io/example-id: identitystore/v1beta1/groupmembership upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: example-membership + name: example-membership spec: forProvider: groupIdSelector: matchLabels: - testing.upbound.io/example-name: example + testing.upbound.io/example-name: example-membership identityStoreId: FILL IN MANUALLY memberIdSelector: matchLabels: - testing.upbound.io/example-name: example + testing.upbound.io/example-name: example-membership region: us-east-1 --- @@ -27,8 +27,8 @@ metadata: meta.upbound.io/example-id: identitystore/v1beta1/groupmembership upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: example-membership + name: example-membership spec: forProvider: description: Some group name @@ -45,8 +45,8 @@ metadata: meta.upbound.io/example-id: identitystore/v1beta1/groupmembership upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: example-membership + name: example-membership spec: forProvider: displayName: John Doe diff --git a/examples/identitystore/user.yaml b/examples/identitystore/user.yaml index 86306a48c4..b9e4940afb 100644 --- a/examples/identitystore/user.yaml +++ b/examples/identitystore/user.yaml @@ -5,8 +5,8 @@ metadata: meta.upbound.io/example-id: identitystore/v1beta1/user upjet.upbound.io/manual-intervention: "This resource requires a valid identityStoreId" labels: - testing.upbound.io/example-name: example - name: example + testing.upbound.io/example-name: example-user + name: example-user spec: forProvider: displayName: John Doe From 93754b999c222d34a6f4e599379abbca1fb91a25 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Tue, 24 Oct 2023 13:28:22 -0700 Subject: [PATCH 07/11] update examples --- examples/identitystore/group.yaml | 2 +- examples/identitystore/groupmembership.yaml | 6 +++--- examples/identitystore/user.yaml | 2 +- examples/ssoadmin/accountassignment.yaml | 12 +++++------- .../ssoadmin/customermanagedpolicyattachment.yaml | 10 ++++------ .../ssoadmin/instanceaccesscontrolattributes.yaml | 5 ++--- examples/ssoadmin/managedpolicyattachment.yaml | 10 ++++------ examples/ssoadmin/permissionsboundaryattachment.yaml | 10 ++++------ examples/ssoadmin/permissionset.yaml | 5 ++--- examples/ssoadmin/permissionsetinlinepolicy.yaml | 12 ++++-------- 10 files changed, 30 insertions(+), 44 deletions(-) diff --git a/examples/identitystore/group.yaml b/examples/identitystore/group.yaml index eb33c30baa..1a7a1fab3c 100644 --- a/examples/identitystore/group.yaml +++ b/examples/identitystore/group.yaml @@ -11,5 +11,5 @@ spec: forProvider: description: Example description displayName: Example group - identityStoreId: FILL IN MANUALLY + identityStoreId: Identity store id from a manually created SSO instance in the same region specified below region: us-east-1 diff --git a/examples/identitystore/groupmembership.yaml b/examples/identitystore/groupmembership.yaml index cf4f9dbc85..05346662c6 100644 --- a/examples/identitystore/groupmembership.yaml +++ b/examples/identitystore/groupmembership.yaml @@ -12,7 +12,7 @@ spec: groupIdSelector: matchLabels: testing.upbound.io/example-name: example-membership - identityStoreId: FILL IN MANUALLY + identityStoreId: Identity store id from a manually created SSO instance in the same region specified below memberIdSelector: matchLabels: testing.upbound.io/example-name: example-membership @@ -33,7 +33,7 @@ spec: forProvider: description: Some group name displayName: MyGroup - identityStoreId: FILL IN MANUALLY + identityStoreId: Identity store id from a manually created SSO instance in the same region specified below region: us-east-1 --- @@ -50,7 +50,7 @@ metadata: spec: forProvider: displayName: John Doe - identityStoreId: FILL IN MANUALLY + identityStoreId: Identity store id from a manually created SSO instance in the same region specified below name: - familyName: Doe givenName: John diff --git a/examples/identitystore/user.yaml b/examples/identitystore/user.yaml index b9e4940afb..eaece45762 100644 --- a/examples/identitystore/user.yaml +++ b/examples/identitystore/user.yaml @@ -12,7 +12,7 @@ spec: displayName: John Doe emails: - value: john@example.com - identityStoreId: FILL IN MANUALLY + identityStoreId: Identity store id from a manually created SSO instance in the same region specified below name: - familyName: Doe givenName: John diff --git a/examples/ssoadmin/accountassignment.yaml b/examples/ssoadmin/accountassignment.yaml index 454a0817d9..4cb412082b 100644 --- a/examples/ssoadmin/accountassignment.yaml +++ b/examples/ssoadmin/accountassignment.yaml @@ -3,14 +3,13 @@ kind: AccountAssignment metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/accountassignment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed) and targetId(An AWS account identifier)" + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-accountassignment name: ssoadmin-accountassignment spec: forProvider: - instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + instanceArn: ARN of a manually created SSO instance in the same region specified below permissionSetArnSelector: matchLabels: testing.upbound.io/example-name: ssoadmin-accountassignment @@ -28,15 +27,14 @@ kind: PermissionSet metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/accountassignment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-accountassignment name: ssoadmin-accountassignment spec: forProvider: description: An example - instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + instanceArn: ARN of a manually created SSO instance in the same region specified below name: example-acct-assignment region: us-east-1 sessionDuration: PT2H @@ -53,6 +51,6 @@ metadata: name: ssoadmin-accountassignment spec: forProvider: - identityStoreId: FILL IN MANUALLY + identityStoreId: identity store id from a manually created SSO instance in the same region specified below region: us-east-1 displayName: example-acct-assignment diff --git a/examples/ssoadmin/customermanagedpolicyattachment.yaml b/examples/ssoadmin/customermanagedpolicyattachment.yaml index 61b9e3ed04..c66d7aa6e9 100644 --- a/examples/ssoadmin/customermanagedpolicyattachment.yaml +++ b/examples/ssoadmin/customermanagedpolicyattachment.yaml @@ -3,6 +3,7 @@ kind: CustomerManagedPolicyAttachment metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment name: ssoadmin-customer-managed-policy-attachment @@ -14,9 +15,7 @@ spec: matchLabels: testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment path: "/" - instanceArnSelector: - matchLabels: - testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment + instanceArn: ARN of a manually created SSO instance in the same region specified below permissionSetArnSelector: matchLabels: testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment @@ -54,13 +53,12 @@ kind: PermissionSet metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-customer-managed-policy-attachment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." name: ssoadmin-customer-managed-policy-attachment spec: forProvider: - instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + instanceArn: ARN of a manually created SSO instance in the same region specified below name: example-cmpa region: us-east-1 diff --git a/examples/ssoadmin/instanceaccesscontrolattributes.yaml b/examples/ssoadmin/instanceaccesscontrolattributes.yaml index 5886f7a533..0107fad73a 100644 --- a/examples/ssoadmin/instanceaccesscontrolattributes.yaml +++ b/examples/ssoadmin/instanceaccesscontrolattributes.yaml @@ -3,14 +3,13 @@ kind: InstanceAccessControlAttributes metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/instanceaccesscontrolattributes - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-instance-access-control-attributes name: ssoadmin-instance-access-control-attributes spec: forProvider: - instanceArn: ARN_OF_MANUALLY_CREATED_SSO_INSTANCE + instanceArn: ARN of a manually created SSO instance in the same region specified below attribute: - key: name value: diff --git a/examples/ssoadmin/managedpolicyattachment.yaml b/examples/ssoadmin/managedpolicyattachment.yaml index 7d3efdd536..d9743a69a0 100644 --- a/examples/ssoadmin/managedpolicyattachment.yaml +++ b/examples/ssoadmin/managedpolicyattachment.yaml @@ -3,14 +3,13 @@ kind: ManagedPolicyAttachment metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/managedpolicyattachment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-managed-policy-attachment name: ssoadmin-managed-policy-attachment spec: forProvider: - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + instanceArn: ARN of a manually created SSO instance in the same region specified below managedPolicyArn: arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup permissionSetArnSelector: matchLabels: @@ -24,13 +23,12 @@ kind: PermissionSet metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/managedpolicyattachment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-managed-policy-attachment name: ssoadmin-managed-policy-attachment spec: forProvider: - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + instanceArn: ARN of a manually created SSO instance in the same region specified below name: example-mpa region: us-east-1 diff --git a/examples/ssoadmin/permissionsboundaryattachment.yaml b/examples/ssoadmin/permissionsboundaryattachment.yaml index 0c1f8deb6c..9e97fbf012 100644 --- a/examples/ssoadmin/permissionsboundaryattachment.yaml +++ b/examples/ssoadmin/permissionsboundaryattachment.yaml @@ -3,14 +3,13 @@ kind: PermissionsBoundaryAttachment metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment name: ssoadmin-permissions-boundary-attachment spec: forProvider: - instanceArnSelector: - matchLabels: - testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment + instanceArn: ARN of a manually created SSO instance in the same region specified below permissionSetArnSelector: matchLabels: testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment @@ -54,13 +53,12 @@ kind: PermissionSet metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-permissions-boundary-attachment name: ssoadmin-permissions-boundary-attachment spec: forProvider: - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + instanceArn: ARN of a manually created SSO instance in the same region specified below name: example-pba region: us-east-1 diff --git a/examples/ssoadmin/permissionset.yaml b/examples/ssoadmin/permissionset.yaml index 0657f07342..fc9188a3af 100644 --- a/examples/ssoadmin/permissionset.yaml +++ b/examples/ssoadmin/permissionset.yaml @@ -3,15 +3,14 @@ kind: PermissionSet metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/permissionset - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-permission-set name: ssoadmin-permission-set spec: forProvider: description: An example - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + instanceArn: ARN of a manually created SSO instance in the same region specified below name: example-ps region: us-east-1 relayState: https://s3.console.aws.amazon.com/s3/home?region=us-east-1# diff --git a/examples/ssoadmin/permissionsetinlinepolicy.yaml b/examples/ssoadmin/permissionsetinlinepolicy.yaml index 27ca30786c..a70eb70aad 100644 --- a/examples/ssoadmin/permissionsetinlinepolicy.yaml +++ b/examples/ssoadmin/permissionsetinlinepolicy.yaml @@ -3,16 +3,13 @@ kind: PermissionSetInlinePolicy metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsetinlinepolicy - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy name: ssoadmin-permission-set-inline-policy spec: forProvider: - instanceArnSelector: - matchLabels: - testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy + instanceArn: ARN of a manually created SSO instance in the same region specified below permissionSetArnSelector: matchLabels: testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy @@ -39,13 +36,12 @@ kind: PermissionSet metadata: annotations: meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsetinlinepolicy - upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which - the operation will be executed)." + upjet.upbound.io/manual-intervention: "This resource requires a valid instanceArn(The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed)." labels: testing.upbound.io/example-name: ssoadmin-permission-set-inline-policy name: ssoadmin-permission-set-inline-policy spec: forProvider: - instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + instanceArn: ARN of a manually created SSO instance in the same region specified below name: example-inline region: us-east-1 From af600527a22aa664c2bbdbb0fa4c4356097d970b Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Tue, 24 Oct 2023 13:28:49 -0700 Subject: [PATCH 08/11] Remove reference to sso instance via permission_set --- config/ssoadmin/config.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/config/ssoadmin/config.go b/config/ssoadmin/config.go index 960dc5a53f..5fc3449830 100644 --- a/config/ssoadmin/config.go +++ b/config/ssoadmin/config.go @@ -26,11 +26,14 @@ func Configure(p *config.Provider) { RefFieldName: "PolicyNameRef", SelectorFieldName: "PolicyNameSelector", } + // + delete(r.References, "instance_arn") }) p.AddResourceConfigurator("aws_ssoadmin_permission_set_inline_policy", func(r *config.Resource) { - r.References["instance_arn"] = config.Reference{ - TerraformName: "aws_ssoadmin_permission_set", - Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("instance_arn",false)`, - } + delete(r.References, "instance_arn") }) + p.AddResourceConfigurator("aws_ssoadmin_permissions_boundary_attachment", func(r *config.Resource) { + delete(r.References, "instance_arn") + }) + } From 33b7d0201d867695d2b45f18f9d044981fe099dc Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Wed, 25 Oct 2023 11:27:52 -0700 Subject: [PATCH 09/11] Rename and document AccountAssignment principalId ref/selector fields --- config/ssoadmin/config.go | 9 ++++++--- examples/ssoadmin/accountassignment.yaml | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/config/ssoadmin/config.go b/config/ssoadmin/config.go index 5fc3449830..ca199711f9 100644 --- a/config/ssoadmin/config.go +++ b/config/ssoadmin/config.go @@ -11,10 +11,13 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("aws_ssoadmin_account_assignment", func(r *config.Resource) { r.References["principal_id"] = config.Reference{ TerraformName: "aws_identitystore_group", - Extractor: `github.com/crossplane/upjet/pkg/resource.ExtractParamPath("group_id",true)`, - RefFieldName: "PrincipalGroupRef", - SelectorFieldName: "PrincipalGroupSelector", + RefFieldName: "PrincipalIDFromGroupRef", + SelectorFieldName: "PrincipalIDFromGroupSelector", } + r.MetaResource.ArgumentDocs["principal_id"] = "- (Required) An identifier for an object in SSO, such as a " + + "user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). This can be " + + "set to the crossplane external-name of either a Group or User in the identitystore api group, but the " + + "Ref and Selector fields will only work with a Group." r.References["permission_set_arn"] = config.Reference{ TerraformName: "aws_ssoadmin_permission_set", Extractor: common.PathARNExtractor, diff --git a/examples/ssoadmin/accountassignment.yaml b/examples/ssoadmin/accountassignment.yaml index 4cb412082b..38f42da57f 100644 --- a/examples/ssoadmin/accountassignment.yaml +++ b/examples/ssoadmin/accountassignment.yaml @@ -13,7 +13,7 @@ spec: permissionSetArnSelector: matchLabels: testing.upbound.io/example-name: ssoadmin-accountassignment - principalGroupSelector: + principalIdFromGroupSelector: matchLabels: testing.upbound.io/example-name: ssoadmin-accountassignment principalType: GROUP From 20ed28beb4a92362e820518f4fe8f89aec52d7dc Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Wed, 6 Dec 2023 09:10:02 -0800 Subject: [PATCH 10/11] codegen --- .../v1beta1/zz_generated.deepcopy.go | 1389 ++++++++++++++++ .../v1beta1/zz_generated.managed.go | 188 +++ .../v1beta1/zz_generated.managedlist.go | 35 + .../v1beta1/zz_generated.resolvers.go | 56 + .../v1beta1/zz_generated_terraformed.go | 361 ++++ apis/identitystore/v1beta1/zz_group_types.go | 140 ++ .../v1beta1/zz_groupmembership_types.go | 138 ++ .../v1beta1/zz_groupversion_info.go | 36 + apis/identitystore/v1beta1/zz_user_types.go | 490 ++++++ .../v1beta1/zz_accountassignment_types.go | 33 +- ...z_customermanagedpolicyattachment_types.go | 167 ++ .../ssoadmin/v1beta1/zz_generated.deepcopy.go | 1470 ++++++++++++++--- apis/ssoadmin/v1beta1/zz_generated.managed.go | 180 ++ .../v1beta1/zz_generated.managedlist.go | 27 + .../v1beta1/zz_generated.resolvers.go | 136 ++ .../v1beta1/zz_generated_terraformed.go | 342 ++++ ...z_instanceaccesscontrolattributes_types.go | 165 ++ .../zz_permissionsboundaryattachment_types.go | 194 +++ apis/zz_register.go | 2 + cmd/provider/identitystore/zz_main.go | 162 ++ config/generated.lst | 2 +- examples-generated/identitystore/group.yaml | 14 + .../identitystore/groupmembership.yaml | 55 + examples-generated/identitystore/user.yaml | 19 + .../ssoadmin/accountassignment.yaml | 8 +- .../customermanagedpolicyattachment.yaml | 63 + .../instanceaccesscontrolattributes.yaml | 21 + .../permissionsboundaryattachment.yaml | 64 + .../identitystore/group/zz_controller.go | 70 + .../groupmembership/zz_controller.go | 70 + .../identitystore/user/zz_controller.go | 70 + .../zz_controller.go | 71 + .../zz_controller.go | 71 + .../zz_controller.go | 70 + internal/controller/zz_identitystore_setup.go | 30 + internal/controller/zz_monolith_setup.go | 12 + internal/controller/zz_ssoadmin_setup.go | 6 + ...store.aws.upbound.io_groupmemberships.yaml | 474 ++++++ .../identitystore.aws.upbound.io_groups.yaml | 346 ++++ .../identitystore.aws.upbound.io_users.yaml | 713 ++++++++ ...min.aws.upbound.io_accountassignments.yaml | 158 +- ...d.io_customermanagedpolicyattachments.yaml | 522 ++++++ ...nd.io_instanceaccesscontrolattributes.yaml | 396 +++++ ...und.io_permissionsboundaryattachments.yaml | 554 +++++++ 44 files changed, 9349 insertions(+), 241 deletions(-) create mode 100644 apis/identitystore/v1beta1/zz_generated.deepcopy.go create mode 100644 apis/identitystore/v1beta1/zz_generated.managed.go create mode 100644 apis/identitystore/v1beta1/zz_generated.managedlist.go create mode 100644 apis/identitystore/v1beta1/zz_generated.resolvers.go create mode 100755 apis/identitystore/v1beta1/zz_generated_terraformed.go create mode 100755 apis/identitystore/v1beta1/zz_group_types.go create mode 100755 apis/identitystore/v1beta1/zz_groupmembership_types.go create mode 100755 apis/identitystore/v1beta1/zz_groupversion_info.go create mode 100755 apis/identitystore/v1beta1/zz_user_types.go create mode 100755 apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go create mode 100755 apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go create mode 100755 apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go create mode 100644 cmd/provider/identitystore/zz_main.go create mode 100644 examples-generated/identitystore/group.yaml create mode 100644 examples-generated/identitystore/groupmembership.yaml create mode 100644 examples-generated/identitystore/user.yaml create mode 100644 examples-generated/ssoadmin/customermanagedpolicyattachment.yaml create mode 100644 examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml create mode 100644 examples-generated/ssoadmin/permissionsboundaryattachment.yaml create mode 100755 internal/controller/identitystore/group/zz_controller.go create mode 100755 internal/controller/identitystore/groupmembership/zz_controller.go create mode 100755 internal/controller/identitystore/user/zz_controller.go create mode 100755 internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go create mode 100755 internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go create mode 100755 internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go create mode 100755 internal/controller/zz_identitystore_setup.go create mode 100644 package/crds/identitystore.aws.upbound.io_groupmemberships.yaml create mode 100644 package/crds/identitystore.aws.upbound.io_groups.yaml create mode 100644 package/crds/identitystore.aws.upbound.io_users.yaml create mode 100644 package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml create mode 100644 package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml create mode 100644 package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml diff --git a/apis/identitystore/v1beta1/zz_generated.deepcopy.go b/apis/identitystore/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..2447fe0fdf --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,1389 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "github.com/crossplane/crossplane-runtime/apis/common/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddressesInitParameters) DeepCopyInto(out *AddressesInitParameters) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.Locality != nil { + in, out := &in.Locality, &out.Locality + *out = new(string) + **out = **in + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressesInitParameters. +func (in *AddressesInitParameters) DeepCopy() *AddressesInitParameters { + if in == nil { + return nil + } + out := new(AddressesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddressesObservation) DeepCopyInto(out *AddressesObservation) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.Locality != nil { + in, out := &in.Locality, &out.Locality + *out = new(string) + **out = **in + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressesObservation. +func (in *AddressesObservation) DeepCopy() *AddressesObservation { + if in == nil { + return nil + } + out := new(AddressesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddressesParameters) DeepCopyInto(out *AddressesParameters) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.Locality != nil { + in, out := &in.Locality, &out.Locality + *out = new(string) + **out = **in + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressesParameters. +func (in *AddressesParameters) DeepCopy() *AddressesParameters { + if in == nil { + return nil + } + out := new(AddressesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailsInitParameters) DeepCopyInto(out *EmailsInitParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailsInitParameters. +func (in *EmailsInitParameters) DeepCopy() *EmailsInitParameters { + if in == nil { + return nil + } + out := new(EmailsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailsObservation) DeepCopyInto(out *EmailsObservation) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailsObservation. +func (in *EmailsObservation) DeepCopy() *EmailsObservation { + if in == nil { + return nil + } + out := new(EmailsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailsParameters) DeepCopyInto(out *EmailsParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailsParameters. +func (in *EmailsParameters) DeepCopy() *EmailsParameters { + if in == nil { + return nil + } + out := new(EmailsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIdsInitParameters) DeepCopyInto(out *ExternalIdsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIdsInitParameters. +func (in *ExternalIdsInitParameters) DeepCopy() *ExternalIdsInitParameters { + if in == nil { + return nil + } + out := new(ExternalIdsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIdsObservation) DeepCopyInto(out *ExternalIdsObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Issuer != nil { + in, out := &in.Issuer, &out.Issuer + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIdsObservation. +func (in *ExternalIdsObservation) DeepCopy() *ExternalIdsObservation { + if in == nil { + return nil + } + out := new(ExternalIdsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIdsParameters) DeepCopyInto(out *ExternalIdsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIdsParameters. +func (in *ExternalIdsParameters) DeepCopy() *ExternalIdsParameters { + if in == nil { + return nil + } + out := new(ExternalIdsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Group) DeepCopyInto(out *Group) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Group. +func (in *Group) DeepCopy() *Group { + if in == nil { + return nil + } + out := new(Group) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Group) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupInitParameters) DeepCopyInto(out *GroupInitParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupInitParameters. +func (in *GroupInitParameters) DeepCopy() *GroupInitParameters { + if in == nil { + return nil + } + out := new(GroupInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupList) DeepCopyInto(out *GroupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Group, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupList. +func (in *GroupList) DeepCopy() *GroupList { + if in == nil { + return nil + } + out := new(GroupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembership) DeepCopyInto(out *GroupMembership) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembership. +func (in *GroupMembership) DeepCopy() *GroupMembership { + if in == nil { + return nil + } + out := new(GroupMembership) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupMembership) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipInitParameters) DeepCopyInto(out *GroupMembershipInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipInitParameters. +func (in *GroupMembershipInitParameters) DeepCopy() *GroupMembershipInitParameters { + if in == nil { + return nil + } + out := new(GroupMembershipInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipList) DeepCopyInto(out *GroupMembershipList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GroupMembership, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipList. +func (in *GroupMembershipList) DeepCopy() *GroupMembershipList { + if in == nil { + return nil + } + out := new(GroupMembershipList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupMembershipList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipObservation) DeepCopyInto(out *GroupMembershipObservation) { + *out = *in + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.MemberID != nil { + in, out := &in.MemberID, &out.MemberID + *out = new(string) + **out = **in + } + if in.MembershipID != nil { + in, out := &in.MembershipID, &out.MembershipID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipObservation. +func (in *GroupMembershipObservation) DeepCopy() *GroupMembershipObservation { + if in == nil { + return nil + } + out := new(GroupMembershipObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipParameters) DeepCopyInto(out *GroupMembershipParameters) { + *out = *in + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.GroupIDRef != nil { + in, out := &in.GroupIDRef, &out.GroupIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.GroupIDSelector != nil { + in, out := &in.GroupIDSelector, &out.GroupIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.MemberID != nil { + in, out := &in.MemberID, &out.MemberID + *out = new(string) + **out = **in + } + if in.MemberIDRef != nil { + in, out := &in.MemberIDRef, &out.MemberIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.MemberIDSelector != nil { + in, out := &in.MemberIDSelector, &out.MemberIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipParameters. +func (in *GroupMembershipParameters) DeepCopy() *GroupMembershipParameters { + if in == nil { + return nil + } + out := new(GroupMembershipParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipSpec) DeepCopyInto(out *GroupMembershipSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + out.InitProvider = in.InitProvider +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipSpec. +func (in *GroupMembershipSpec) DeepCopy() *GroupMembershipSpec { + if in == nil { + return nil + } + out := new(GroupMembershipSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipStatus) DeepCopyInto(out *GroupMembershipStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipStatus. +func (in *GroupMembershipStatus) DeepCopy() *GroupMembershipStatus { + if in == nil { + return nil + } + out := new(GroupMembershipStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.ExternalIds != nil { + in, out := &in.ExternalIds, &out.ExternalIds + *out = make([]ExternalIdsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupObservation. +func (in *GroupObservation) DeepCopy() *GroupObservation { + if in == nil { + return nil + } + out := new(GroupObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupParameters) DeepCopyInto(out *GroupParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupParameters. +func (in *GroupParameters) DeepCopy() *GroupParameters { + if in == nil { + return nil + } + out := new(GroupParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupSpec) DeepCopyInto(out *GroupSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec. +func (in *GroupSpec) DeepCopy() *GroupSpec { + if in == nil { + return nil + } + out := new(GroupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupStatus) DeepCopyInto(out *GroupStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus. +func (in *GroupStatus) DeepCopy() *GroupStatus { + if in == nil { + return nil + } + out := new(GroupStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NameInitParameters) DeepCopyInto(out *NameInitParameters) { + *out = *in + if in.FamilyName != nil { + in, out := &in.FamilyName, &out.FamilyName + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } + if in.HonorificPrefix != nil { + in, out := &in.HonorificPrefix, &out.HonorificPrefix + *out = new(string) + **out = **in + } + if in.HonorificSuffix != nil { + in, out := &in.HonorificSuffix, &out.HonorificSuffix + *out = new(string) + **out = **in + } + if in.MiddleName != nil { + in, out := &in.MiddleName, &out.MiddleName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameInitParameters. +func (in *NameInitParameters) DeepCopy() *NameInitParameters { + if in == nil { + return nil + } + out := new(NameInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NameObservation) DeepCopyInto(out *NameObservation) { + *out = *in + if in.FamilyName != nil { + in, out := &in.FamilyName, &out.FamilyName + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } + if in.HonorificPrefix != nil { + in, out := &in.HonorificPrefix, &out.HonorificPrefix + *out = new(string) + **out = **in + } + if in.HonorificSuffix != nil { + in, out := &in.HonorificSuffix, &out.HonorificSuffix + *out = new(string) + **out = **in + } + if in.MiddleName != nil { + in, out := &in.MiddleName, &out.MiddleName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameObservation. +func (in *NameObservation) DeepCopy() *NameObservation { + if in == nil { + return nil + } + out := new(NameObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NameParameters) DeepCopyInto(out *NameParameters) { + *out = *in + if in.FamilyName != nil { + in, out := &in.FamilyName, &out.FamilyName + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } + if in.HonorificPrefix != nil { + in, out := &in.HonorificPrefix, &out.HonorificPrefix + *out = new(string) + **out = **in + } + if in.HonorificSuffix != nil { + in, out := &in.HonorificSuffix, &out.HonorificSuffix + *out = new(string) + **out = **in + } + if in.MiddleName != nil { + in, out := &in.MiddleName, &out.MiddleName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameParameters. +func (in *NameParameters) DeepCopy() *NameParameters { + if in == nil { + return nil + } + out := new(NameParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PhoneNumbersInitParameters) DeepCopyInto(out *PhoneNumbersInitParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumbersInitParameters. +func (in *PhoneNumbersInitParameters) DeepCopy() *PhoneNumbersInitParameters { + if in == nil { + return nil + } + out := new(PhoneNumbersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PhoneNumbersObservation) DeepCopyInto(out *PhoneNumbersObservation) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumbersObservation. +func (in *PhoneNumbersObservation) DeepCopy() *PhoneNumbersObservation { + if in == nil { + return nil + } + out := new(PhoneNumbersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PhoneNumbersParameters) DeepCopyInto(out *PhoneNumbersParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumbersParameters. +func (in *PhoneNumbersParameters) DeepCopy() *PhoneNumbersParameters { + if in == nil { + return nil + } + out := new(PhoneNumbersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *User) DeepCopyInto(out *User) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new User. +func (in *User) DeepCopy() *User { + if in == nil { + return nil + } + out := new(User) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *User) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserExternalIdsInitParameters) DeepCopyInto(out *UserExternalIdsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserExternalIdsInitParameters. +func (in *UserExternalIdsInitParameters) DeepCopy() *UserExternalIdsInitParameters { + if in == nil { + return nil + } + out := new(UserExternalIdsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserExternalIdsObservation) DeepCopyInto(out *UserExternalIdsObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Issuer != nil { + in, out := &in.Issuer, &out.Issuer + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserExternalIdsObservation. +func (in *UserExternalIdsObservation) DeepCopy() *UserExternalIdsObservation { + if in == nil { + return nil + } + out := new(UserExternalIdsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserExternalIdsParameters) DeepCopyInto(out *UserExternalIdsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserExternalIdsParameters. +func (in *UserExternalIdsParameters) DeepCopy() *UserExternalIdsParameters { + if in == nil { + return nil + } + out := new(UserExternalIdsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInitParameters) DeepCopyInto(out *UserInitParameters) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]AddressesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Emails != nil { + in, out := &in.Emails, &out.Emails + *out = make([]EmailsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Locale != nil { + in, out := &in.Locale, &out.Locale + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]NameInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Nickname != nil { + in, out := &in.Nickname, &out.Nickname + *out = new(string) + **out = **in + } + if in.PhoneNumbers != nil { + in, out := &in.PhoneNumbers, &out.PhoneNumbers + *out = make([]PhoneNumbersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.ProfileURL != nil { + in, out := &in.ProfileURL, &out.ProfileURL + *out = new(string) + **out = **in + } + if in.Timezone != nil { + in, out := &in.Timezone, &out.Timezone + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInitParameters. +func (in *UserInitParameters) DeepCopy() *UserInitParameters { + if in == nil { + return nil + } + out := new(UserInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserList) DeepCopyInto(out *UserList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]User, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserList. +func (in *UserList) DeepCopy() *UserList { + if in == nil { + return nil + } + out := new(UserList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UserList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserObservation) DeepCopyInto(out *UserObservation) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]AddressesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Emails != nil { + in, out := &in.Emails, &out.Emails + *out = make([]EmailsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalIds != nil { + in, out := &in.ExternalIds, &out.ExternalIds + *out = make([]UserExternalIdsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.Locale != nil { + in, out := &in.Locale, &out.Locale + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]NameObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Nickname != nil { + in, out := &in.Nickname, &out.Nickname + *out = new(string) + **out = **in + } + if in.PhoneNumbers != nil { + in, out := &in.PhoneNumbers, &out.PhoneNumbers + *out = make([]PhoneNumbersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.ProfileURL != nil { + in, out := &in.ProfileURL, &out.ProfileURL + *out = new(string) + **out = **in + } + if in.Timezone != nil { + in, out := &in.Timezone, &out.Timezone + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } + if in.UserID != nil { + in, out := &in.UserID, &out.UserID + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserObservation. +func (in *UserObservation) DeepCopy() *UserObservation { + if in == nil { + return nil + } + out := new(UserObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserParameters) DeepCopyInto(out *UserParameters) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]AddressesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Emails != nil { + in, out := &in.Emails, &out.Emails + *out = make([]EmailsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.Locale != nil { + in, out := &in.Locale, &out.Locale + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]NameParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Nickname != nil { + in, out := &in.Nickname, &out.Nickname + *out = new(string) + **out = **in + } + if in.PhoneNumbers != nil { + in, out := &in.PhoneNumbers, &out.PhoneNumbers + *out = make([]PhoneNumbersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.ProfileURL != nil { + in, out := &in.ProfileURL, &out.ProfileURL + *out = new(string) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.Timezone != nil { + in, out := &in.Timezone, &out.Timezone + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserParameters. +func (in *UserParameters) DeepCopy() *UserParameters { + if in == nil { + return nil + } + out := new(UserParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserSpec) DeepCopyInto(out *UserSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserSpec. +func (in *UserSpec) DeepCopy() *UserSpec { + if in == nil { + return nil + } + out := new(UserSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserStatus) DeepCopyInto(out *UserStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserStatus. +func (in *UserStatus) DeepCopy() *UserStatus { + if in == nil { + return nil + } + out := new(UserStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/identitystore/v1beta1/zz_generated.managed.go b/apis/identitystore/v1beta1/zz_generated.managed.go new file mode 100644 index 0000000000..fb0b93818b --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.managed.go @@ -0,0 +1,188 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Group. +func (mg *Group) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Group. +func (mg *Group) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Group. +func (mg *Group) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Group. +func (mg *Group) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Group. +func (mg *Group) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Group. +func (mg *Group) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Group. +func (mg *Group) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Group. +func (mg *Group) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Group. +func (mg *Group) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Group. +func (mg *Group) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Group. +func (mg *Group) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Group. +func (mg *Group) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this GroupMembership. +func (mg *GroupMembership) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this GroupMembership. +func (mg *GroupMembership) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this GroupMembership. +func (mg *GroupMembership) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this GroupMembership. +func (mg *GroupMembership) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this GroupMembership. +func (mg *GroupMembership) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this GroupMembership. +func (mg *GroupMembership) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this GroupMembership. +func (mg *GroupMembership) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this GroupMembership. +func (mg *GroupMembership) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this GroupMembership. +func (mg *GroupMembership) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this GroupMembership. +func (mg *GroupMembership) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this GroupMembership. +func (mg *GroupMembership) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this GroupMembership. +func (mg *GroupMembership) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this User. +func (mg *User) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this User. +func (mg *User) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this User. +func (mg *User) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this User. +func (mg *User) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this User. +func (mg *User) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this User. +func (mg *User) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this User. +func (mg *User) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this User. +func (mg *User) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this User. +func (mg *User) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this User. +func (mg *User) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this User. +func (mg *User) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this User. +func (mg *User) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/identitystore/v1beta1/zz_generated.managedlist.go b/apis/identitystore/v1beta1/zz_generated.managedlist.go new file mode 100644 index 0000000000..851a75bb5b --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.managedlist.go @@ -0,0 +1,35 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this GroupList. +func (l *GroupList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this GroupMembershipList. +func (l *GroupMembershipList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this UserList. +func (l *UserList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/identitystore/v1beta1/zz_generated.resolvers.go b/apis/identitystore/v1beta1/zz_generated.resolvers.go new file mode 100644 index 0000000000..ed51da4424 --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.resolvers.go @@ -0,0 +1,56 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" + resource "github.com/crossplane/upjet/pkg/resource" + errors "github.com/pkg/errors" + client "sigs.k8s.io/controller-runtime/pkg/client" +) + +// ResolveReferences of this GroupMembership. +func (mg *GroupMembership) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.GroupID), + Extract: resource.ExtractParamPath("group_id", true), + Reference: mg.Spec.ForProvider.GroupIDRef, + Selector: mg.Spec.ForProvider.GroupIDSelector, + To: reference.To{ + List: &GroupList{}, + Managed: &Group{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.GroupID") + } + mg.Spec.ForProvider.GroupID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.GroupIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.MemberID), + Extract: resource.ExtractParamPath("user_id", true), + Reference: mg.Spec.ForProvider.MemberIDRef, + Selector: mg.Spec.ForProvider.MemberIDSelector, + To: reference.To{ + List: &UserList{}, + Managed: &User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.MemberID") + } + mg.Spec.ForProvider.MemberID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.MemberIDRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/identitystore/v1beta1/zz_generated_terraformed.go b/apis/identitystore/v1beta1/zz_generated_terraformed.go new file mode 100755 index 0000000000..630478c34a --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated_terraformed.go @@ -0,0 +1,361 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Group +func (mg *Group) GetTerraformResourceType() string { + return "aws_identitystore_group" +} + +// GetConnectionDetailsMapping for this Group +func (tr *Group) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Group +func (tr *Group) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Group +func (tr *Group) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Group +func (tr *Group) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Group +func (tr *Group) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Group +func (tr *Group) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Group +func (tr *Group) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Group +func (tr *Group) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Group using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Group) LateInitialize(attrs []byte) (bool, error) { + params := &GroupParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Group) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this GroupMembership +func (mg *GroupMembership) GetTerraformResourceType() string { + return "aws_identitystore_group_membership" +} + +// GetConnectionDetailsMapping for this GroupMembership +func (tr *GroupMembership) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this GroupMembership +func (tr *GroupMembership) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this GroupMembership +func (tr *GroupMembership) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this GroupMembership +func (tr *GroupMembership) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this GroupMembership +func (tr *GroupMembership) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this GroupMembership +func (tr *GroupMembership) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this GroupMembership +func (tr *GroupMembership) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this GroupMembership +func (tr *GroupMembership) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this GroupMembership using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *GroupMembership) LateInitialize(attrs []byte) (bool, error) { + params := &GroupMembershipParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *GroupMembership) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this User +func (mg *User) GetTerraformResourceType() string { + return "aws_identitystore_user" +} + +// GetConnectionDetailsMapping for this User +func (tr *User) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this User +func (tr *User) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this User +func (tr *User) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this User +func (tr *User) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this User +func (tr *User) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this User +func (tr *User) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this User +func (tr *User) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this User +func (tr *User) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this User using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *User) LateInitialize(attrs []byte) (bool, error) { + params := &UserParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *User) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/identitystore/v1beta1/zz_group_types.go b/apis/identitystore/v1beta1/zz_group_types.go new file mode 100755 index 0000000000..258ea8ab4d --- /dev/null +++ b/apis/identitystore/v1beta1/zz_group_types.go @@ -0,0 +1,140 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type ExternalIdsInitParameters struct { +} + +type ExternalIdsObservation struct { + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The issuer for an external identifier. + Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` +} + +type ExternalIdsParameters struct { +} + +type GroupInitParameters struct { + + // A string containing the description of the group. + Description *string `json:"description,omitempty" tf:"description,omitempty"` +} + +type GroupObservation struct { + + // A string containing the description of the group. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A string containing the name of the group. This value is commonly displayed when the group is referenced. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A list of external IDs that contains the identifiers issued to this resource by an external identity provider. See External IDs below. + ExternalIds []ExternalIdsObservation `json:"externalIds,omitempty" tf:"external_ids,omitempty"` + + // The identifier of the newly created group in the identity store. + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The globally unique identifier for the identity store. + IdentityStoreID *string `json:"identityStoreId,omitempty" tf:"identity_store_id,omitempty"` +} + +type GroupParameters struct { + + // A string containing the description of the group. + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A string containing the name of the group. This value is commonly displayed when the group is referenced. + // +kubebuilder:validation:Required + DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + + // The globally unique identifier for the identity store. + // +kubebuilder:validation:Required + IdentityStoreID *string `json:"identityStoreId" tf:"identity_store_id,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +// GroupSpec defines the desired state of Group +type GroupSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider GroupParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider GroupInitParameters `json:"initProvider,omitempty"` +} + +// GroupStatus defines the observed state of Group. +type GroupStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider GroupObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// Group is the Schema for the Groups API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type Group struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec GroupSpec `json:"spec"` + Status GroupStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupList contains a list of Groups +type GroupList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Group `json:"items"` +} + +// Repository type metadata. +var ( + Group_Kind = "Group" + Group_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Group_Kind}.String() + Group_KindAPIVersion = Group_Kind + "." + CRDGroupVersion.String() + Group_GroupVersionKind = CRDGroupVersion.WithKind(Group_Kind) +) + +func init() { + SchemeBuilder.Register(&Group{}, &GroupList{}) +} diff --git a/apis/identitystore/v1beta1/zz_groupmembership_types.go b/apis/identitystore/v1beta1/zz_groupmembership_types.go new file mode 100755 index 0000000000..7ee8dea58c --- /dev/null +++ b/apis/identitystore/v1beta1/zz_groupmembership_types.go @@ -0,0 +1,138 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type GroupMembershipInitParameters struct { +} + +type GroupMembershipObservation struct { + + // The identifier for a group in the Identity Store. + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Identity Store ID associated with the Single Sign-On Instance. + IdentityStoreID *string `json:"identityStoreId,omitempty" tf:"identity_store_id,omitempty"` + + // The identifier for a user in the Identity Store. + MemberID *string `json:"memberId,omitempty" tf:"member_id,omitempty"` + + // The identifier of the newly created group membership in the Identity Store. + MembershipID *string `json:"membershipId,omitempty" tf:"membership_id,omitempty"` +} + +type GroupMembershipParameters struct { + + // The identifier for a group in the Identity Store. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/identitystore/v1beta1.Group + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("group_id",true) + // +kubebuilder:validation:Optional + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // Reference to a Group in identitystore to populate groupId. + // +kubebuilder:validation:Optional + GroupIDRef *v1.Reference `json:"groupIdRef,omitempty" tf:"-"` + + // Selector for a Group in identitystore to populate groupId. + // +kubebuilder:validation:Optional + GroupIDSelector *v1.Selector `json:"groupIdSelector,omitempty" tf:"-"` + + // Identity Store ID associated with the Single Sign-On Instance. + // +kubebuilder:validation:Required + IdentityStoreID *string `json:"identityStoreId" tf:"identity_store_id,omitempty"` + + // The identifier for a user in the Identity Store. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/identitystore/v1beta1.User + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("user_id",true) + // +kubebuilder:validation:Optional + MemberID *string `json:"memberId,omitempty" tf:"member_id,omitempty"` + + // Reference to a User in identitystore to populate memberId. + // +kubebuilder:validation:Optional + MemberIDRef *v1.Reference `json:"memberIdRef,omitempty" tf:"-"` + + // Selector for a User in identitystore to populate memberId. + // +kubebuilder:validation:Optional + MemberIDSelector *v1.Selector `json:"memberIdSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +// GroupMembershipSpec defines the desired state of GroupMembership +type GroupMembershipSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider GroupMembershipParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider GroupMembershipInitParameters `json:"initProvider,omitempty"` +} + +// GroupMembershipStatus defines the observed state of GroupMembership. +type GroupMembershipStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider GroupMembershipObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupMembership is the Schema for the GroupMemberships API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type GroupMembership struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec GroupMembershipSpec `json:"spec"` + Status GroupMembershipStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupMembershipList contains a list of GroupMemberships +type GroupMembershipList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []GroupMembership `json:"items"` +} + +// Repository type metadata. +var ( + GroupMembership_Kind = "GroupMembership" + GroupMembership_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: GroupMembership_Kind}.String() + GroupMembership_KindAPIVersion = GroupMembership_Kind + "." + CRDGroupVersion.String() + GroupMembership_GroupVersionKind = CRDGroupVersion.WithKind(GroupMembership_Kind) +) + +func init() { + SchemeBuilder.Register(&GroupMembership{}, &GroupMembershipList{}) +} diff --git a/apis/identitystore/v1beta1/zz_groupversion_info.go b/apis/identitystore/v1beta1/zz_groupversion_info.go new file mode 100755 index 0000000000..f1bef3ea89 --- /dev/null +++ b/apis/identitystore/v1beta1/zz_groupversion_info.go @@ -0,0 +1,36 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=identitystore.aws.upbound.io +// +versionName=v1beta1 +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "identitystore.aws.upbound.io" + CRDVersion = "v1beta1" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/identitystore/v1beta1/zz_user_types.go b/apis/identitystore/v1beta1/zz_user_types.go new file mode 100755 index 0000000000..4b80107a7c --- /dev/null +++ b/apis/identitystore/v1beta1/zz_user_types.go @@ -0,0 +1,490 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AddressesInitParameters struct { + + // The country that this address is in. + Country *string `json:"country,omitempty" tf:"country,omitempty"` + + // The name that is typically displayed when the address is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The address locality. + Locality *string `json:"locality,omitempty" tf:"locality,omitempty"` + + // The postal code of the address. + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // When true, this is the primary address associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The street of the address. + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The type of address. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AddressesObservation struct { + + // The country that this address is in. + Country *string `json:"country,omitempty" tf:"country,omitempty"` + + // The name that is typically displayed when the address is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The address locality. + Locality *string `json:"locality,omitempty" tf:"locality,omitempty"` + + // The postal code of the address. + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // When true, this is the primary address associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The region of the address. + Region *string `json:"region,omitempty" tf:"region,omitempty"` + + // The street of the address. + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The type of address. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AddressesParameters struct { + + // The country that this address is in. + // +kubebuilder:validation:Optional + Country *string `json:"country,omitempty" tf:"country,omitempty"` + + // The name that is typically displayed when the address is shown for display. + // +kubebuilder:validation:Optional + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The address locality. + // +kubebuilder:validation:Optional + Locality *string `json:"locality,omitempty" tf:"locality,omitempty"` + + // The postal code of the address. + // +kubebuilder:validation:Optional + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // When true, this is the primary address associated with the user. + // +kubebuilder:validation:Optional + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The region of the address. + // +kubebuilder:validation:Optional + Region *string `json:"region,omitempty" tf:"region,omitempty"` + + // The street of the address. + // +kubebuilder:validation:Optional + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The type of address. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type EmailsInitParameters struct { + + // When true, this is the primary email associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of email. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The email address. This value must be unique across the identity store. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EmailsObservation struct { + + // When true, this is the primary email associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of email. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The email address. This value must be unique across the identity store. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EmailsParameters struct { + + // When true, this is the primary email associated with the user. + // +kubebuilder:validation:Optional + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of email. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The email address. This value must be unique across the identity store. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type NameInitParameters struct { + + // The family name of the user. + FamilyName *string `json:"familyName,omitempty" tf:"family_name,omitempty"` + + // The name that is typically displayed when the name is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The given name of the user. + GivenName *string `json:"givenName,omitempty" tf:"given_name,omitempty"` + + // The honorific prefix of the user. + HonorificPrefix *string `json:"honorificPrefix,omitempty" tf:"honorific_prefix,omitempty"` + + // The honorific suffix of the user. + HonorificSuffix *string `json:"honorificSuffix,omitempty" tf:"honorific_suffix,omitempty"` + + // The middle name of the user. + MiddleName *string `json:"middleName,omitempty" tf:"middle_name,omitempty"` +} + +type NameObservation struct { + + // The family name of the user. + FamilyName *string `json:"familyName,omitempty" tf:"family_name,omitempty"` + + // The name that is typically displayed when the name is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The given name of the user. + GivenName *string `json:"givenName,omitempty" tf:"given_name,omitempty"` + + // The honorific prefix of the user. + HonorificPrefix *string `json:"honorificPrefix,omitempty" tf:"honorific_prefix,omitempty"` + + // The honorific suffix of the user. + HonorificSuffix *string `json:"honorificSuffix,omitempty" tf:"honorific_suffix,omitempty"` + + // The middle name of the user. + MiddleName *string `json:"middleName,omitempty" tf:"middle_name,omitempty"` +} + +type NameParameters struct { + + // The family name of the user. + // +kubebuilder:validation:Optional + FamilyName *string `json:"familyName" tf:"family_name,omitempty"` + + // The name that is typically displayed when the name is shown for display. + // +kubebuilder:validation:Optional + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The given name of the user. + // +kubebuilder:validation:Optional + GivenName *string `json:"givenName" tf:"given_name,omitempty"` + + // The honorific prefix of the user. + // +kubebuilder:validation:Optional + HonorificPrefix *string `json:"honorificPrefix,omitempty" tf:"honorific_prefix,omitempty"` + + // The honorific suffix of the user. + // +kubebuilder:validation:Optional + HonorificSuffix *string `json:"honorificSuffix,omitempty" tf:"honorific_suffix,omitempty"` + + // The middle name of the user. + // +kubebuilder:validation:Optional + MiddleName *string `json:"middleName,omitempty" tf:"middle_name,omitempty"` +} + +type PhoneNumbersInitParameters struct { + + // When true, this is the primary phone number associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of phone number. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The user's phone number. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type PhoneNumbersObservation struct { + + // When true, this is the primary phone number associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of phone number. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The user's phone number. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type PhoneNumbersParameters struct { + + // When true, this is the primary phone number associated with the user. + // +kubebuilder:validation:Optional + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of phone number. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The user's phone number. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type UserExternalIdsInitParameters struct { +} + +type UserExternalIdsObservation struct { + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The issuer for an external identifier. + Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` +} + +type UserExternalIdsParameters struct { +} + +type UserInitParameters struct { + + // Details about the user's address. At most 1 address is allowed. Detailed below. + Addresses []AddressesInitParameters `json:"addresses,omitempty" tf:"addresses,omitempty"` + + // The name that is typically displayed when the user is referenced. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Details about the user's email. At most 1 email is allowed. Detailed below. + Emails []EmailsInitParameters `json:"emails,omitempty" tf:"emails,omitempty"` + + // The user's geographical region or location. + Locale *string `json:"locale,omitempty" tf:"locale,omitempty"` + + // Details about the user's full name. Detailed below. + Name []NameInitParameters `json:"name,omitempty" tf:"name,omitempty"` + + // An alternate name for the user. + Nickname *string `json:"nickname,omitempty" tf:"nickname,omitempty"` + + // Details about the user's phone number. At most 1 phone number is allowed. Detailed below. + PhoneNumbers []PhoneNumbersInitParameters `json:"phoneNumbers,omitempty" tf:"phone_numbers,omitempty"` + + // The preferred language of the user. + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // An URL that may be associated with the user. + ProfileURL *string `json:"profileUrl,omitempty" tf:"profile_url,omitempty"` + + // The user's time zone. + Timezone *string `json:"timezone,omitempty" tf:"timezone,omitempty"` + + // The user's title. + Title *string `json:"title,omitempty" tf:"title,omitempty"` + + // A unique string used to identify the user. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. The limit is 128 characters. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` + + // The user type. + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type UserObservation struct { + + // Details about the user's address. At most 1 address is allowed. Detailed below. + Addresses []AddressesObservation `json:"addresses,omitempty" tf:"addresses,omitempty"` + + // The name that is typically displayed when the user is referenced. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Details about the user's email. At most 1 email is allowed. Detailed below. + Emails []EmailsObservation `json:"emails,omitempty" tf:"emails,omitempty"` + + // A list of identifiers issued to this resource by an external identity provider. + ExternalIds []UserExternalIdsObservation `json:"externalIds,omitempty" tf:"external_ids,omitempty"` + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The globally unique identifier for the identity store that this user is in. + IdentityStoreID *string `json:"identityStoreId,omitempty" tf:"identity_store_id,omitempty"` + + // The user's geographical region or location. + Locale *string `json:"locale,omitempty" tf:"locale,omitempty"` + + // Details about the user's full name. Detailed below. + Name []NameObservation `json:"name,omitempty" tf:"name,omitempty"` + + // An alternate name for the user. + Nickname *string `json:"nickname,omitempty" tf:"nickname,omitempty"` + + // Details about the user's phone number. At most 1 phone number is allowed. Detailed below. + PhoneNumbers []PhoneNumbersObservation `json:"phoneNumbers,omitempty" tf:"phone_numbers,omitempty"` + + // The preferred language of the user. + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // An URL that may be associated with the user. + ProfileURL *string `json:"profileUrl,omitempty" tf:"profile_url,omitempty"` + + // The user's time zone. + Timezone *string `json:"timezone,omitempty" tf:"timezone,omitempty"` + + // The user's title. + Title *string `json:"title,omitempty" tf:"title,omitempty"` + + // The identifier for this user in the identity store. + UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` + + // A unique string used to identify the user. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. The limit is 128 characters. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` + + // The user type. + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type UserParameters struct { + + // Details about the user's address. At most 1 address is allowed. Detailed below. + // +kubebuilder:validation:Optional + Addresses []AddressesParameters `json:"addresses,omitempty" tf:"addresses,omitempty"` + + // The name that is typically displayed when the user is referenced. + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Details about the user's email. At most 1 email is allowed. Detailed below. + // +kubebuilder:validation:Optional + Emails []EmailsParameters `json:"emails,omitempty" tf:"emails,omitempty"` + + // The globally unique identifier for the identity store that this user is in. + // +kubebuilder:validation:Required + IdentityStoreID *string `json:"identityStoreId" tf:"identity_store_id,omitempty"` + + // The user's geographical region or location. + // +kubebuilder:validation:Optional + Locale *string `json:"locale,omitempty" tf:"locale,omitempty"` + + // Details about the user's full name. Detailed below. + // +kubebuilder:validation:Optional + Name []NameParameters `json:"name,omitempty" tf:"name,omitempty"` + + // An alternate name for the user. + // +kubebuilder:validation:Optional + Nickname *string `json:"nickname,omitempty" tf:"nickname,omitempty"` + + // Details about the user's phone number. At most 1 phone number is allowed. Detailed below. + // +kubebuilder:validation:Optional + PhoneNumbers []PhoneNumbersParameters `json:"phoneNumbers,omitempty" tf:"phone_numbers,omitempty"` + + // The preferred language of the user. + // +kubebuilder:validation:Optional + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // An URL that may be associated with the user. + // +kubebuilder:validation:Optional + ProfileURL *string `json:"profileUrl,omitempty" tf:"profile_url,omitempty"` + + // The region of the address. + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` + + // The user's time zone. + // +kubebuilder:validation:Optional + Timezone *string `json:"timezone,omitempty" tf:"timezone,omitempty"` + + // The user's title. + // +kubebuilder:validation:Optional + Title *string `json:"title,omitempty" tf:"title,omitempty"` + + // A unique string used to identify the user. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. The limit is 128 characters. + // +kubebuilder:validation:Optional + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` + + // The user type. + // +kubebuilder:validation:Optional + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +// UserSpec defines the desired state of User +type UserSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider UserParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider UserInitParameters `json:"initProvider,omitempty"` +} + +// UserStatus defines the observed state of User. +type UserStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider UserObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// User is the Schema for the Users API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type User struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.userName) || (has(self.initProvider) && has(self.initProvider.userName))",message="spec.forProvider.userName is a required parameter" + Spec UserSpec `json:"spec"` + Status UserStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// UserList contains a list of Users +type UserList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []User `json:"items"` +} + +// Repository type metadata. +var ( + User_Kind = "User" + User_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: User_Kind}.String() + User_KindAPIVersion = User_Kind + "." + CRDGroupVersion.String() + User_GroupVersionKind = CRDGroupVersion.WithKind(User_Kind) +) + +func init() { + SchemeBuilder.Register(&User{}, &UserList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_accountassignment_types.go b/apis/ssoadmin/v1beta1/zz_accountassignment_types.go index f4511d3b2c..fce2e59db7 100755 --- a/apis/ssoadmin/v1beta1/zz_accountassignment_types.go +++ b/apis/ssoadmin/v1beta1/zz_accountassignment_types.go @@ -31,7 +31,7 @@ type AccountAssignmentObservation struct { // The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to. PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` - // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). + // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). This can be set to the crossplane external-name of either a Group or User in the identitystore api group, but the Ref and Selector fields will only work with a Group. PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` // The entity type for which the assignment will be created. Valid values: USER, GROUP. @@ -51,12 +51,33 @@ type AccountAssignmentParameters struct { InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` // The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to. - // +kubebuilder:validation:Required - PermissionSetArn *string `json:"permissionSetArn" tf:"permission_set_arn,omitempty"` + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.ARNExtractor() + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` - // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - // +kubebuilder:validation:Required - PrincipalID *string `json:"principalId" tf:"principal_id,omitempty"` + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). This can be set to the crossplane external-name of either a Group or User in the identitystore api group, but the Ref and Selector fields will only work with a Group. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/identitystore/v1beta1.Group + // +crossplane:generate:reference:refFieldName=PrincipalIDFromGroupRef + // +crossplane:generate:reference:selectorFieldName=PrincipalIDFromGroupSelector + // +kubebuilder:validation:Optional + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // Reference to a Group in identitystore to populate principalId. + // +kubebuilder:validation:Optional + PrincipalIDFromGroupRef *v1.Reference `json:"principalIdFromGroupRef,omitempty" tf:"-"` + + // Selector for a Group in identitystore to populate principalId. + // +kubebuilder:validation:Optional + PrincipalIDFromGroupSelector *v1.Selector `json:"principalIdFromGroupSelector,omitempty" tf:"-"` // The entity type for which the assignment will be created. Valid values: USER, GROUP. // +kubebuilder:validation:Required diff --git a/apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go b/apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go new file mode 100755 index 0000000000..3385fe48dc --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go @@ -0,0 +1,167 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type CustomerManagedPolicyAttachmentInitParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []CustomerManagedPolicyReferenceInitParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` +} + +type CustomerManagedPolicyAttachmentObservation struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []CustomerManagedPolicyReferenceObservation `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // Policy Name, Policy Path, Permission Set Amazon Resource Name (ARN), and SSO Instance ARN, each separated by a comma (,). + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` +} + +type CustomerManagedPolicyAttachmentParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + // +kubebuilder:validation:Optional + CustomerManagedPolicyReference []CustomerManagedPolicyReferenceParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("arn",true) + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type CustomerManagedPolicyReferenceInitParameters struct { + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type CustomerManagedPolicyReferenceObservation struct { + + // Name of the customer managed IAM Policy to be attached. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type CustomerManagedPolicyReferenceParameters struct { + + // Name of the customer managed IAM Policy to be attached. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Policy + // +crossplane:generate:reference:refFieldName=PolicyNameRef + // +crossplane:generate:reference:selectorFieldName=PolicyNameSelector + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Reference to a Policy in iam to populate name. + // +kubebuilder:validation:Optional + PolicyNameRef *v1.Reference `json:"policyNameRef,omitempty" tf:"-"` + + // Selector for a Policy in iam to populate name. + // +kubebuilder:validation:Optional + PolicyNameSelector *v1.Selector `json:"policyNameSelector,omitempty" tf:"-"` +} + +// CustomerManagedPolicyAttachmentSpec defines the desired state of CustomerManagedPolicyAttachment +type CustomerManagedPolicyAttachmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider CustomerManagedPolicyAttachmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider CustomerManagedPolicyAttachmentInitParameters `json:"initProvider,omitempty"` +} + +// CustomerManagedPolicyAttachmentStatus defines the observed state of CustomerManagedPolicyAttachment. +type CustomerManagedPolicyAttachmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider CustomerManagedPolicyAttachmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// CustomerManagedPolicyAttachment is the Schema for the CustomerManagedPolicyAttachments API. Manages a customer managed policy for a Single Sign-On (SSO) Permission Set +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type CustomerManagedPolicyAttachment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.customerManagedPolicyReference) || (has(self.initProvider) && has(self.initProvider.customerManagedPolicyReference))",message="spec.forProvider.customerManagedPolicyReference is a required parameter" + Spec CustomerManagedPolicyAttachmentSpec `json:"spec"` + Status CustomerManagedPolicyAttachmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// CustomerManagedPolicyAttachmentList contains a list of CustomerManagedPolicyAttachments +type CustomerManagedPolicyAttachmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CustomerManagedPolicyAttachment `json:"items"` +} + +// Repository type metadata. +var ( + CustomerManagedPolicyAttachment_Kind = "CustomerManagedPolicyAttachment" + CustomerManagedPolicyAttachment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: CustomerManagedPolicyAttachment_Kind}.String() + CustomerManagedPolicyAttachment_KindAPIVersion = CustomerManagedPolicyAttachment_Kind + "." + CRDGroupVersion.String() + CustomerManagedPolicyAttachment_GroupVersionKind = CRDGroupVersion.WithKind(CustomerManagedPolicyAttachment_Kind) +) + +func init() { + SchemeBuilder.Register(&CustomerManagedPolicyAttachment{}, &CustomerManagedPolicyAttachmentList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go b/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go index ab2cd70603..412317d592 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go +++ b/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go @@ -150,11 +150,31 @@ func (in *AccountAssignmentParameters) DeepCopyInto(out *AccountAssignmentParame *out = new(string) **out = **in } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PrincipalID != nil { in, out := &in.PrincipalID, &out.PrincipalID *out = new(string) **out = **in } + if in.PrincipalIDFromGroupRef != nil { + in, out := &in.PrincipalIDFromGroupRef, &out.PrincipalIDFromGroupRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalIDFromGroupSelector != nil { + in, out := &in.PrincipalIDFromGroupSelector, &out.PrincipalIDFromGroupSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PrincipalType != nil { in, out := &in.PrincipalType, &out.PrincipalType *out = new(string) @@ -223,7 +243,88 @@ func (in *AccountAssignmentStatus) DeepCopy() *AccountAssignmentStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachment) DeepCopyInto(out *ManagedPolicyAttachment) { +func (in *AttributeInitParameters) DeepCopyInto(out *AttributeInitParameters) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]ValueInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributeInitParameters. +func (in *AttributeInitParameters) DeepCopy() *AttributeInitParameters { + if in == nil { + return nil + } + out := new(AttributeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttributeObservation) DeepCopyInto(out *AttributeObservation) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]ValueObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributeObservation. +func (in *AttributeObservation) DeepCopy() *AttributeObservation { + if in == nil { + return nil + } + out := new(AttributeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttributeParameters) DeepCopyInto(out *AttributeParameters) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]ValueParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributeParameters. +func (in *AttributeParameters) DeepCopy() *AttributeParameters { + if in == nil { + return nil + } + out := new(AttributeParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomerManagedPolicyAttachment) DeepCopyInto(out *CustomerManagedPolicyAttachment) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -231,18 +332,18 @@ func (in *ManagedPolicyAttachment) DeepCopyInto(out *ManagedPolicyAttachment) { in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachment. -func (in *ManagedPolicyAttachment) DeepCopy() *ManagedPolicyAttachment { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachment. +func (in *CustomerManagedPolicyAttachment) DeepCopy() *CustomerManagedPolicyAttachment { if in == nil { return nil } - out := new(ManagedPolicyAttachment) + out := new(CustomerManagedPolicyAttachment) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ManagedPolicyAttachment) DeepCopyObject() runtime.Object { +func (in *CustomerManagedPolicyAttachment) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -250,46 +351,53 @@ func (in *ManagedPolicyAttachment) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentInitParameters) DeepCopyInto(out *ManagedPolicyAttachmentInitParameters) { +func (in *CustomerManagedPolicyAttachmentInitParameters) DeepCopyInto(out *CustomerManagedPolicyAttachmentInitParameters) { *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]CustomerManagedPolicyReferenceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentInitParameters. -func (in *ManagedPolicyAttachmentInitParameters) DeepCopy() *ManagedPolicyAttachmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentInitParameters. +func (in *CustomerManagedPolicyAttachmentInitParameters) DeepCopy() *CustomerManagedPolicyAttachmentInitParameters { if in == nil { return nil } - out := new(ManagedPolicyAttachmentInitParameters) + out := new(CustomerManagedPolicyAttachmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentList) DeepCopyInto(out *ManagedPolicyAttachmentList) { +func (in *CustomerManagedPolicyAttachmentList) DeepCopyInto(out *CustomerManagedPolicyAttachmentList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ManagedPolicyAttachment, len(*in)) + *out = make([]CustomerManagedPolicyAttachment, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentList. -func (in *ManagedPolicyAttachmentList) DeepCopy() *ManagedPolicyAttachmentList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentList. +func (in *CustomerManagedPolicyAttachmentList) DeepCopy() *CustomerManagedPolicyAttachmentList { if in == nil { return nil } - out := new(ManagedPolicyAttachmentList) + out := new(CustomerManagedPolicyAttachmentList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { +func (in *CustomerManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -297,8 +405,15 @@ func (in *ManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAttachmentObservation) { +func (in *CustomerManagedPolicyAttachmentObservation) DeepCopyInto(out *CustomerManagedPolicyAttachmentObservation) { *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]CustomerManagedPolicyReferenceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -309,16 +424,6 @@ func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAtt *out = new(string) **out = **in } - if in.ManagedPolicyArn != nil { - in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn - *out = new(string) - **out = **in - } - if in.ManagedPolicyName != nil { - in, out := &in.ManagedPolicyName, &out.ManagedPolicyName - *out = new(string) - **out = **in - } if in.PermissionSetArn != nil { in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) @@ -326,29 +431,31 @@ func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAtt } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentObservation. -func (in *ManagedPolicyAttachmentObservation) DeepCopy() *ManagedPolicyAttachmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentObservation. +func (in *CustomerManagedPolicyAttachmentObservation) DeepCopy() *CustomerManagedPolicyAttachmentObservation { if in == nil { return nil } - out := new(ManagedPolicyAttachmentObservation) + out := new(CustomerManagedPolicyAttachmentObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentParameters) DeepCopyInto(out *ManagedPolicyAttachmentParameters) { +func (in *CustomerManagedPolicyAttachmentParameters) DeepCopyInto(out *CustomerManagedPolicyAttachmentParameters) { *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]CustomerManagedPolicyReferenceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.InstanceArn != nil { in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.ManagedPolicyArn != nil { - in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn - *out = new(string) - **out = **in - } if in.PermissionSetArn != nil { in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) @@ -371,136 +478,133 @@ func (in *ManagedPolicyAttachmentParameters) DeepCopyInto(out *ManagedPolicyAtta } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentParameters. -func (in *ManagedPolicyAttachmentParameters) DeepCopy() *ManagedPolicyAttachmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentParameters. +func (in *CustomerManagedPolicyAttachmentParameters) DeepCopy() *CustomerManagedPolicyAttachmentParameters { if in == nil { return nil } - out := new(ManagedPolicyAttachmentParameters) + out := new(CustomerManagedPolicyAttachmentParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentSpec) DeepCopyInto(out *ManagedPolicyAttachmentSpec) { +func (in *CustomerManagedPolicyAttachmentSpec) DeepCopyInto(out *CustomerManagedPolicyAttachmentSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) - out.InitProvider = in.InitProvider + in.InitProvider.DeepCopyInto(&out.InitProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentSpec. -func (in *ManagedPolicyAttachmentSpec) DeepCopy() *ManagedPolicyAttachmentSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentSpec. +func (in *CustomerManagedPolicyAttachmentSpec) DeepCopy() *CustomerManagedPolicyAttachmentSpec { if in == nil { return nil } - out := new(ManagedPolicyAttachmentSpec) + out := new(CustomerManagedPolicyAttachmentSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentStatus) DeepCopyInto(out *ManagedPolicyAttachmentStatus) { +func (in *CustomerManagedPolicyAttachmentStatus) DeepCopyInto(out *CustomerManagedPolicyAttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) in.AtProvider.DeepCopyInto(&out.AtProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentStatus. -func (in *ManagedPolicyAttachmentStatus) DeepCopy() *ManagedPolicyAttachmentStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentStatus. +func (in *CustomerManagedPolicyAttachmentStatus) DeepCopy() *CustomerManagedPolicyAttachmentStatus { if in == nil { return nil } - out := new(ManagedPolicyAttachmentStatus) + out := new(CustomerManagedPolicyAttachmentStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSet) DeepCopyInto(out *PermissionSet) { +func (in *CustomerManagedPolicyReferenceInitParameters) DeepCopyInto(out *CustomerManagedPolicyReferenceInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet. -func (in *PermissionSet) DeepCopy() *PermissionSet { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyReferenceInitParameters. +func (in *CustomerManagedPolicyReferenceInitParameters) DeepCopy() *CustomerManagedPolicyReferenceInitParameters { if in == nil { return nil } - out := new(PermissionSet) + out := new(CustomerManagedPolicyReferenceInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSet) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInitParameters) DeepCopyInto(out *PermissionSetInitParameters) { +func (in *CustomerManagedPolicyReferenceObservation) DeepCopyInto(out *CustomerManagedPolicyReferenceObservation) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.Name != nil { + in, out := &in.Name, &out.Name *out = new(string) **out = **in } - if in.InstanceArn != nil { - in, out := &in.InstanceArn, &out.InstanceArn + if in.Path != nil { + in, out := &in.Path, &out.Path *out = new(string) **out = **in } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyReferenceObservation. +func (in *CustomerManagedPolicyReferenceObservation) DeepCopy() *CustomerManagedPolicyReferenceObservation { + if in == nil { + return nil + } + out := new(CustomerManagedPolicyReferenceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomerManagedPolicyReferenceParameters) DeepCopyInto(out *CustomerManagedPolicyReferenceParameters) { + *out = *in if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) **out = **in } - if in.RelayState != nil { - in, out := &in.RelayState, &out.RelayState + if in.Path != nil { + in, out := &in.Path, &out.Path *out = new(string) **out = **in } - if in.SessionDuration != nil { - in, out := &in.SessionDuration, &out.SessionDuration - *out = new(string) - **out = **in + if in.PolicyNameRef != nil { + in, out := &in.PolicyNameRef, &out.PolicyNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) } - if in.Tags != nil { - in, out := &in.Tags, &out.Tags - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } + if in.PolicyNameSelector != nil { + in, out := &in.PolicyNameSelector, &out.PolicyNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInitParameters. -func (in *PermissionSetInitParameters) DeepCopy() *PermissionSetInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyReferenceParameters. +func (in *CustomerManagedPolicyReferenceParameters) DeepCopy() *CustomerManagedPolicyReferenceParameters { if in == nil { return nil } - out := new(PermissionSetInitParameters) + out := new(CustomerManagedPolicyReferenceParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicy) DeepCopyInto(out *PermissionSetInlinePolicy) { +func (in *InstanceAccessControlAttributes) DeepCopyInto(out *InstanceAccessControlAttributes) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -508,18 +612,18 @@ func (in *PermissionSetInlinePolicy) DeepCopyInto(out *PermissionSetInlinePolicy in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicy. -func (in *PermissionSetInlinePolicy) DeepCopy() *PermissionSetInlinePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributes. +func (in *InstanceAccessControlAttributes) DeepCopy() *InstanceAccessControlAttributes { if in == nil { return nil } - out := new(PermissionSetInlinePolicy) + out := new(InstanceAccessControlAttributes) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSetInlinePolicy) DeepCopyObject() runtime.Object { +func (in *InstanceAccessControlAttributes) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -527,51 +631,53 @@ func (in *PermissionSetInlinePolicy) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyInitParameters) DeepCopyInto(out *PermissionSetInlinePolicyInitParameters) { +func (in *InstanceAccessControlAttributesInitParameters) DeepCopyInto(out *InstanceAccessControlAttributesInitParameters) { *out = *in - if in.InlinePolicy != nil { - in, out := &in.InlinePolicy, &out.InlinePolicy - *out = new(string) - **out = **in + if in.Attribute != nil { + in, out := &in.Attribute, &out.Attribute + *out = make([]AttributeInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyInitParameters. -func (in *PermissionSetInlinePolicyInitParameters) DeepCopy() *PermissionSetInlinePolicyInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesInitParameters. +func (in *InstanceAccessControlAttributesInitParameters) DeepCopy() *InstanceAccessControlAttributesInitParameters { if in == nil { return nil } - out := new(PermissionSetInlinePolicyInitParameters) + out := new(InstanceAccessControlAttributesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyList) DeepCopyInto(out *PermissionSetInlinePolicyList) { +func (in *InstanceAccessControlAttributesList) DeepCopyInto(out *InstanceAccessControlAttributesList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]PermissionSetInlinePolicy, len(*in)) + *out = make([]InstanceAccessControlAttributes, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyList. -func (in *PermissionSetInlinePolicyList) DeepCopy() *PermissionSetInlinePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesList. +func (in *InstanceAccessControlAttributesList) DeepCopy() *InstanceAccessControlAttributesList { if in == nil { return nil } - out := new(PermissionSetInlinePolicyList) + out := new(InstanceAccessControlAttributesList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSetInlinePolicyList) DeepCopyObject() runtime.Object { +func (in *InstanceAccessControlAttributesList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -579,68 +685,62 @@ func (in *PermissionSetInlinePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyObservation) DeepCopyInto(out *PermissionSetInlinePolicyObservation) { +func (in *InstanceAccessControlAttributesObservation) DeepCopyInto(out *InstanceAccessControlAttributesObservation) { *out = *in + if in.Attribute != nil { + in, out := &in.Attribute, &out.Attribute + *out = make([]AttributeObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } - if in.InlinePolicy != nil { - in, out := &in.InlinePolicy, &out.InlinePolicy + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.InstanceArn != nil { - in, out := &in.InstanceArn, &out.InstanceArn + if in.Status != nil { + in, out := &in.Status, &out.Status *out = new(string) **out = **in } - if in.PermissionSetArn != nil { - in, out := &in.PermissionSetArn, &out.PermissionSetArn + if in.StatusReason != nil { + in, out := &in.StatusReason, &out.StatusReason *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyObservation. -func (in *PermissionSetInlinePolicyObservation) DeepCopy() *PermissionSetInlinePolicyObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesObservation. +func (in *InstanceAccessControlAttributesObservation) DeepCopy() *InstanceAccessControlAttributesObservation { if in == nil { return nil } - out := new(PermissionSetInlinePolicyObservation) + out := new(InstanceAccessControlAttributesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyParameters) DeepCopyInto(out *PermissionSetInlinePolicyParameters) { +func (in *InstanceAccessControlAttributesParameters) DeepCopyInto(out *InstanceAccessControlAttributesParameters) { *out = *in - if in.InlinePolicy != nil { - in, out := &in.InlinePolicy, &out.InlinePolicy - *out = new(string) - **out = **in + if in.Attribute != nil { + in, out := &in.Attribute, &out.Attribute + *out = make([]AttributeParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.InstanceArn != nil { in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.PermissionSetArn != nil { - in, out := &in.PermissionSetArn, &out.PermissionSetArn - *out = new(string) - **out = **in - } - if in.PermissionSetArnRef != nil { - in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.PermissionSetArnSelector != nil { - in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.Region != nil { in, out := &in.Region, &out.Region *out = new(string) @@ -648,77 +748,119 @@ func (in *PermissionSetInlinePolicyParameters) DeepCopyInto(out *PermissionSetIn } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyParameters. -func (in *PermissionSetInlinePolicyParameters) DeepCopy() *PermissionSetInlinePolicyParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesParameters. +func (in *InstanceAccessControlAttributesParameters) DeepCopy() *InstanceAccessControlAttributesParameters { if in == nil { return nil } - out := new(PermissionSetInlinePolicyParameters) + out := new(InstanceAccessControlAttributesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicySpec) DeepCopyInto(out *PermissionSetInlinePolicySpec) { +func (in *InstanceAccessControlAttributesSpec) DeepCopyInto(out *InstanceAccessControlAttributesSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) in.InitProvider.DeepCopyInto(&out.InitProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicySpec. -func (in *PermissionSetInlinePolicySpec) DeepCopy() *PermissionSetInlinePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesSpec. +func (in *InstanceAccessControlAttributesSpec) DeepCopy() *InstanceAccessControlAttributesSpec { if in == nil { return nil } - out := new(PermissionSetInlinePolicySpec) + out := new(InstanceAccessControlAttributesSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyStatus) DeepCopyInto(out *PermissionSetInlinePolicyStatus) { +func (in *InstanceAccessControlAttributesStatus) DeepCopyInto(out *InstanceAccessControlAttributesStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) in.AtProvider.DeepCopyInto(&out.AtProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyStatus. -func (in *PermissionSetInlinePolicyStatus) DeepCopy() *PermissionSetInlinePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesStatus. +func (in *InstanceAccessControlAttributesStatus) DeepCopy() *InstanceAccessControlAttributesStatus { if in == nil { return nil } - out := new(PermissionSetInlinePolicyStatus) + out := new(InstanceAccessControlAttributesStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetList) DeepCopyInto(out *PermissionSetList) { +func (in *ManagedPolicyAttachment) DeepCopyInto(out *ManagedPolicyAttachment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachment. +func (in *ManagedPolicyAttachment) DeepCopy() *ManagedPolicyAttachment { + if in == nil { + return nil + } + out := new(ManagedPolicyAttachment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ManagedPolicyAttachment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentInitParameters) DeepCopyInto(out *ManagedPolicyAttachmentInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentInitParameters. +func (in *ManagedPolicyAttachmentInitParameters) DeepCopy() *ManagedPolicyAttachmentInitParameters { + if in == nil { + return nil + } + out := new(ManagedPolicyAttachmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentList) DeepCopyInto(out *ManagedPolicyAttachmentList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]PermissionSet, len(*in)) + *out = make([]ManagedPolicyAttachment, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetList. -func (in *PermissionSetList) DeepCopy() *PermissionSetList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentList. +func (in *ManagedPolicyAttachmentList) DeepCopy() *ManagedPolicyAttachmentList { if in == nil { return nil } - out := new(PermissionSetList) + out := new(ManagedPolicyAttachmentList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSetList) DeepCopyObject() runtime.Object { +func (in *ManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -726,94 +868,154 @@ func (in *PermissionSetList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetObservation) DeepCopyInto(out *PermissionSetObservation) { +func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAttachmentObservation) { *out = *in - if in.Arn != nil { - in, out := &in.Arn, &out.Arn + if in.ID != nil { + in, out := &in.ID, &out.ID *out = new(string) **out = **in } - if in.CreatedDate != nil { - in, out := &in.CreatedDate, &out.CreatedDate + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.ManagedPolicyName != nil { + in, out := &in.ManagedPolicyName, &out.ManagedPolicyName + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) **out = **in } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentObservation. +func (in *ManagedPolicyAttachmentObservation) DeepCopy() *ManagedPolicyAttachmentObservation { + if in == nil { + return nil + } + out := new(ManagedPolicyAttachmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentParameters) DeepCopyInto(out *ManagedPolicyAttachmentParameters) { + *out = *in if in.InstanceArn != nil { in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.Name != nil { - in, out := &in.Name, &out.Name + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn *out = new(string) **out = **in } - if in.RelayState != nil { - in, out := &in.RelayState, &out.RelayState + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) **out = **in } - if in.SessionDuration != nil { - in, out := &in.SessionDuration, &out.SessionDuration + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region *out = new(string) **out = **in } - if in.Tags != nil { - in, out := &in.Tags, &out.Tags - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentParameters. +func (in *ManagedPolicyAttachmentParameters) DeepCopy() *ManagedPolicyAttachmentParameters { + if in == nil { + return nil } - if in.TagsAll != nil { - in, out := &in.TagsAll, &out.TagsAll - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } + out := new(ManagedPolicyAttachmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentSpec) DeepCopyInto(out *ManagedPolicyAttachmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + out.InitProvider = in.InitProvider +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentSpec. +func (in *ManagedPolicyAttachmentSpec) DeepCopy() *ManagedPolicyAttachmentSpec { + if in == nil { + return nil } + out := new(ManagedPolicyAttachmentSpec) + in.DeepCopyInto(out) + return out } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetObservation. -func (in *PermissionSetObservation) DeepCopy() *PermissionSetObservation { +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentStatus) DeepCopyInto(out *ManagedPolicyAttachmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentStatus. +func (in *ManagedPolicyAttachmentStatus) DeepCopy() *ManagedPolicyAttachmentStatus { if in == nil { return nil } - out := new(PermissionSetObservation) + out := new(ManagedPolicyAttachmentStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { +func (in *PermissionSet) DeepCopyInto(out *PermissionSet) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet. +func (in *PermissionSet) DeepCopy() *PermissionSet { + if in == nil { + return nil + } + out := new(PermissionSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInitParameters) DeepCopyInto(out *PermissionSetInitParameters) { *out = *in if in.Description != nil { in, out := &in.Description, &out.Description @@ -830,11 +1032,6 @@ func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { *out = new(string) **out = **in } - if in.Region != nil { - in, out := &in.Region, &out.Region - *out = new(string) - **out = **in - } if in.RelayState != nil { in, out := &in.RelayState, &out.RelayState *out = new(string) @@ -863,47 +1060,860 @@ func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetParameters. -func (in *PermissionSetParameters) DeepCopy() *PermissionSetParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInitParameters. +func (in *PermissionSetInitParameters) DeepCopy() *PermissionSetInitParameters { if in == nil { return nil } - out := new(PermissionSetParameters) + out := new(PermissionSetInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetSpec) DeepCopyInto(out *PermissionSetSpec) { +func (in *PermissionSetInlinePolicy) DeepCopyInto(out *PermissionSetInlinePolicy) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetSpec. -func (in *PermissionSetSpec) DeepCopy() *PermissionSetSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicy. +func (in *PermissionSetInlinePolicy) DeepCopy() *PermissionSetInlinePolicy { if in == nil { return nil } - out := new(PermissionSetSpec) + out := new(PermissionSetInlinePolicy) in.DeepCopyInto(out) return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetStatus) DeepCopyInto(out *PermissionSetStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSetInlinePolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyInitParameters) DeepCopyInto(out *PermissionSetInlinePolicyInitParameters) { + *out = *in + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyInitParameters. +func (in *PermissionSetInlinePolicyInitParameters) DeepCopy() *PermissionSetInlinePolicyInitParameters { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyList) DeepCopyInto(out *PermissionSetInlinePolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionSetInlinePolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyList. +func (in *PermissionSetInlinePolicyList) DeepCopy() *PermissionSetInlinePolicyList { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSetInlinePolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyObservation) DeepCopyInto(out *PermissionSetInlinePolicyObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyObservation. +func (in *PermissionSetInlinePolicyObservation) DeepCopy() *PermissionSetInlinePolicyObservation { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyParameters) DeepCopyInto(out *PermissionSetInlinePolicyParameters) { + *out = *in + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyParameters. +func (in *PermissionSetInlinePolicyParameters) DeepCopy() *PermissionSetInlinePolicyParameters { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicySpec) DeepCopyInto(out *PermissionSetInlinePolicySpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicySpec. +func (in *PermissionSetInlinePolicySpec) DeepCopy() *PermissionSetInlinePolicySpec { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyStatus) DeepCopyInto(out *PermissionSetInlinePolicyStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyStatus. +func (in *PermissionSetInlinePolicyStatus) DeepCopy() *PermissionSetInlinePolicyStatus { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetList) DeepCopyInto(out *PermissionSetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetList. +func (in *PermissionSetList) DeepCopy() *PermissionSetList { + if in == nil { + return nil + } + out := new(PermissionSetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetObservation) DeepCopyInto(out *PermissionSetObservation) { + *out = *in + if in.Arn != nil { + in, out := &in.Arn, &out.Arn + *out = new(string) + **out = **in + } + if in.CreatedDate != nil { + in, out := &in.CreatedDate, &out.CreatedDate + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } + if in.SessionDuration != nil { + in, out := &in.SessionDuration, &out.SessionDuration + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.TagsAll != nil { + in, out := &in.TagsAll, &out.TagsAll + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetObservation. +func (in *PermissionSetObservation) DeepCopy() *PermissionSetObservation { + if in == nil { + return nil + } + out := new(PermissionSetObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } + if in.SessionDuration != nil { + in, out := &in.SessionDuration, &out.SessionDuration + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetParameters. +func (in *PermissionSetParameters) DeepCopy() *PermissionSetParameters { + if in == nil { + return nil + } + out := new(PermissionSetParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetSpec) DeepCopyInto(out *PermissionSetSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetSpec. +func (in *PermissionSetSpec) DeepCopy() *PermissionSetSpec { + if in == nil { + return nil + } + out := new(PermissionSetSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetStatus) DeepCopyInto(out *PermissionSetStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetStatus. func (in *PermissionSetStatus) DeepCopy() *PermissionSetStatus { if in == nil { return nil } - out := new(PermissionSetStatus) + out := new(PermissionSetStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachment) DeepCopyInto(out *PermissionsBoundaryAttachment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachment. +func (in *PermissionsBoundaryAttachment) DeepCopy() *PermissionsBoundaryAttachment { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionsBoundaryAttachment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentInitParameters) DeepCopyInto(out *PermissionsBoundaryAttachmentInitParameters) { + *out = *in + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentInitParameters. +func (in *PermissionsBoundaryAttachmentInitParameters) DeepCopy() *PermissionsBoundaryAttachmentInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentList) DeepCopyInto(out *PermissionsBoundaryAttachmentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionsBoundaryAttachment, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentList. +func (in *PermissionsBoundaryAttachmentList) DeepCopy() *PermissionsBoundaryAttachmentList { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionsBoundaryAttachmentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentObservation) DeepCopyInto(out *PermissionsBoundaryAttachmentObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentObservation. +func (in *PermissionsBoundaryAttachmentObservation) DeepCopy() *PermissionsBoundaryAttachmentObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentParameters) DeepCopyInto(out *PermissionsBoundaryAttachmentParameters) { + *out = *in + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentParameters. +func (in *PermissionsBoundaryAttachmentParameters) DeepCopy() *PermissionsBoundaryAttachmentParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentSpec) DeepCopyInto(out *PermissionsBoundaryAttachmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentSpec. +func (in *PermissionsBoundaryAttachmentSpec) DeepCopy() *PermissionsBoundaryAttachmentSpec { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentStatus) DeepCopyInto(out *PermissionsBoundaryAttachmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentStatus. +func (in *PermissionsBoundaryAttachmentStatus) DeepCopy() *PermissionsBoundaryAttachmentStatus { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceObservation. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.NameRef != nil { + in, out := &in.NameRef, &out.NameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NameSelector != nil { + in, out := &in.NameSelector, &out.NameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceParameters. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryInitParameters) DeepCopyInto(out *PermissionsBoundaryInitParameters) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryInitParameters. +func (in *PermissionsBoundaryInitParameters) DeepCopy() *PermissionsBoundaryInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryObservation) DeepCopyInto(out *PermissionsBoundaryObservation) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryObservation. +func (in *PermissionsBoundaryObservation) DeepCopy() *PermissionsBoundaryObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryParameters) DeepCopyInto(out *PermissionsBoundaryParameters) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryParameters. +func (in *PermissionsBoundaryParameters) DeepCopy() *PermissionsBoundaryParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValueInitParameters) DeepCopyInto(out *ValueInitParameters) { + *out = *in + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueInitParameters. +func (in *ValueInitParameters) DeepCopy() *ValueInitParameters { + if in == nil { + return nil + } + out := new(ValueInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValueObservation) DeepCopyInto(out *ValueObservation) { + *out = *in + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueObservation. +func (in *ValueObservation) DeepCopy() *ValueObservation { + if in == nil { + return nil + } + out := new(ValueObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValueParameters) DeepCopyInto(out *ValueParameters) { + *out = *in + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueParameters. +func (in *ValueParameters) DeepCopy() *ValueParameters { + if in == nil { + return nil + } + out := new(ValueParameters) in.DeepCopyInto(out) return out } diff --git a/apis/ssoadmin/v1beta1/zz_generated.managed.go b/apis/ssoadmin/v1beta1/zz_generated.managed.go index c0dd6c2b70..d468a8a60c 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.managed.go +++ b/apis/ssoadmin/v1beta1/zz_generated.managed.go @@ -67,6 +67,126 @@ func (mg *AccountAssignment) SetWriteConnectionSecretToReference(r *xpv1.SecretR mg.Spec.WriteConnectionSecretToReference = r } +// GetCondition of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this ManagedPolicyAttachment. func (mg *ManagedPolicyAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) @@ -246,3 +366,63 @@ func (mg *PermissionSetInlinePolicy) SetPublishConnectionDetailsTo(r *xpv1.Publi func (mg *PermissionSetInlinePolicy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.managedlist.go b/apis/ssoadmin/v1beta1/zz_generated.managedlist.go index a36bfcf74c..a59fae04fa 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.managedlist.go +++ b/apis/ssoadmin/v1beta1/zz_generated.managedlist.go @@ -16,6 +16,24 @@ func (l *AccountAssignmentList) GetItems() []resource.Managed { return items } +// GetItems of this CustomerManagedPolicyAttachmentList. +func (l *CustomerManagedPolicyAttachmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this InstanceAccessControlAttributesList. +func (l *InstanceAccessControlAttributesList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this ManagedPolicyAttachmentList. func (l *ManagedPolicyAttachmentList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) @@ -42,3 +60,12 @@ func (l *PermissionSetList) GetItems() []resource.Managed { } return items } + +// GetItems of this PermissionsBoundaryAttachmentList. +func (l *PermissionsBoundaryAttachmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.resolvers.go b/apis/ssoadmin/v1beta1/zz_generated.resolvers.go index 1a15ab0f31..28bc094cd1 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.resolvers.go +++ b/apis/ssoadmin/v1beta1/zz_generated.resolvers.go @@ -10,9 +10,98 @@ import ( reference "github.com/crossplane/crossplane-runtime/pkg/reference" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" + v1beta11 "github.com/upbound/provider-aws/apis/iam/v1beta1" + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + common "github.com/upbound/provider-aws/config/common" client "sigs.k8s.io/controller-runtime/pkg/client" ) +// ResolveReferences of this AccountAssignment. +func (mg *AccountAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: common.ARNExtractor(), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PrincipalIDFromGroupRef, + Selector: mg.Spec.ForProvider.PrincipalIDFromGroupSelector, + To: reference.To{ + List: &v1beta1.GroupList{}, + Managed: &v1beta1.Group{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalID") + } + mg.Spec.ForProvider.PrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrincipalIDFromGroupRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + for i3 := 0; i3 < len(mg.Spec.ForProvider.CustomerManagedPolicyReference); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].Name), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].PolicyNameRef, + Selector: mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].PolicyNameSelector, + To: reference.To{ + List: &v1beta11.PolicyList{}, + Managed: &v1beta11.Policy{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].Name") + } + mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].PolicyNameRef = rsp.ResolvedReference + + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: resource.ExtractParamPath("arn", true), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + return nil +} + // ResolveReferences of this ManagedPolicyAttachment. func (mg *ManagedPolicyAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { r := reference.NewAPIResolver(c, mg) @@ -64,3 +153,50 @@ func (mg *PermissionSetInlinePolicy) ResolveReferences(ctx context.Context, c cl return nil } + +// ResolveReferences of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: resource.ExtractParamPath("arn", true), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + for i3 := 0; i3 < len(mg.Spec.ForProvider.PermissionsBoundary); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference); i4++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameRef, + Selector: mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameSelector, + To: reference.To{ + List: &v1beta11.PolicyList{}, + Managed: &v1beta11.Policy{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name") + } + mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameRef = rsp.ResolvedReference + + } + } + + return nil +} diff --git a/apis/ssoadmin/v1beta1/zz_generated_terraformed.go b/apis/ssoadmin/v1beta1/zz_generated_terraformed.go index 3f8020e877..635f279e92 100755 --- a/apis/ssoadmin/v1beta1/zz_generated_terraformed.go +++ b/apis/ssoadmin/v1beta1/zz_generated_terraformed.go @@ -132,6 +132,234 @@ func (tr *AccountAssignment) GetTerraformSchemaVersion() int { return 0 } +// GetTerraformResourceType returns Terraform resource type for this CustomerManagedPolicyAttachment +func (mg *CustomerManagedPolicyAttachment) GetTerraformResourceType() string { + return "aws_ssoadmin_customer_managed_policy_attachment" +} + +// GetConnectionDetailsMapping for this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this CustomerManagedPolicyAttachment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *CustomerManagedPolicyAttachment) LateInitialize(attrs []byte) (bool, error) { + params := &CustomerManagedPolicyAttachmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *CustomerManagedPolicyAttachment) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this InstanceAccessControlAttributes +func (mg *InstanceAccessControlAttributes) GetTerraformResourceType() string { + return "aws_ssoadmin_instance_access_control_attributes" +} + +// GetConnectionDetailsMapping for this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this InstanceAccessControlAttributes using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *InstanceAccessControlAttributes) LateInitialize(attrs []byte) (bool, error) { + params := &InstanceAccessControlAttributesParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *InstanceAccessControlAttributes) GetTerraformSchemaVersion() int { + return 0 +} + // GetTerraformResourceType returns Terraform resource type for this ManagedPolicyAttachment func (mg *ManagedPolicyAttachment) GetTerraformResourceType() string { return "aws_ssoadmin_managed_policy_attachment" @@ -473,3 +701,117 @@ func (tr *PermissionSetInlinePolicy) LateInitialize(attrs []byte) (bool, error) func (tr *PermissionSetInlinePolicy) GetTerraformSchemaVersion() int { return 0 } + +// GetTerraformResourceType returns Terraform resource type for this PermissionsBoundaryAttachment +func (mg *PermissionsBoundaryAttachment) GetTerraformResourceType() string { + return "aws_ssoadmin_permissions_boundary_attachment" +} + +// GetConnectionDetailsMapping for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this PermissionsBoundaryAttachment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *PermissionsBoundaryAttachment) LateInitialize(attrs []byte) (bool, error) { + params := &PermissionsBoundaryAttachmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *PermissionsBoundaryAttachment) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go b/apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go new file mode 100755 index 0000000000..0bb9925669 --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go @@ -0,0 +1,165 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AttributeInitParameters struct { + + // The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue + Value []ValueInitParameters `json:"value,omitempty" tf:"value,omitempty"` +} + +type AttributeObservation struct { + + // The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue + Value []ValueObservation `json:"value,omitempty" tf:"value,omitempty"` +} + +type AttributeParameters struct { + + // The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. + // +kubebuilder:validation:Optional + Key *string `json:"key" tf:"key,omitempty"` + + // The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue + // +kubebuilder:validation:Optional + Value []ValueParameters `json:"value" tf:"value,omitempty"` +} + +type InstanceAccessControlAttributesInitParameters struct { + + // See AccessControlAttribute for more details. + Attribute []AttributeInitParameters `json:"attribute,omitempty" tf:"attribute,omitempty"` +} + +type InstanceAccessControlAttributesObservation struct { + + // See AccessControlAttribute for more details. + Attribute []AttributeObservation `json:"attribute,omitempty" tf:"attribute,omitempty"` + + // The identifier of the Instance Access Control Attribute instance_arn. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + Status *string `json:"status,omitempty" tf:"status,omitempty"` + + StatusReason *string `json:"statusReason,omitempty" tf:"status_reason,omitempty"` +} + +type InstanceAccessControlAttributesParameters struct { + + // See AccessControlAttribute for more details. + // +kubebuilder:validation:Optional + Attribute []AttributeParameters `json:"attribute,omitempty" tf:"attribute,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance. + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type ValueInitParameters struct { + + // The identity source to use when mapping a specified attribute to AWS SSO. + Source []*string `json:"source,omitempty" tf:"source,omitempty"` +} + +type ValueObservation struct { + + // The identity source to use when mapping a specified attribute to AWS SSO. + Source []*string `json:"source,omitempty" tf:"source,omitempty"` +} + +type ValueParameters struct { + + // The identity source to use when mapping a specified attribute to AWS SSO. + // +kubebuilder:validation:Optional + Source []*string `json:"source" tf:"source,omitempty"` +} + +// InstanceAccessControlAttributesSpec defines the desired state of InstanceAccessControlAttributes +type InstanceAccessControlAttributesSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider InstanceAccessControlAttributesParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider InstanceAccessControlAttributesInitParameters `json:"initProvider,omitempty"` +} + +// InstanceAccessControlAttributesStatus defines the observed state of InstanceAccessControlAttributes. +type InstanceAccessControlAttributesStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider InstanceAccessControlAttributesObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// InstanceAccessControlAttributes is the Schema for the InstanceAccessControlAttributess API. Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type InstanceAccessControlAttributes struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.attribute) || (has(self.initProvider) && has(self.initProvider.attribute))",message="spec.forProvider.attribute is a required parameter" + Spec InstanceAccessControlAttributesSpec `json:"spec"` + Status InstanceAccessControlAttributesStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// InstanceAccessControlAttributesList contains a list of InstanceAccessControlAttributess +type InstanceAccessControlAttributesList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []InstanceAccessControlAttributes `json:"items"` +} + +// Repository type metadata. +var ( + InstanceAccessControlAttributes_Kind = "InstanceAccessControlAttributes" + InstanceAccessControlAttributes_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: InstanceAccessControlAttributes_Kind}.String() + InstanceAccessControlAttributes_KindAPIVersion = InstanceAccessControlAttributes_Kind + "." + CRDGroupVersion.String() + InstanceAccessControlAttributes_GroupVersionKind = CRDGroupVersion.WithKind(InstanceAccessControlAttributes_Kind) +) + +func init() { + SchemeBuilder.Register(&InstanceAccessControlAttributes{}, &InstanceAccessControlAttributesList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go b/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go new file mode 100755 index 0000000000..98e0d90765 --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go @@ -0,0 +1,194 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type PermissionsBoundaryAttachmentInitParameters struct { + + // The permissions boundary policy. See below. + PermissionsBoundary []PermissionsBoundaryInitParameters `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` +} + +type PermissionsBoundaryAttachmentObservation struct { + + // Permission Set Amazon Resource Name (ARN) and SSO Instance ARN, separated by a comma (,). + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // The permissions boundary policy. See below. + PermissionsBoundary []PermissionsBoundaryObservation `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` +} + +type PermissionsBoundaryAttachmentParameters struct { + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("arn",true) + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // The permissions boundary policy. See below. + // +kubebuilder:validation:Optional + PermissionsBoundary []PermissionsBoundaryParameters `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters struct { + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceObservation struct { + + // Name of the customer managed IAM Policy to be attached. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceParameters struct { + + // Name of the customer managed IAM Policy to be attached. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Policy + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Reference to a Policy in iam to populate name. + // +kubebuilder:validation:Optional + NameRef *v1.Reference `json:"nameRef,omitempty" tf:"-"` + + // Selector for a Policy in iam to populate name. + // +kubebuilder:validation:Optional + NameSelector *v1.Selector `json:"nameSelector,omitempty" tf:"-"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryInitParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +type PermissionsBoundaryObservation struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceObservation `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +type PermissionsBoundaryParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + // +kubebuilder:validation:Optional + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + // +kubebuilder:validation:Optional + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +// PermissionsBoundaryAttachmentSpec defines the desired state of PermissionsBoundaryAttachment +type PermissionsBoundaryAttachmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider PermissionsBoundaryAttachmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider PermissionsBoundaryAttachmentInitParameters `json:"initProvider,omitempty"` +} + +// PermissionsBoundaryAttachmentStatus defines the observed state of PermissionsBoundaryAttachment. +type PermissionsBoundaryAttachmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider PermissionsBoundaryAttachmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// PermissionsBoundaryAttachment is the Schema for the PermissionsBoundaryAttachments API. Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission Set resource. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type PermissionsBoundaryAttachment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permissionsBoundary) || (has(self.initProvider) && has(self.initProvider.permissionsBoundary))",message="spec.forProvider.permissionsBoundary is a required parameter" + Spec PermissionsBoundaryAttachmentSpec `json:"spec"` + Status PermissionsBoundaryAttachmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// PermissionsBoundaryAttachmentList contains a list of PermissionsBoundaryAttachments +type PermissionsBoundaryAttachmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PermissionsBoundaryAttachment `json:"items"` +} + +// Repository type metadata. +var ( + PermissionsBoundaryAttachment_Kind = "PermissionsBoundaryAttachment" + PermissionsBoundaryAttachment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: PermissionsBoundaryAttachment_Kind}.String() + PermissionsBoundaryAttachment_KindAPIVersion = PermissionsBoundaryAttachment_Kind + "." + CRDGroupVersion.String() + PermissionsBoundaryAttachment_GroupVersionKind = CRDGroupVersion.WithKind(PermissionsBoundaryAttachment_Kind) +) + +func init() { + SchemeBuilder.Register(&PermissionsBoundaryAttachment{}, &PermissionsBoundaryAttachmentList{}) +} diff --git a/apis/zz_register.go b/apis/zz_register.go index 9033364a06..f4faa82d0b 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -95,6 +95,7 @@ import ( v1beta1grafana "github.com/upbound/provider-aws/apis/grafana/v1beta1" v1beta1guardduty "github.com/upbound/provider-aws/apis/guardduty/v1beta1" v1beta1iam "github.com/upbound/provider-aws/apis/iam/v1beta1" + v1beta1identitystore "github.com/upbound/provider-aws/apis/identitystore/v1beta1" v1beta1imagebuilder "github.com/upbound/provider-aws/apis/imagebuilder/v1beta1" v1beta1inspector "github.com/upbound/provider-aws/apis/inspector/v1beta1" v1beta1inspector2 "github.com/upbound/provider-aws/apis/inspector2/v1beta1" @@ -259,6 +260,7 @@ func init() { v1beta1grafana.SchemeBuilder.AddToScheme, v1beta1guardduty.SchemeBuilder.AddToScheme, v1beta1iam.SchemeBuilder.AddToScheme, + v1beta1identitystore.SchemeBuilder.AddToScheme, v1beta1imagebuilder.SchemeBuilder.AddToScheme, v1beta1inspector.SchemeBuilder.AddToScheme, v1beta1inspector2.SchemeBuilder.AddToScheme, diff --git a/cmd/provider/identitystore/zz_main.go b/cmd/provider/identitystore/zz_main.go new file mode 100644 index 0000000000..274a06b3da --- /dev/null +++ b/cmd/provider/identitystore/zz_main.go @@ -0,0 +1,162 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "math/rand" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("100").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + // currently, we configure the jitter to be the 5% of the poll interval + pollJitter := time.Duration(float64(*pollInterval) * 0.05) + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "poll-jitter", pollJitter, "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws-identitystore", + Cache: cache.Options{ + SyncPeriod: syncInterval, + }, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, + terraform.WithSharedProviderOptions(terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource))) + } + + ctx := context.Background() + provider, err := config.GetProvider(ctx, false) + kingpin.FatalIfError(err, "Cannot initialize the provider configuration") + setupConfig.TerraformProvider = provider.TerraformProvider + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: provider, + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + PollJitter: pollJitter, + OperationTrackerStore: tjcontroller.NewOperationStore(log), + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableBetaManagementPolicies) + log.Info("Beta feature enabled", "flag", features.EnableBetaManagementPolicies) + } + + o.WorkspaceStore = terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval), terraform.WithFeatures(o.Features)) + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(ctx, &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + rand.Seed(time.Now().UnixNano()) + kingpin.FatalIfError(controller.Setup_identitystore(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/config/generated.lst b/config/generated.lst index a000532901..94a2cf624f 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_certificate","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_mq_broker","aws_mq_configuration","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file +["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_identitystore_group","aws_identitystore_group_membership","aws_identitystore_user","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_certificate","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_mq_broker","aws_mq_configuration","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_customer_managed_policy_attachment","aws_ssoadmin_instance_access_control_attributes","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_ssoadmin_permissions_boundary_attachment","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file diff --git a/examples-generated/identitystore/group.yaml b/examples-generated/identitystore/group.yaml new file mode 100644 index 0000000000..49b1dfe760 --- /dev/null +++ b/examples-generated/identitystore/group.yaml @@ -0,0 +1,14 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/group + labels: + testing.upbound.io/example-name: this + name: this +spec: + forProvider: + description: Example description + displayName: Example group + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + region: us-west-1 diff --git a/examples-generated/identitystore/groupmembership.yaml b/examples-generated/identitystore/groupmembership.yaml new file mode 100644 index 0000000000..18779aaf48 --- /dev/null +++ b/examples-generated/identitystore/groupmembership.yaml @@ -0,0 +1,55 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: GroupMembership +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + groupIdSelector: + matchLabels: + testing.upbound.io/example-name: example + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + memberIdSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-west-1 + +--- + +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: Some group name + displayName: MyGroup + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + region: us-west-1 + +--- + +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: John Doe + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + name: + - familyName: Doe + givenName: John + region: us-west-1 + userName: john.doe@example.com diff --git a/examples-generated/identitystore/user.yaml b/examples-generated/identitystore/user.yaml new file mode 100644 index 0000000000..62c268690f --- /dev/null +++ b/examples-generated/identitystore/user.yaml @@ -0,0 +1,19 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/user + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: John Doe + emails: + - value: john@example.com + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + name: + - familyName: Doe + givenName: John + region: us-west-1 + userName: johndoe diff --git a/examples-generated/ssoadmin/accountassignment.yaml b/examples-generated/ssoadmin/accountassignment.yaml index 7b9d3e0bb3..3136eb7343 100644 --- a/examples-generated/ssoadmin/accountassignment.yaml +++ b/examples-generated/ssoadmin/accountassignment.yaml @@ -9,8 +9,12 @@ metadata: spec: forProvider: instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} - permissionSetArn: ${data.aws_ssoadmin_permission_set.example.arn} - principalId: ${data.aws_identitystore_group.example.group_id} + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: aws_ssoadmin_permission_set + principalIdFromGroupSelector: + matchLabels: + testing.upbound.io/example-name: aws_identitystore_group principalType: GROUP region: us-west-1 targetId: "012347678910" diff --git a/examples-generated/ssoadmin/customermanagedpolicyattachment.yaml b/examples-generated/ssoadmin/customermanagedpolicyattachment.yaml new file mode 100644 index 0000000000..c1f0fca673 --- /dev/null +++ b/examples-generated/ssoadmin/customermanagedpolicyattachment.yaml @@ -0,0 +1,63 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: CustomerManagedPolicyAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + customerManagedPolicyReference: + - path: / + policyNameSelector: + matchLabels: + testing.upbound.io/example-name: example + instanceArn: ${aws_ssoadmin_permission_set.example.instance_arn} + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-west-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: My test policy + policy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "ec2:Describe*", + ] + Effect = "Allow" + Resource = "*" + }, + ] + })} + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + name: Example + region: us-west-1 diff --git a/examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml b/examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml new file mode 100644 index 0000000000..688ffaa066 --- /dev/null +++ b/examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml @@ -0,0 +1,21 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: InstanceAccessControlAttributes +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/instanceaccesscontrolattributes + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + attribute: + - key: name + value: + - source: + - ${path:name.givenName} + - key: last + value: + - source: + - ${path:name.familyName} + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + region: us-west-1 diff --git a/examples-generated/ssoadmin/permissionsboundaryattachment.yaml b/examples-generated/ssoadmin/permissionsboundaryattachment.yaml new file mode 100644 index 0000000000..dd93ab34d1 --- /dev/null +++ b/examples-generated/ssoadmin/permissionsboundaryattachment.yaml @@ -0,0 +1,64 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionsBoundaryAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${aws_ssoadmin_permission_set.example.instance_arn} + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: example + permissionsBoundary: + - customerManagedPolicyReference: + - nameSelector: + matchLabels: + testing.upbound.io/example-name: example + path: / + region: us-west-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: My test policy + policy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "ec2:Describe*", + ] + Effect = "Allow" + Resource = "*" + }, + ] + })} + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + name: Example + region: us-west-1 diff --git a/internal/controller/identitystore/group/zz_controller.go b/internal/controller/identitystore/group/zz_controller.go new file mode 100755 index 0000000000..35c06502fc --- /dev/null +++ b/internal/controller/identitystore/group/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package group + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles Group managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.Group_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Group_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_identitystore_group"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Group_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.Group{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/identitystore/groupmembership/zz_controller.go b/internal/controller/identitystore/groupmembership/zz_controller.go new file mode 100755 index 0000000000..51e1fb839a --- /dev/null +++ b/internal/controller/identitystore/groupmembership/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package groupmembership + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles GroupMembership managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.GroupMembership_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.GroupMembership_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.GroupMembership_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_identitystore_group_membership"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.GroupMembership_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.GroupMembership_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.GroupMembership{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/identitystore/user/zz_controller.go b/internal/controller/identitystore/user/zz_controller.go new file mode 100755 index 0000000000..5369de0c06 --- /dev/null +++ b/internal/controller/identitystore/user/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package user + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles User managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.User_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.User_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.User_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_identitystore_user"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.User_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.User_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.User{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go b/internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go new file mode 100755 index 0000000000..f3ed31a01a --- /dev/null +++ b/internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go @@ -0,0 +1,71 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package customermanagedpolicyattachment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles CustomerManagedPolicyAttachment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_customer_managed_policy_attachment"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.CustomerManagedPolicyAttachment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go b/internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go new file mode 100755 index 0000000000..adbdc3f699 --- /dev/null +++ b/internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go @@ -0,0 +1,71 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package instanceaccesscontrolattributes + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles InstanceAccessControlAttributes managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.InstanceAccessControlAttributes_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.InstanceAccessControlAttributes_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.InstanceAccessControlAttributes_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_instance_access_control_attributes"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.InstanceAccessControlAttributes_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.InstanceAccessControlAttributes_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.InstanceAccessControlAttributes{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go b/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go new file mode 100755 index 0000000000..e5cd2bcf2f --- /dev/null +++ b/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package permissionsboundaryattachment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles PermissionsBoundaryAttachment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.PermissionsBoundaryAttachment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_permissions_boundary_attachment"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.PermissionsBoundaryAttachment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_identitystore_setup.go b/internal/controller/zz_identitystore_setup.go new file mode 100755 index 0000000000..2521372801 --- /dev/null +++ b/internal/controller/zz_identitystore_setup.go @@ -0,0 +1,30 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/crossplane/upjet/pkg/controller" + + group "github.com/upbound/provider-aws/internal/controller/identitystore/group" + groupmembership "github.com/upbound/provider-aws/internal/controller/identitystore/groupmembership" + user "github.com/upbound/provider-aws/internal/controller/identitystore/user" +) + +// Setup_identitystore creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_identitystore(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + group.Setup, + groupmembership.Setup, + user.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index b17fc40859..6f879fb910 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -509,6 +509,9 @@ import ( userpolicyattachment "github.com/upbound/provider-aws/internal/controller/iam/userpolicyattachment" usersshkey "github.com/upbound/provider-aws/internal/controller/iam/usersshkey" virtualmfadevice "github.com/upbound/provider-aws/internal/controller/iam/virtualmfadevice" + groupidentitystore "github.com/upbound/provider-aws/internal/controller/identitystore/group" + groupmembershipidentitystore "github.com/upbound/provider-aws/internal/controller/identitystore/groupmembership" + useridentitystore "github.com/upbound/provider-aws/internal/controller/identitystore/user" component "github.com/upbound/provider-aws/internal/controller/imagebuilder/component" containerrecipe "github.com/upbound/provider-aws/internal/controller/imagebuilder/containerrecipe" distributionconfiguration "github.com/upbound/provider-aws/internal/controller/imagebuilder/distributionconfiguration" @@ -881,7 +884,10 @@ import ( resourcedatasync "github.com/upbound/provider-aws/internal/controller/ssm/resourcedatasync" servicesetting "github.com/upbound/provider-aws/internal/controller/ssm/servicesetting" accountassignment "github.com/upbound/provider-aws/internal/controller/ssoadmin/accountassignment" + customermanagedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/customermanagedpolicyattachment" + instanceaccesscontrolattributes "github.com/upbound/provider-aws/internal/controller/ssoadmin/instanceaccesscontrolattributes" managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionsboundaryattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsboundaryattachment" permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" domainswf "github.com/upbound/provider-aws/internal/controller/swf/domain" @@ -1431,6 +1437,9 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { userpolicyattachment.Setup, usersshkey.Setup, virtualmfadevice.Setup, + groupidentitystore.Setup, + groupmembershipidentitystore.Setup, + useridentitystore.Setup, component.Setup, containerrecipe.Setup, distributionconfiguration.Setup, @@ -1803,7 +1812,10 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { resourcedatasync.Setup, servicesetting.Setup, accountassignment.Setup, + customermanagedpolicyattachment.Setup, + instanceaccesscontrolattributes.Setup, managedpolicyattachment.Setup, + permissionsboundaryattachment.Setup, permissionset.Setup, permissionsetinlinepolicy.Setup, domainswf.Setup, diff --git a/internal/controller/zz_ssoadmin_setup.go b/internal/controller/zz_ssoadmin_setup.go index 508d582359..b5876d4c22 100755 --- a/internal/controller/zz_ssoadmin_setup.go +++ b/internal/controller/zz_ssoadmin_setup.go @@ -10,7 +10,10 @@ import ( "github.com/crossplane/upjet/pkg/controller" accountassignment "github.com/upbound/provider-aws/internal/controller/ssoadmin/accountassignment" + customermanagedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/customermanagedpolicyattachment" + instanceaccesscontrolattributes "github.com/upbound/provider-aws/internal/controller/ssoadmin/instanceaccesscontrolattributes" managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionsboundaryattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsboundaryattachment" permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" ) @@ -20,7 +23,10 @@ import ( func Setup_ssoadmin(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ accountassignment.Setup, + customermanagedpolicyattachment.Setup, + instanceaccesscontrolattributes.Setup, managedpolicyattachment.Setup, + permissionsboundaryattachment.Setup, permissionset.Setup, permissionsetinlinepolicy.Setup, } { diff --git a/package/crds/identitystore.aws.upbound.io_groupmemberships.yaml b/package/crds/identitystore.aws.upbound.io_groupmemberships.yaml new file mode 100644 index 0000000000..657a03591a --- /dev/null +++ b/package/crds/identitystore.aws.upbound.io_groupmemberships.yaml @@ -0,0 +1,474 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: groupmemberships.identitystore.aws.upbound.io +spec: + group: identitystore.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: GroupMembership + listKind: GroupMembershipList + plural: groupmemberships + singular: groupmembership + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GroupMembership is the Schema for the GroupMemberships API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GroupMembershipSpec defines the desired state of GroupMembership + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + groupId: + description: The identifier for a group in the Identity Store. + type: string + groupIdRef: + description: Reference to a Group in identitystore to populate + groupId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + groupIdSelector: + description: Selector for a Group in identitystore to populate + groupId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + identityStoreId: + description: Identity Store ID associated with the Single Sign-On + Instance. + type: string + memberId: + description: The identifier for a user in the Identity Store. + type: string + memberIdRef: + description: Reference to a User in identitystore to populate + memberId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + memberIdSelector: + description: Selector for a User in identitystore to populate + memberId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - identityStoreId + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: GroupMembershipStatus defines the observed state of GroupMembership. + properties: + atProvider: + properties: + groupId: + description: The identifier for a group in the Identity Store. + type: string + id: + type: string + identityStoreId: + description: Identity Store ID associated with the Single Sign-On + Instance. + type: string + memberId: + description: The identifier for a user in the Identity Store. + type: string + membershipId: + description: The identifier of the newly created group membership + in the Identity Store. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/identitystore.aws.upbound.io_groups.yaml b/package/crds/identitystore.aws.upbound.io_groups.yaml new file mode 100644 index 0000000000..f9095161ea --- /dev/null +++ b/package/crds/identitystore.aws.upbound.io_groups.yaml @@ -0,0 +1,346 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: groups.identitystore.aws.upbound.io +spec: + group: identitystore.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: Group + listKind: GroupList + plural: groups + singular: group + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Group is the Schema for the Groups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GroupSpec defines the desired state of Group + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + description: + description: A string containing the description of the group. + type: string + displayName: + description: A string containing the name of the group. This value + is commonly displayed when the group is referenced. + type: string + identityStoreId: + description: The globally unique identifier for the identity store. + type: string + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - displayName + - identityStoreId + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + description: + description: A string containing the description of the group. + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: GroupStatus defines the observed state of Group. + properties: + atProvider: + properties: + description: + description: A string containing the description of the group. + type: string + displayName: + description: A string containing the name of the group. This value + is commonly displayed when the group is referenced. + type: string + externalIds: + description: A list of external IDs that contains the identifiers + issued to this resource by an external identity provider. See + External IDs below. + items: + properties: + id: + description: The identifier issued to this resource by an + external identity provider. + type: string + issuer: + description: The issuer for an external identifier. + type: string + type: object + type: array + groupId: + description: The identifier of the newly created group in the + identity store. + type: string + id: + description: The identifier issued to this resource by an external + identity provider. + type: string + identityStoreId: + description: The globally unique identifier for the identity store. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/identitystore.aws.upbound.io_users.yaml b/package/crds/identitystore.aws.upbound.io_users.yaml new file mode 100644 index 0000000000..64bd48f25b --- /dev/null +++ b/package/crds/identitystore.aws.upbound.io_users.yaml @@ -0,0 +1,713 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: users.identitystore.aws.upbound.io +spec: + group: identitystore.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: User + listKind: UserList + plural: users + singular: user + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: User is the Schema for the Users API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: UserSpec defines the desired state of User + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + addresses: + description: Details about the user's address. At most 1 address + is allowed. Detailed below. + items: + properties: + country: + description: The country that this address is in. + type: string + formatted: + description: The name that is typically displayed when the + address is shown for display. + type: string + locality: + description: The address locality. + type: string + postalCode: + description: The postal code of the address. + type: string + primary: + description: When true, this is the primary address associated + with the user. + type: boolean + region: + description: The region of the address. + type: string + streetAddress: + description: The street of the address. + type: string + type: + description: The type of address. + type: string + type: object + type: array + displayName: + description: The name that is typically displayed when the user + is referenced. + type: string + emails: + description: Details about the user's email. At most 1 email is + allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary email associated + with the user. + type: boolean + type: + description: The type of email. + type: string + value: + description: The email address. This value must be unique + across the identity store. + type: string + type: object + type: array + identityStoreId: + description: The globally unique identifier for the identity store + that this user is in. + type: string + locale: + description: The user's geographical region or location. + type: string + name: + description: Details about the user's full name. Detailed below. + items: + properties: + familyName: + description: The family name of the user. + type: string + formatted: + description: The name that is typically displayed when the + name is shown for display. + type: string + givenName: + description: The given name of the user. + type: string + honorificPrefix: + description: The honorific prefix of the user. + type: string + honorificSuffix: + description: The honorific suffix of the user. + type: string + middleName: + description: The middle name of the user. + type: string + type: object + type: array + nickname: + description: An alternate name for the user. + type: string + phoneNumbers: + description: Details about the user's phone number. At most 1 + phone number is allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary phone number + associated with the user. + type: boolean + type: + description: The type of phone number. + type: string + value: + description: The user's phone number. + type: string + type: object + type: array + preferredLanguage: + description: The preferred language of the user. + type: string + profileUrl: + description: An URL that may be associated with the user. + type: string + region: + description: The region of the address. Region is the region you'd + like your resource to be created in. + type: string + timezone: + description: The user's time zone. + type: string + title: + description: The user's title. + type: string + userName: + description: A unique string used to identify the user. This value + can consist of letters, accented characters, symbols, numbers, + and punctuation. This value is specified at the time the user + is created and stored as an attribute of the user object in + the identity store. The limit is 128 characters. + type: string + userType: + description: The user type. + type: string + required: + - identityStoreId + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + addresses: + description: Details about the user's address. At most 1 address + is allowed. Detailed below. + items: + properties: + country: + description: The country that this address is in. + type: string + formatted: + description: The name that is typically displayed when the + address is shown for display. + type: string + locality: + description: The address locality. + type: string + postalCode: + description: The postal code of the address. + type: string + primary: + description: When true, this is the primary address associated + with the user. + type: boolean + streetAddress: + description: The street of the address. + type: string + type: + description: The type of address. + type: string + type: object + type: array + displayName: + description: The name that is typically displayed when the user + is referenced. + type: string + emails: + description: Details about the user's email. At most 1 email is + allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary email associated + with the user. + type: boolean + type: + description: The type of email. + type: string + value: + description: The email address. This value must be unique + across the identity store. + type: string + type: object + type: array + locale: + description: The user's geographical region or location. + type: string + name: + description: Details about the user's full name. Detailed below. + items: + properties: + familyName: + description: The family name of the user. + type: string + formatted: + description: The name that is typically displayed when the + name is shown for display. + type: string + givenName: + description: The given name of the user. + type: string + honorificPrefix: + description: The honorific prefix of the user. + type: string + honorificSuffix: + description: The honorific suffix of the user. + type: string + middleName: + description: The middle name of the user. + type: string + type: object + type: array + nickname: + description: An alternate name for the user. + type: string + phoneNumbers: + description: Details about the user's phone number. At most 1 + phone number is allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary phone number + associated with the user. + type: boolean + type: + description: The type of phone number. + type: string + value: + description: The user's phone number. + type: string + type: object + type: array + preferredLanguage: + description: The preferred language of the user. + type: string + profileUrl: + description: An URL that may be associated with the user. + type: string + timezone: + description: The user's time zone. + type: string + title: + description: The user's title. + type: string + userName: + description: A unique string used to identify the user. This value + can consist of letters, accented characters, symbols, numbers, + and punctuation. This value is specified at the time the user + is created and stored as an attribute of the user object in + the identity store. The limit is 128 characters. + type: string + userType: + description: The user type. + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.displayName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) + || (has(self.initProvider) && has(self.initProvider.displayName))' + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' + - message: spec.forProvider.userName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.userName) + || (has(self.initProvider) && has(self.initProvider.userName))' + status: + description: UserStatus defines the observed state of User. + properties: + atProvider: + properties: + addresses: + description: Details about the user's address. At most 1 address + is allowed. Detailed below. + items: + properties: + country: + description: The country that this address is in. + type: string + formatted: + description: The name that is typically displayed when the + address is shown for display. + type: string + locality: + description: The address locality. + type: string + postalCode: + description: The postal code of the address. + type: string + primary: + description: When true, this is the primary address associated + with the user. + type: boolean + region: + description: The region of the address. + type: string + streetAddress: + description: The street of the address. + type: string + type: + description: The type of address. + type: string + type: object + type: array + displayName: + description: The name that is typically displayed when the user + is referenced. + type: string + emails: + description: Details about the user's email. At most 1 email is + allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary email associated + with the user. + type: boolean + type: + description: The type of email. + type: string + value: + description: The email address. This value must be unique + across the identity store. + type: string + type: object + type: array + externalIds: + description: A list of identifiers issued to this resource by + an external identity provider. + items: + properties: + id: + description: The identifier issued to this resource by an + external identity provider. + type: string + issuer: + description: The issuer for an external identifier. + type: string + type: object + type: array + id: + description: The identifier issued to this resource by an external + identity provider. + type: string + identityStoreId: + description: The globally unique identifier for the identity store + that this user is in. + type: string + locale: + description: The user's geographical region or location. + type: string + name: + description: Details about the user's full name. Detailed below. + items: + properties: + familyName: + description: The family name of the user. + type: string + formatted: + description: The name that is typically displayed when the + name is shown for display. + type: string + givenName: + description: The given name of the user. + type: string + honorificPrefix: + description: The honorific prefix of the user. + type: string + honorificSuffix: + description: The honorific suffix of the user. + type: string + middleName: + description: The middle name of the user. + type: string + type: object + type: array + nickname: + description: An alternate name for the user. + type: string + phoneNumbers: + description: Details about the user's phone number. At most 1 + phone number is allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary phone number + associated with the user. + type: boolean + type: + description: The type of phone number. + type: string + value: + description: The user's phone number. + type: string + type: object + type: array + preferredLanguage: + description: The preferred language of the user. + type: string + profileUrl: + description: An URL that may be associated with the user. + type: string + timezone: + description: The user's time zone. + type: string + title: + description: The user's title. + type: string + userId: + description: The identifier for this user in the identity store. + type: string + userName: + description: A unique string used to identify the user. This value + can consist of letters, accented characters, symbols, numbers, + and punctuation. This value is specified at the time the user + is created and stored as an attribute of the user object in + the identity store. The limit is 128 characters. + type: string + userType: + description: The user type. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml b/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml index 83fae35230..7e97f4ae1d 100644 --- a/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml +++ b/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml @@ -74,10 +74,163 @@ spec: description: The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to. type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object principalId: description: An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). + This can be set to the crossplane external-name of either a + Group or User in the identitystore api group, but the Ref and + Selector fields will only work with a Group. type: string + principalIdFromGroupRef: + description: Reference to a Group in identitystore to populate + principalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalIdFromGroupSelector: + description: Selector for a Group in identitystore to populate + principalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object principalType: description: 'The entity type for which the assignment will be created. Valid values: USER, GROUP.' @@ -96,8 +249,6 @@ spec: type: string required: - instanceArn - - permissionSetArn - - principalId - principalType - region - targetId @@ -294,6 +445,9 @@ spec: principalId: description: An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). + This can be set to the crossplane external-name of either a + Group or User in the identitystore api group, but the Ref and + Selector fields will only work with a Group. type: string principalType: description: 'The entity type for which the assignment will be diff --git a/package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml b/package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml new file mode 100644 index 0000000000..b388ef2660 --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml @@ -0,0 +1,522 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: customermanagedpolicyattachments.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: CustomerManagedPolicyAttachment + listKind: CustomerManagedPolicyAttachmentList + plural: customermanagedpolicyattachments + singular: customermanagedpolicyattachment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: CustomerManagedPolicyAttachment is the Schema for the CustomerManagedPolicyAttachments + API. Manages a customer managed policy for a Single Sign-On (SSO) Permission + Set + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CustomerManagedPolicyAttachmentSpec defines the desired state + of CustomerManagedPolicyAttachment + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy to + be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + policyNameRef: + description: Reference to a Policy in iam to populate name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is + 'Required', which means the reconcile will fail + if the reference cannot be resolved. 'Optional' + means this reference will be a no-op if it cannot + be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference only + when the corresponding field is not present. Use + 'Always' to resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + policyNameSelector: + description: Selector for a Policy in iam to populate name. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with + the same controller reference as the selecting object + is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is + 'Required', which means the reconcile will fail + if the reference cannot be resolved. 'Optional' + means this reference will be a no-op if it cannot + be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference only + when the corresponding field is not present. Use + 'Always' to resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - instanceArn + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.customerManagedPolicyReference is a required + parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.customerManagedPolicyReference) + || (has(self.initProvider) && has(self.initProvider.customerManagedPolicyReference))' + status: + description: CustomerManagedPolicyAttachmentStatus defines the observed + state of CustomerManagedPolicyAttachment. + properties: + atProvider: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy to + be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + id: + description: Policy Name, Policy Path, Permission Set Amazon Resource + Name (ARN), and SSO Instance ARN, each separated by a comma + (,). + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml b/package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml new file mode 100644 index 0000000000..5a2ec79c08 --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml @@ -0,0 +1,396 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: instanceaccesscontrolattributes.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: InstanceAccessControlAttributes + listKind: InstanceAccessControlAttributesList + plural: instanceaccesscontrolattributes + singular: instanceaccesscontrolattributes + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: 'InstanceAccessControlAttributes is the Schema for the InstanceAccessControlAttributess + API. Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InstanceAccessControlAttributesSpec defines the desired state + of InstanceAccessControlAttributes + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + attribute: + description: See AccessControlAttribute for more details. + items: + properties: + key: + description: The name of the attribute associated with your + identities in your identity source. This is used to map + a specified attribute in your identity source with an + attribute in AWS SSO. + type: string + value: + description: The value used for mapping a specified attribute + to an identity source. See AccessControlAttributeValue + items: + properties: + source: + description: The identity source to use when mapping + a specified attribute to AWS SSO. + items: + type: string + type: array + type: object + type: array + type: object + type: array + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance. + type: string + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - instanceArn + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + attribute: + description: See AccessControlAttribute for more details. + items: + properties: + key: + description: The name of the attribute associated with your + identities in your identity source. This is used to map + a specified attribute in your identity source with an + attribute in AWS SSO. + type: string + value: + description: The value used for mapping a specified attribute + to an identity source. See AccessControlAttributeValue + items: + properties: + source: + description: The identity source to use when mapping + a specified attribute to AWS SSO. + items: + type: string + type: array + type: object + type: array + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.attribute is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.attribute) + || (has(self.initProvider) && has(self.initProvider.attribute))' + status: + description: InstanceAccessControlAttributesStatus defines the observed + state of InstanceAccessControlAttributes. + properties: + atProvider: + properties: + attribute: + description: See AccessControlAttribute for more details. + items: + properties: + key: + description: The name of the attribute associated with your + identities in your identity source. This is used to map + a specified attribute in your identity source with an + attribute in AWS SSO. + type: string + value: + description: The value used for mapping a specified attribute + to an identity source. See AccessControlAttributeValue + items: + properties: + source: + description: The identity source to use when mapping + a specified attribute to AWS SSO. + items: + type: string + type: array + type: object + type: array + type: object + type: array + id: + description: The identifier of the Instance Access Control Attribute + instance_arn. + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance. + type: string + status: + type: string + statusReason: + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml b/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml new file mode 100644 index 0000000000..2f5889d2bc --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml @@ -0,0 +1,554 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: permissionsboundaryattachments.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: PermissionsBoundaryAttachment + listKind: PermissionsBoundaryAttachmentList + plural: permissionsboundaryattachments + singular: permissionsboundaryattachment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PermissionsBoundaryAttachment is the Schema for the PermissionsBoundaryAttachments + API. Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission + Set resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PermissionsBoundaryAttachmentSpec defines the desired state + of PermissionsBoundaryAttachment + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy + to be attached. + type: string + nameRef: + description: Reference to a Policy in iam to populate + name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether + resolution of this reference is required. + The default is 'Required', which means the + reconcile will fail if the reference cannot + be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference + only when the corresponding field is not + present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + nameSelector: + description: Selector for a Policy in iam to populate + name. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object + with the same controller reference as the selecting + object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether + resolution of this reference is required. + The default is 'Required', which means the + reconcile will fail if the reference cannot + be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference + only when the corresponding field is not + present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - instanceArn + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.permissionsBoundary is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.permissionsBoundary) + || (has(self.initProvider) && has(self.initProvider.permissionsBoundary))' + status: + description: PermissionsBoundaryAttachmentStatus defines the observed + state of PermissionsBoundaryAttachment. + properties: + atProvider: + properties: + id: + description: Permission Set Amazon Resource Name (ARN) and SSO + Instance ARN, separated by a comma (,). + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy + to be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} From aab2f0d547f06f57636736852095a886acbc91f9 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Wed, 6 Dec 2023 12:11:37 -0800 Subject: [PATCH 11/11] remove escaped $ because no-fork provider no longer allows them --- examples/ssoadmin/instanceaccesscontrolattributes.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/ssoadmin/instanceaccesscontrolattributes.yaml b/examples/ssoadmin/instanceaccesscontrolattributes.yaml index 0107fad73a..e704aa9d24 100644 --- a/examples/ssoadmin/instanceaccesscontrolattributes.yaml +++ b/examples/ssoadmin/instanceaccesscontrolattributes.yaml @@ -14,9 +14,9 @@ spec: - key: name value: - source: - - $${path:name.givenName} + - ${path:name.givenName} - key: last value: - source: - - $${path:name.familyName} + - ${path:name.familyName} region: us-east-1