diff --git a/apis/opensearch/v1beta1/zz_domain_types.go b/apis/opensearch/v1beta1/zz_domain_types.go index 578ff0501b..a919186f6d 100755 --- a/apis/opensearch/v1beta1/zz_domain_types.go +++ b/apis/opensearch/v1beta1/zz_domain_types.go @@ -675,7 +675,17 @@ type EncryptAtRestInitParameters struct { Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` // KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/kms/v1beta1.Key + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.ARNExtractor() KMSKeyID *string `json:"kmsKeyId,omitempty" tf:"kms_key_id,omitempty"` + + // Reference to a Key in kms to populate kmsKeyId. + // +kubebuilder:validation:Optional + KMSKeyIDRef *v1.Reference `json:"kmsKeyIdRef,omitempty" tf:"-"` + + // Selector for a Key in kms to populate kmsKeyId. + // +kubebuilder:validation:Optional + KMSKeyIDSelector *v1.Selector `json:"kmsKeyIdSelector,omitempty" tf:"-"` } type EncryptAtRestObservation struct { @@ -694,8 +704,18 @@ type EncryptAtRestParameters struct { Enabled *bool `json:"enabled" tf:"enabled,omitempty"` // KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the aws/es service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/kms/v1beta1.Key + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.ARNExtractor() // +kubebuilder:validation:Optional KMSKeyID *string `json:"kmsKeyId,omitempty" tf:"kms_key_id,omitempty"` + + // Reference to a Key in kms to populate kmsKeyId. + // +kubebuilder:validation:Optional + KMSKeyIDRef *v1.Reference `json:"kmsKeyIdRef,omitempty" tf:"-"` + + // Selector for a Key in kms to populate kmsKeyId. + // +kubebuilder:validation:Optional + KMSKeyIDSelector *v1.Selector `json:"kmsKeyIdSelector,omitempty" tf:"-"` } type LogPublishingOptionsInitParameters struct { @@ -936,11 +956,33 @@ type SoftwareUpdateOptionsParameters struct { type VPCOptionsInitParameters struct { + // References to SecurityGroup in ec2 to populate securityGroupIds. + // +kubebuilder:validation:Optional + SecurityGroupIDRefs []v1.Reference `json:"securityGroupIdRefs,omitempty" tf:"-"` + + // Selector for a list of SecurityGroup in ec2 to populate securityGroupIds. + // +kubebuilder:validation:Optional + SecurityGroupIDSelector *v1.Selector `json:"securityGroupIdSelector,omitempty" tf:"-"` + // List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ec2/v1beta1.SecurityGroup + // +crossplane:generate:reference:refFieldName=SecurityGroupIDRefs + // +crossplane:generate:reference:selectorFieldName=SecurityGroupIDSelector // +listType=set SecurityGroupIds []*string `json:"securityGroupIds,omitempty" tf:"security_group_ids,omitempty"` + // References to Subnet in ec2 to populate subnetIds. + // +kubebuilder:validation:Optional + SubnetIDRefs []v1.Reference `json:"subnetIdRefs,omitempty" tf:"-"` + + // Selector for a list of Subnet in ec2 to populate subnetIds. + // +kubebuilder:validation:Optional + SubnetIDSelector *v1.Selector `json:"subnetIdSelector,omitempty" tf:"-"` + // List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ec2/v1beta1.Subnet + // +crossplane:generate:reference:refFieldName=SubnetIDRefs + // +crossplane:generate:reference:selectorFieldName=SubnetIDSelector // +listType=set SubnetIds []*string `json:"subnetIds,omitempty" tf:"subnet_ids,omitempty"` } @@ -965,12 +1007,34 @@ type VPCOptionsObservation struct { type VPCOptionsParameters struct { + // References to SecurityGroup in ec2 to populate securityGroupIds. + // +kubebuilder:validation:Optional + SecurityGroupIDRefs []v1.Reference `json:"securityGroupIdRefs,omitempty" tf:"-"` + + // Selector for a list of SecurityGroup in ec2 to populate securityGroupIds. + // +kubebuilder:validation:Optional + SecurityGroupIDSelector *v1.Selector `json:"securityGroupIdSelector,omitempty" tf:"-"` + // List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ec2/v1beta1.SecurityGroup + // +crossplane:generate:reference:refFieldName=SecurityGroupIDRefs + // +crossplane:generate:reference:selectorFieldName=SecurityGroupIDSelector // +kubebuilder:validation:Optional // +listType=set SecurityGroupIds []*string `json:"securityGroupIds,omitempty" tf:"security_group_ids,omitempty"` + // References to Subnet in ec2 to populate subnetIds. + // +kubebuilder:validation:Optional + SubnetIDRefs []v1.Reference `json:"subnetIdRefs,omitempty" tf:"-"` + + // Selector for a list of Subnet in ec2 to populate subnetIds. + // +kubebuilder:validation:Optional + SubnetIDSelector *v1.Selector `json:"subnetIdSelector,omitempty" tf:"-"` + // List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ec2/v1beta1.Subnet + // +crossplane:generate:reference:refFieldName=SubnetIDRefs + // +crossplane:generate:reference:selectorFieldName=SubnetIDSelector // +kubebuilder:validation:Optional // +listType=set SubnetIds []*string `json:"subnetIds,omitempty" tf:"subnet_ids,omitempty"` diff --git a/apis/opensearch/v1beta1/zz_generated.deepcopy.go b/apis/opensearch/v1beta1/zz_generated.deepcopy.go index d7b1c8dde7..6783a286f4 100644 --- a/apis/opensearch/v1beta1/zz_generated.deepcopy.go +++ b/apis/opensearch/v1beta1/zz_generated.deepcopy.go @@ -1963,6 +1963,16 @@ func (in *EncryptAtRestInitParameters) DeepCopyInto(out *EncryptAtRestInitParame *out = new(string) **out = **in } + if in.KMSKeyIDRef != nil { + in, out := &in.KMSKeyIDRef, &out.KMSKeyIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.KMSKeyIDSelector != nil { + in, out := &in.KMSKeyIDSelector, &out.KMSKeyIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptAtRestInitParameters. @@ -2013,6 +2023,16 @@ func (in *EncryptAtRestParameters) DeepCopyInto(out *EncryptAtRestParameters) { *out = new(string) **out = **in } + if in.KMSKeyIDRef != nil { + in, out := &in.KMSKeyIDRef, &out.KMSKeyIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.KMSKeyIDSelector != nil { + in, out := &in.KMSKeyIDSelector, &out.KMSKeyIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptAtRestParameters. @@ -2872,6 +2892,18 @@ func (in *SoftwareUpdateOptionsParameters) DeepCopy() *SoftwareUpdateOptionsPara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCOptionsInitParameters) DeepCopyInto(out *VPCOptionsInitParameters) { *out = *in + if in.SecurityGroupIDRefs != nil { + in, out := &in.SecurityGroupIDRefs, &out.SecurityGroupIDRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecurityGroupIDSelector != nil { + in, out := &in.SecurityGroupIDSelector, &out.SecurityGroupIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SecurityGroupIds != nil { in, out := &in.SecurityGroupIds, &out.SecurityGroupIds *out = make([]*string, len(*in)) @@ -2883,6 +2915,18 @@ func (in *VPCOptionsInitParameters) DeepCopyInto(out *VPCOptionsInitParameters) } } } + if in.SubnetIDRefs != nil { + in, out := &in.SubnetIDRefs, &out.SubnetIDRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SubnetIDSelector != nil { + in, out := &in.SubnetIDSelector, &out.SubnetIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SubnetIds != nil { in, out := &in.SubnetIds, &out.SubnetIds *out = make([]*string, len(*in)) @@ -2962,6 +3006,18 @@ func (in *VPCOptionsObservation) DeepCopy() *VPCOptionsObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCOptionsParameters) DeepCopyInto(out *VPCOptionsParameters) { *out = *in + if in.SecurityGroupIDRefs != nil { + in, out := &in.SecurityGroupIDRefs, &out.SecurityGroupIDRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecurityGroupIDSelector != nil { + in, out := &in.SecurityGroupIDSelector, &out.SecurityGroupIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SecurityGroupIds != nil { in, out := &in.SecurityGroupIds, &out.SecurityGroupIds *out = make([]*string, len(*in)) @@ -2973,6 +3029,18 @@ func (in *VPCOptionsParameters) DeepCopyInto(out *VPCOptionsParameters) { } } } + if in.SubnetIDRefs != nil { + in, out := &in.SubnetIDRefs, &out.SubnetIDRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SubnetIDSelector != nil { + in, out := &in.SubnetIDSelector, &out.SubnetIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SubnetIds != nil { in, out := &in.SubnetIds, &out.SubnetIds *out = make([]*string, len(*in)) diff --git a/apis/opensearch/v1beta1/zz_generated.resolvers.go b/apis/opensearch/v1beta1/zz_generated.resolvers.go index 0c39570210..b47b8a5291 100644 --- a/apis/opensearch/v1beta1/zz_generated.resolvers.go +++ b/apis/opensearch/v1beta1/zz_generated.resolvers.go @@ -13,6 +13,7 @@ import ( errors "github.com/pkg/errors" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + common "github.com/upbound/provider-aws/config/common" client "sigs.k8s.io/controller-runtime/pkg/client" // ResolveReferences of this Domain. @@ -25,8 +26,30 @@ func (mg *Domain) ResolveReferences(ctx context.Context, c client.Reader) error r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse + var mrsp reference.MultiResolutionResponse var err error + for i3 := 0; i3 < len(mg.Spec.ForProvider.EncryptAtRest); i3++ { + { + m, l, err = apisresolver.GetManagedResource("kms.aws.upbound.io", "v1beta1", "Key", "KeyList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.EncryptAtRest[i3].KMSKeyID), + Extract: common.ARNExtractor(), + Reference: mg.Spec.ForProvider.EncryptAtRest[i3].KMSKeyIDRef, + Selector: mg.Spec.ForProvider.EncryptAtRest[i3].KMSKeyIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.EncryptAtRest[i3].KMSKeyID") + } + mg.Spec.ForProvider.EncryptAtRest[i3].KMSKeyID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.EncryptAtRest[i3].KMSKeyIDRef = rsp.ResolvedReference + + } for i3 := 0; i3 < len(mg.Spec.ForProvider.LogPublishingOptions); i3++ { { m, l, err = apisresolver.GetManagedResource("cloudwatchlogs.aws.upbound.io", "v1beta1", "Group", "GroupList") @@ -47,6 +70,69 @@ func (mg *Domain) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.LogPublishingOptions[i3].CloudwatchLogGroupArn = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.LogPublishingOptions[i3].CloudwatchLogGroupArnRef = rsp.ResolvedReference + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.VPCOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("ec2.aws.upbound.io", "v1beta1", "SecurityGroup", "SecurityGroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.VPCOptions[i3].SecurityGroupIds), + Extract: reference.ExternalName(), + References: mg.Spec.ForProvider.VPCOptions[i3].SecurityGroupIDRefs, + Selector: mg.Spec.ForProvider.VPCOptions[i3].SecurityGroupIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.VPCOptions[i3].SecurityGroupIds") + } + mg.Spec.ForProvider.VPCOptions[i3].SecurityGroupIds = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.ForProvider.VPCOptions[i3].SecurityGroupIDRefs = mrsp.ResolvedReferences + + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.VPCOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("ec2.aws.upbound.io", "v1beta1", "Subnet", "SubnetList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.VPCOptions[i3].SubnetIds), + Extract: reference.ExternalName(), + References: mg.Spec.ForProvider.VPCOptions[i3].SubnetIDRefs, + Selector: mg.Spec.ForProvider.VPCOptions[i3].SubnetIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.VPCOptions[i3].SubnetIds") + } + mg.Spec.ForProvider.VPCOptions[i3].SubnetIds = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.ForProvider.VPCOptions[i3].SubnetIDRefs = mrsp.ResolvedReferences + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.EncryptAtRest); i3++ { + { + m, l, err = apisresolver.GetManagedResource("kms.aws.upbound.io", "v1beta1", "Key", "KeyList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.EncryptAtRest[i3].KMSKeyID), + Extract: common.ARNExtractor(), + Reference: mg.Spec.InitProvider.EncryptAtRest[i3].KMSKeyIDRef, + Selector: mg.Spec.InitProvider.EncryptAtRest[i3].KMSKeyIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.EncryptAtRest[i3].KMSKeyID") + } + mg.Spec.InitProvider.EncryptAtRest[i3].KMSKeyID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.EncryptAtRest[i3].KMSKeyIDRef = rsp.ResolvedReference + } for i3 := 0; i3 < len(mg.Spec.InitProvider.LogPublishingOptions); i3++ { { @@ -68,6 +154,48 @@ func (mg *Domain) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.InitProvider.LogPublishingOptions[i3].CloudwatchLogGroupArn = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.LogPublishingOptions[i3].CloudwatchLogGroupArnRef = rsp.ResolvedReference + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.VPCOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("ec2.aws.upbound.io", "v1beta1", "SecurityGroup", "SecurityGroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.InitProvider.VPCOptions[i3].SecurityGroupIds), + Extract: reference.ExternalName(), + References: mg.Spec.InitProvider.VPCOptions[i3].SecurityGroupIDRefs, + Selector: mg.Spec.InitProvider.VPCOptions[i3].SecurityGroupIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.VPCOptions[i3].SecurityGroupIds") + } + mg.Spec.InitProvider.VPCOptions[i3].SecurityGroupIds = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.InitProvider.VPCOptions[i3].SecurityGroupIDRefs = mrsp.ResolvedReferences + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.VPCOptions); i3++ { + { + m, l, err = apisresolver.GetManagedResource("ec2.aws.upbound.io", "v1beta1", "Subnet", "SubnetList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.InitProvider.VPCOptions[i3].SubnetIds), + Extract: reference.ExternalName(), + References: mg.Spec.InitProvider.VPCOptions[i3].SubnetIDRefs, + Selector: mg.Spec.InitProvider.VPCOptions[i3].SubnetIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.VPCOptions[i3].SubnetIds") + } + mg.Spec.InitProvider.VPCOptions[i3].SubnetIds = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.InitProvider.VPCOptions[i3].SubnetIDRefs = mrsp.ResolvedReferences + } return nil diff --git a/config/opensearch/config.go b/config/opensearch/config.go index 0b21d97aed..376ae57f3c 100644 --- a/config/opensearch/config.go +++ b/config/opensearch/config.go @@ -4,12 +4,34 @@ package opensearch -import "github.com/crossplane/upjet/pkg/config" +import ( + "github.com/crossplane/upjet/pkg/config" + + "github.com/upbound/provider-aws/config/common" +) // Configure adds configurations for the opensearch group. func Configure(p *config.Provider) { p.AddResourceConfigurator("aws_opensearch_domain", func(r *config.Resource) { config.MoveToStatus(r.TerraformResource, "access_policies") + r.References["encrypt_at_rest.kms_key_id"] = config.Reference{ + // its KMS key ARN in AWS API + TerraformName: "aws_kms_key", + Extractor: common.PathARNExtractor, + } + + r.References["vpc_options.security_group_ids"] = config.Reference{ + TerraformName: "aws_security_group", + RefFieldName: "SecurityGroupIDRefs", + SelectorFieldName: "SecurityGroupIDSelector", + } + + r.References["vpc_options.subnet_ids"] = config.Reference{ + TerraformName: "aws_subnet", + RefFieldName: "SubnetIDRefs", + SelectorFieldName: "SubnetIDSelector", + } + r.UseAsync = true }) diff --git a/examples/opensearch/v1beta1/domain.yaml b/examples/opensearch/v1beta1/domain.yaml index 9c741b9856..744245359a 100644 --- a/examples/opensearch/v1beta1/domain.yaml +++ b/examples/opensearch/v1beta1/domain.yaml @@ -12,7 +12,7 @@ metadata: name: example spec: forProvider: - domainName: example-domain-name + domainName: ${Rand.RFC1123Subdomain} engineVersion: OpenSearch_1.0 region: us-west-1 clusterConfig: diff --git a/package/crds/opensearch.aws.upbound.io_domains.yaml b/package/crds/opensearch.aws.upbound.io_domains.yaml index 6d568733a5..7d05983cbb 100644 --- a/package/crds/opensearch.aws.upbound.io_domains.yaml +++ b/package/crds/opensearch.aws.upbound.io_domains.yaml @@ -361,6 +361,80 @@ spec: service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. type: string + kmsKeyIdRef: + description: Reference to a Key in kms to populate kmsKeyId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kmsKeyIdSelector: + description: Selector for a Key in kms to populate kmsKeyId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object type: array engineVersion: @@ -548,6 +622,85 @@ spec: Detailed below. items: properties: + securityGroupIdRefs: + description: References to SecurityGroup in ec2 to populate + securityGroupIds. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + securityGroupIdSelector: + description: Selector for a list of SecurityGroup in ec2 + to populate securityGroupIds. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object securityGroupIds: description: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default @@ -556,6 +709,84 @@ spec: type: string type: array x-kubernetes-list-type: set + subnetIdRefs: + description: References to Subnet in ec2 to populate subnetIds. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + subnetIdSelector: + description: Selector for a list of Subnet in ec2 to populate + subnetIds. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object subnetIds: description: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in. @@ -870,6 +1101,80 @@ spec: service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. type: string + kmsKeyIdRef: + description: Reference to a Key in kms to populate kmsKeyId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kmsKeyIdSelector: + description: Selector for a Key in kms to populate kmsKeyId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object type: array engineVersion: @@ -1053,6 +1358,85 @@ spec: Detailed below. items: properties: + securityGroupIdRefs: + description: References to SecurityGroup in ec2 to populate + securityGroupIds. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + securityGroupIdSelector: + description: Selector for a list of SecurityGroup in ec2 + to populate securityGroupIds. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object securityGroupIds: description: List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default @@ -1061,6 +1445,84 @@ spec: type: string type: array x-kubernetes-list-type: set + subnetIdRefs: + description: References to Subnet in ec2 to populate subnetIds. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + subnetIdSelector: + description: Selector for a list of Subnet in ec2 to populate + subnetIds. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object subnetIds: description: List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in.