diff --git a/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go b/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go index cca733d8e0..ae34950a70 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go +++ b/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go @@ -1032,11 +1032,6 @@ func (in *PermissionSetInitParameters) DeepCopyInto(out *PermissionSetInitParame *out = new(string) **out = **in } - if in.InstanceArn != nil { - in, out := &in.InstanceArn, &out.InstanceArn - *out = new(string) - **out = **in - } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -1499,6 +1494,377 @@ func (in *PermissionSetStatus) DeepCopy() *PermissionSetStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachment) DeepCopyInto(out *PermissionsBoundaryAttachment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachment. +func (in *PermissionsBoundaryAttachment) DeepCopy() *PermissionsBoundaryAttachment { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionsBoundaryAttachment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentInitParameters) DeepCopyInto(out *PermissionsBoundaryAttachmentInitParameters) { + *out = *in + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentInitParameters. +func (in *PermissionsBoundaryAttachmentInitParameters) DeepCopy() *PermissionsBoundaryAttachmentInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentList) DeepCopyInto(out *PermissionsBoundaryAttachmentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionsBoundaryAttachment, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentList. +func (in *PermissionsBoundaryAttachmentList) DeepCopy() *PermissionsBoundaryAttachmentList { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionsBoundaryAttachmentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentObservation) DeepCopyInto(out *PermissionsBoundaryAttachmentObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentObservation. +func (in *PermissionsBoundaryAttachmentObservation) DeepCopy() *PermissionsBoundaryAttachmentObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentParameters) DeepCopyInto(out *PermissionsBoundaryAttachmentParameters) { + *out = *in + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.InstanceArnRef != nil { + in, out := &in.InstanceArnRef, &out.InstanceArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.InstanceArnSelector != nil { + in, out := &in.InstanceArnSelector, &out.InstanceArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentParameters. +func (in *PermissionsBoundaryAttachmentParameters) DeepCopy() *PermissionsBoundaryAttachmentParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentSpec) DeepCopyInto(out *PermissionsBoundaryAttachmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentSpec. +func (in *PermissionsBoundaryAttachmentSpec) DeepCopy() *PermissionsBoundaryAttachmentSpec { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentStatus) DeepCopyInto(out *PermissionsBoundaryAttachmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentStatus. +func (in *PermissionsBoundaryAttachmentStatus) DeepCopy() *PermissionsBoundaryAttachmentStatus { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceObservation. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.NameRef != nil { + in, out := &in.NameRef, &out.NameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NameSelector != nil { + in, out := &in.NameSelector, &out.NameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceParameters. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryInitParameters) DeepCopyInto(out *PermissionsBoundaryInitParameters) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryInitParameters. +func (in *PermissionsBoundaryInitParameters) DeepCopy() *PermissionsBoundaryInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryObservation) DeepCopyInto(out *PermissionsBoundaryObservation) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryObservation. +func (in *PermissionsBoundaryObservation) DeepCopy() *PermissionsBoundaryObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryParameters) DeepCopyInto(out *PermissionsBoundaryParameters) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryParameters. +func (in *PermissionsBoundaryParameters) DeepCopy() *PermissionsBoundaryParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ValueInitParameters) DeepCopyInto(out *ValueInitParameters) { *out = *in diff --git a/apis/ssoadmin/v1beta1/zz_generated.managed.go b/apis/ssoadmin/v1beta1/zz_generated.managed.go index 96d3931678..d468a8a60c 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.managed.go +++ b/apis/ssoadmin/v1beta1/zz_generated.managed.go @@ -366,3 +366,63 @@ func (mg *PermissionSetInlinePolicy) SetPublishConnectionDetailsTo(r *xpv1.Publi func (mg *PermissionSetInlinePolicy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.managedlist.go b/apis/ssoadmin/v1beta1/zz_generated.managedlist.go index 2328f35981..a59fae04fa 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.managedlist.go +++ b/apis/ssoadmin/v1beta1/zz_generated.managedlist.go @@ -60,3 +60,12 @@ func (l *PermissionSetList) GetItems() []resource.Managed { } return items } + +// GetItems of this PermissionsBoundaryAttachmentList. +func (l *PermissionsBoundaryAttachmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.resolvers.go b/apis/ssoadmin/v1beta1/zz_generated.resolvers.go index 0dca6b1388..84384c1451 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.resolvers.go +++ b/apis/ssoadmin/v1beta1/zz_generated.resolvers.go @@ -185,3 +185,66 @@ func (mg *PermissionSetInlinePolicy) ResolveReferences(ctx context.Context, c cl return nil } + +// ResolveReferences of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.InstanceArn), + Extract: resource.ExtractParamPath("instance_arn", false), + Reference: mg.Spec.ForProvider.InstanceArnRef, + Selector: mg.Spec.ForProvider.InstanceArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.InstanceArn") + } + mg.Spec.ForProvider.InstanceArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.InstanceArnRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: resource.ExtractParamPath("arn", true), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + for i3 := 0; i3 < len(mg.Spec.ForProvider.PermissionsBoundary); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference); i4++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameRef, + Selector: mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameSelector, + To: reference.To{ + List: &v1beta11.PolicyList{}, + Managed: &v1beta11.Policy{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name") + } + mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameRef = rsp.ResolvedReference + + } + } + + return nil +} diff --git a/apis/ssoadmin/v1beta1/zz_generated_terraformed.go b/apis/ssoadmin/v1beta1/zz_generated_terraformed.go index b39a18a412..1adeb2b30d 100755 --- a/apis/ssoadmin/v1beta1/zz_generated_terraformed.go +++ b/apis/ssoadmin/v1beta1/zz_generated_terraformed.go @@ -520,3 +520,87 @@ func (tr *PermissionSetInlinePolicy) LateInitialize(attrs []byte) (bool, error) func (tr *PermissionSetInlinePolicy) GetTerraformSchemaVersion() int { return 0 } + +// GetTerraformResourceType returns Terraform resource type for this PermissionsBoundaryAttachment +func (mg *PermissionsBoundaryAttachment) GetTerraformResourceType() string { + return "aws_ssoadmin_permissions_boundary_attachment" +} + +// GetConnectionDetailsMapping for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// LateInitialize this PermissionsBoundaryAttachment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *PermissionsBoundaryAttachment) LateInitialize(attrs []byte) (bool, error) { + params := &PermissionsBoundaryAttachmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *PermissionsBoundaryAttachment) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go b/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go new file mode 100755 index 0000000000..bfeb4d2060 --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go @@ -0,0 +1,204 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type PermissionsBoundaryAttachmentInitParameters struct { + + // The permissions boundary policy. See below. + PermissionsBoundary []PermissionsBoundaryInitParameters `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` +} + +type PermissionsBoundaryAttachmentObservation struct { + + // Permission Set Amazon Resource Name (ARN) and SSO Instance ARN, separated by a comma (,). + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // The permissions boundary policy. See below. + PermissionsBoundary []PermissionsBoundaryObservation `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` +} + +type PermissionsBoundaryAttachmentParameters struct { + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("instance_arn",false) + // +kubebuilder:validation:Optional + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + // Reference to a PermissionSet in ssoadmin to populate instanceArn. + // +kubebuilder:validation:Optional + InstanceArnRef *v1.Reference `json:"instanceArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate instanceArn. + // +kubebuilder:validation:Optional + InstanceArnSelector *v1.Selector `json:"instanceArnSelector,omitempty" tf:"-"` + + // The Amazon Resource Name (ARN) of the Permission Set. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("arn",true) + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // The permissions boundary policy. See below. + // +kubebuilder:validation:Optional + PermissionsBoundary []PermissionsBoundaryParameters `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters struct { + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceObservation struct { + + // Name of the customer managed IAM Policy to be attached. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceParameters struct { + + // Name of the customer managed IAM Policy to be attached. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Policy + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Reference to a Policy in iam to populate name. + // +kubebuilder:validation:Optional + NameRef *v1.Reference `json:"nameRef,omitempty" tf:"-"` + + // Selector for a Policy in iam to populate name. + // +kubebuilder:validation:Optional + NameSelector *v1.Selector `json:"nameSelector,omitempty" tf:"-"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryInitParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +type PermissionsBoundaryObservation struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceObservation `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +type PermissionsBoundaryParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + // +kubebuilder:validation:Optional + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + // +kubebuilder:validation:Optional + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +// PermissionsBoundaryAttachmentSpec defines the desired state of PermissionsBoundaryAttachment +type PermissionsBoundaryAttachmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider PermissionsBoundaryAttachmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider PermissionsBoundaryAttachmentInitParameters `json:"initProvider,omitempty"` +} + +// PermissionsBoundaryAttachmentStatus defines the observed state of PermissionsBoundaryAttachment. +type PermissionsBoundaryAttachmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider PermissionsBoundaryAttachmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// PermissionsBoundaryAttachment is the Schema for the PermissionsBoundaryAttachments API. Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission Set resource. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type PermissionsBoundaryAttachment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permissionsBoundary) || (has(self.initProvider) && has(self.initProvider.permissionsBoundary))",message="spec.forProvider.permissionsBoundary is a required parameter" + Spec PermissionsBoundaryAttachmentSpec `json:"spec"` + Status PermissionsBoundaryAttachmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// PermissionsBoundaryAttachmentList contains a list of PermissionsBoundaryAttachments +type PermissionsBoundaryAttachmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PermissionsBoundaryAttachment `json:"items"` +} + +// Repository type metadata. +var ( + PermissionsBoundaryAttachment_Kind = "PermissionsBoundaryAttachment" + PermissionsBoundaryAttachment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: PermissionsBoundaryAttachment_Kind}.String() + PermissionsBoundaryAttachment_KindAPIVersion = PermissionsBoundaryAttachment_Kind + "." + CRDGroupVersion.String() + PermissionsBoundaryAttachment_GroupVersionKind = CRDGroupVersion.WithKind(PermissionsBoundaryAttachment_Kind) +) + +func init() { + SchemeBuilder.Register(&PermissionsBoundaryAttachment{}, &PermissionsBoundaryAttachmentList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_permissionset_types.go b/apis/ssoadmin/v1beta1/zz_permissionset_types.go index d56e2c57d8..82615fd935 100755 --- a/apis/ssoadmin/v1beta1/zz_permissionset_types.go +++ b/apis/ssoadmin/v1beta1/zz_permissionset_types.go @@ -22,9 +22,6 @@ type PermissionSetInitParameters struct { // The description of the Permission Set. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. - InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` - // The name of the Permission Set. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -78,8 +75,8 @@ type PermissionSetParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. - // +kubebuilder:validation:Optional - InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` // The name of the Permission Set. // +kubebuilder:validation:Optional @@ -138,7 +135,6 @@ type PermissionSetStatus struct { type PermissionSet struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.instanceArn) || (has(self.initProvider) && has(self.initProvider.instanceArn))",message="spec.forProvider.instanceArn is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" Spec PermissionSetSpec `json:"spec"` Status PermissionSetStatus `json:"status,omitempty"` diff --git a/config/generated.lst b/config/generated.lst index 3ceb73e0fb..388597c0ec 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_identitystore_group","aws_identitystore_group_membership","aws_identitystore_user","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_mq_broker","aws_mq_configuration","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_customer_managed_policy_attachment","aws_ssoadmin_instance_access_control_attributes","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file +["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_identitystore_group","aws_identitystore_group_membership","aws_identitystore_user","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_mq_broker","aws_mq_configuration","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_customer_managed_policy_attachment","aws_ssoadmin_instance_access_control_attributes","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_ssoadmin_permissions_boundary_attachment","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file diff --git a/examples-generated/ssoadmin/permissionsboundaryattachment.yaml b/examples-generated/ssoadmin/permissionsboundaryattachment.yaml new file mode 100644 index 0000000000..d0a52a0f11 --- /dev/null +++ b/examples-generated/ssoadmin/permissionsboundaryattachment.yaml @@ -0,0 +1,66 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionsBoundaryAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArnSelector: + matchLabels: + testing.upbound.io/example-name: example + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: example + permissionsBoundary: + - customerManagedPolicyReference: + - nameSelector: + matchLabels: + testing.upbound.io/example-name: example + path: / + region: us-west-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: My test policy + policy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "ec2:Describe*", + ] + Effect = "Allow" + Resource = "*" + }, + ] + })} + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + name: Example + region: us-west-1 diff --git a/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go b/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go new file mode 100755 index 0000000000..8ba3c30400 --- /dev/null +++ b/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go @@ -0,0 +1,66 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package permissionsboundaryattachment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/terraform" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles PermissionsBoundaryAttachment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.PermissionsBoundaryAttachment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_permissions_boundary_attachment"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithConnectorEventHandler(eventHandler), + tjcontroller.WithCallbackProvider(ac), + )), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.PermissionsBoundaryAttachment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go b/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go index cc2c283ba4..5ab6dc290a 100755 --- a/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go +++ b/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go @@ -31,7 +31,6 @@ import ( func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { name := managed.ControllerName(v1beta1.PermissionSetInlinePolicy_GroupVersionKind.String()) var initializers managed.InitializerChain - initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index a0fa9d36a6..6c0fb9960b 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -886,6 +886,7 @@ import ( customermanagedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/customermanagedpolicyattachment" instanceaccesscontrolattributes "github.com/upbound/provider-aws/internal/controller/ssoadmin/instanceaccesscontrolattributes" managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionsboundaryattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsboundaryattachment" permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" domainswf "github.com/upbound/provider-aws/internal/controller/swf/domain" @@ -1812,6 +1813,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { customermanagedpolicyattachment.Setup, instanceaccesscontrolattributes.Setup, managedpolicyattachment.Setup, + permissionsboundaryattachment.Setup, permissionset.Setup, permissionsetinlinepolicy.Setup, domainswf.Setup, diff --git a/internal/controller/zz_ssoadmin_setup.go b/internal/controller/zz_ssoadmin_setup.go index a6b8356767..b5876d4c22 100755 --- a/internal/controller/zz_ssoadmin_setup.go +++ b/internal/controller/zz_ssoadmin_setup.go @@ -13,6 +13,7 @@ import ( customermanagedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/customermanagedpolicyattachment" instanceaccesscontrolattributes "github.com/upbound/provider-aws/internal/controller/ssoadmin/instanceaccesscontrolattributes" managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionsboundaryattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsboundaryattachment" permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" ) @@ -25,6 +26,7 @@ func Setup_ssoadmin(mgr ctrl.Manager, o controller.Options) error { customermanagedpolicyattachment.Setup, instanceaccesscontrolattributes.Setup, managedpolicyattachment.Setup, + permissionsboundaryattachment.Setup, permissionset.Setup, permissionsetinlinepolicy.Setup, } { diff --git a/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml b/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml new file mode 100644 index 0000000000..e2fcf81aa9 --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml @@ -0,0 +1,628 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: permissionsboundaryattachments.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: PermissionsBoundaryAttachment + listKind: PermissionsBoundaryAttachmentList + plural: permissionsboundaryattachments + singular: permissionsboundaryattachment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PermissionsBoundaryAttachment is the Schema for the PermissionsBoundaryAttachments + API. Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission + Set resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PermissionsBoundaryAttachmentSpec defines the desired state + of PermissionsBoundaryAttachment + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + instanceArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + instanceArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + instanceArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + instanceArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy + to be attached. + type: string + nameRef: + description: Reference to a Policy in iam to populate + name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether + resolution of this reference is required. + The default is 'Required', which means the + reconcile will fail if the reference cannot + be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference + only when the corresponding field is not + present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + nameSelector: + description: Selector for a Policy in iam to populate + name. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object + with the same controller reference as the selecting + object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether + resolution of this reference is required. + The default is 'Required', which means the + reconcile will fail if the reference cannot + be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference + only when the corresponding field is not + present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.permissionsBoundary is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.permissionsBoundary) + || (has(self.initProvider) && has(self.initProvider.permissionsBoundary))' + status: + description: PermissionsBoundaryAttachmentStatus defines the observed + state of PermissionsBoundaryAttachment. + properties: + atProvider: + properties: + id: + description: Permission Set Amazon Resource Name (ARN) and SSO + Instance ARN, separated by a comma (,). + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy + to be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_permissionsets.yaml b/package/crds/ssoadmin.aws.upbound.io_permissionsets.yaml index fffd442e09..f2f5287db2 100644 --- a/package/crds/ssoadmin.aws.upbound.io_permissionsets.yaml +++ b/package/crds/ssoadmin.aws.upbound.io_permissionsets.yaml @@ -95,6 +95,7 @@ spec: description: Key-value map of resource tags. type: object required: + - instanceArn - region type: object initProvider: @@ -112,10 +113,6 @@ spec: description: description: The description of the Permission Set. type: string - instanceArn: - description: The Amazon Resource Name (ARN) of the SSO Instance - under which the operation will be executed. - type: string name: description: The name of the Permission Set. type: string @@ -294,10 +291,6 @@ spec: - forProvider type: object x-kubernetes-validations: - - message: spec.forProvider.instanceArn is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.instanceArn) - || (has(self.initProvider) && has(self.initProvider.instanceArn))' - message: spec.forProvider.name is a required parameter rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.name)