From 245ac1b42c0f8cd869f97cd7e083e481a5498a13 Mon Sep 17 00:00:00 2001 From: Knut-Erik Johnsen Date: Fri, 31 May 2024 09:55:51 +0200 Subject: [PATCH 1/2] Added new PIM resources Signed-off-by: Knut-Erik Johnsen --- .../v1beta1/zz_generated.conversion_hubs.go | 6 + .../v1beta1/zz_generated.deepcopy.go | 1188 +++++++++++++++-- .../v1beta1/zz_generated.managed.go | 120 ++ .../v1beta1/zz_generated.managedlist.go | 18 + .../v1beta1/zz_generated.resolvers.go | 100 ++ .../zz_pimactiveroleassignment_terraformed.go | 129 ++ .../zz_pimactiveroleassignment_types.go | 306 +++++ ...z_pimeligibleroleassignment_terraformed.go | 129 ++ .../zz_pimeligibleroleassignment_types.go | 306 +++++ config/authorization/config.go | 16 + config/externalname.go | 4 + config/generated.lst | 2 +- .../v1beta1/pimactiveroleassignment.yaml | 23 + .../v1beta1/pimeligibleroleassignment.yaml | 23 + .../v1beta1/pimactiveroleassignment.yaml | 21 + .../v1beta1/pimeligibleroleassignment.yaml | 21 + .../pimactiveroleassignment/zz_controller.go | 91 ++ .../zz_controller.go | 91 ++ internal/controller/zz_authorization_setup.go | 4 + internal/controller/zz_monolith_setup.go | 4 + ...e.upbound.io_pimactiveroleassignments.yaml | 693 ++++++++++ ...upbound.io_pimeligibleroleassignments.yaml | 693 ++++++++++ 22 files changed, 3892 insertions(+), 96 deletions(-) create mode 100755 apis/authorization/v1beta1/zz_pimactiveroleassignment_terraformed.go create mode 100755 apis/authorization/v1beta1/zz_pimactiveroleassignment_types.go create mode 100755 apis/authorization/v1beta1/zz_pimeligibleroleassignment_terraformed.go create mode 100755 apis/authorization/v1beta1/zz_pimeligibleroleassignment_types.go create mode 100644 examples-generated/authorization/v1beta1/pimactiveroleassignment.yaml create mode 100644 examples-generated/authorization/v1beta1/pimeligibleroleassignment.yaml create mode 100644 examples/authorization/v1beta1/pimactiveroleassignment.yaml create mode 100644 examples/authorization/v1beta1/pimeligibleroleassignment.yaml create mode 100755 internal/controller/authorization/pimactiveroleassignment/zz_controller.go create mode 100755 internal/controller/authorization/pimeligibleroleassignment/zz_controller.go create mode 100644 package/crds/authorization.azure.upbound.io_pimactiveroleassignments.yaml create mode 100644 package/crds/authorization.azure.upbound.io_pimeligibleroleassignments.yaml diff --git a/apis/authorization/v1beta1/zz_generated.conversion_hubs.go b/apis/authorization/v1beta1/zz_generated.conversion_hubs.go index 6eba8265d..052db10da 100755 --- a/apis/authorization/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/authorization/v1beta1/zz_generated.conversion_hubs.go @@ -9,6 +9,12 @@ package v1beta1 // Hub marks this type as a conversion hub. func (tr *ManagementLock) Hub() {} +// Hub marks this type as a conversion hub. +func (tr *PimActiveRoleAssignment) Hub() {} + +// Hub marks this type as a conversion hub. +func (tr *PimEligibleRoleAssignment) Hub() {} + // Hub marks this type as a conversion hub. func (tr *PolicyDefinition) Hub() {} diff --git a/apis/authorization/v1beta1/zz_generated.deepcopy.go b/apis/authorization/v1beta1/zz_generated.deepcopy.go index 809d2883c..d6d3ed755 100644 --- a/apis/authorization/v1beta1/zz_generated.deepcopy.go +++ b/apis/authorization/v1beta1/zz_generated.deepcopy.go @@ -13,6 +13,96 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExpirationInitParameters) DeepCopyInto(out *ExpirationInitParameters) { + *out = *in + if in.DurationDays != nil { + in, out := &in.DurationDays, &out.DurationDays + *out = new(float64) + **out = **in + } + if in.DurationHours != nil { + in, out := &in.DurationHours, &out.DurationHours + *out = new(float64) + **out = **in + } + if in.EndDateTime != nil { + in, out := &in.EndDateTime, &out.EndDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpirationInitParameters. +func (in *ExpirationInitParameters) DeepCopy() *ExpirationInitParameters { + if in == nil { + return nil + } + out := new(ExpirationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExpirationObservation) DeepCopyInto(out *ExpirationObservation) { + *out = *in + if in.DurationDays != nil { + in, out := &in.DurationDays, &out.DurationDays + *out = new(float64) + **out = **in + } + if in.DurationHours != nil { + in, out := &in.DurationHours, &out.DurationHours + *out = new(float64) + **out = **in + } + if in.EndDateTime != nil { + in, out := &in.EndDateTime, &out.EndDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpirationObservation. +func (in *ExpirationObservation) DeepCopy() *ExpirationObservation { + if in == nil { + return nil + } + out := new(ExpirationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExpirationParameters) DeepCopyInto(out *ExpirationParameters) { + *out = *in + if in.DurationDays != nil { + in, out := &in.DurationDays, &out.DurationDays + *out = new(float64) + **out = **in + } + if in.DurationHours != nil { + in, out := &in.DurationHours, &out.DurationHours + *out = new(float64) + **out = **in + } + if in.EndDateTime != nil { + in, out := &in.EndDateTime, &out.EndDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpirationParameters. +func (in *ExpirationParameters) DeepCopy() *ExpirationParameters { + if in == nil { + return nil + } + out := new(ExpirationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdentityInitParameters) DeepCopyInto(out *IdentityInitParameters) { *out = *in @@ -661,130 +751,798 @@ func (in *PermissionsInitParameters) DeepCopyInto(out *PermissionsInitParameters } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsInitParameters. -func (in *PermissionsInitParameters) DeepCopy() *PermissionsInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsInitParameters. +func (in *PermissionsInitParameters) DeepCopy() *PermissionsInitParameters { + if in == nil { + return nil + } + out := new(PermissionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsObservation) DeepCopyInto(out *PermissionsObservation) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.DataActions != nil { + in, out := &in.DataActions, &out.DataActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.NotActions != nil { + in, out := &in.NotActions, &out.NotActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.NotDataActions != nil { + in, out := &in.NotDataActions, &out.NotDataActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsObservation. +func (in *PermissionsObservation) DeepCopy() *PermissionsObservation { + if in == nil { + return nil + } + out := new(PermissionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsParameters) DeepCopyInto(out *PermissionsParameters) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.DataActions != nil { + in, out := &in.DataActions, &out.DataActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.NotActions != nil { + in, out := &in.NotActions, &out.NotActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.NotDataActions != nil { + in, out := &in.NotDataActions, &out.NotDataActions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsParameters. +func (in *PermissionsParameters) DeepCopy() *PermissionsParameters { + if in == nil { + return nil + } + out := new(PermissionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignment) DeepCopyInto(out *PimActiveRoleAssignment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignment. +func (in *PimActiveRoleAssignment) DeepCopy() *PimActiveRoleAssignment { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PimActiveRoleAssignment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignmentInitParameters) DeepCopyInto(out *PimActiveRoleAssignmentInitParameters) { + *out = *in + if in.Justification != nil { + in, out := &in.Justification, &out.Justification + *out = new(string) + **out = **in + } + if in.PrincipalID != nil { + in, out := &in.PrincipalID, &out.PrincipalID + *out = new(string) + **out = **in + } + if in.RoleDefinitionID != nil { + in, out := &in.RoleDefinitionID, &out.RoleDefinitionID + *out = new(string) + **out = **in + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(ScheduleInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ScopeRef != nil { + in, out := &in.ScopeRef, &out.ScopeRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Ticket != nil { + in, out := &in.Ticket, &out.Ticket + *out = new(TicketInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignmentInitParameters. +func (in *PimActiveRoleAssignmentInitParameters) DeepCopy() *PimActiveRoleAssignmentInitParameters { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignmentList) DeepCopyInto(out *PimActiveRoleAssignmentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PimActiveRoleAssignment, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignmentList. +func (in *PimActiveRoleAssignmentList) DeepCopy() *PimActiveRoleAssignmentList { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignmentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PimActiveRoleAssignmentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignmentObservation) DeepCopyInto(out *PimActiveRoleAssignmentObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Justification != nil { + in, out := &in.Justification, &out.Justification + *out = new(string) + **out = **in + } + if in.PrincipalID != nil { + in, out := &in.PrincipalID, &out.PrincipalID + *out = new(string) + **out = **in + } + if in.PrincipalType != nil { + in, out := &in.PrincipalType, &out.PrincipalType + *out = new(string) + **out = **in + } + if in.RoleDefinitionID != nil { + in, out := &in.RoleDefinitionID, &out.RoleDefinitionID + *out = new(string) + **out = **in + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(ScheduleObservation) + (*in).DeepCopyInto(*out) + } + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.Ticket != nil { + in, out := &in.Ticket, &out.Ticket + *out = new(TicketObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignmentObservation. +func (in *PimActiveRoleAssignmentObservation) DeepCopy() *PimActiveRoleAssignmentObservation { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignmentParameters) DeepCopyInto(out *PimActiveRoleAssignmentParameters) { + *out = *in + if in.Justification != nil { + in, out := &in.Justification, &out.Justification + *out = new(string) + **out = **in + } + if in.PrincipalID != nil { + in, out := &in.PrincipalID, &out.PrincipalID + *out = new(string) + **out = **in + } + if in.RoleDefinitionID != nil { + in, out := &in.RoleDefinitionID, &out.RoleDefinitionID + *out = new(string) + **out = **in + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(ScheduleParameters) + (*in).DeepCopyInto(*out) + } + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ScopeRef != nil { + in, out := &in.ScopeRef, &out.ScopeRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Ticket != nil { + in, out := &in.Ticket, &out.Ticket + *out = new(TicketParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignmentParameters. +func (in *PimActiveRoleAssignmentParameters) DeepCopy() *PimActiveRoleAssignmentParameters { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignmentSpec) DeepCopyInto(out *PimActiveRoleAssignmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignmentSpec. +func (in *PimActiveRoleAssignmentSpec) DeepCopy() *PimActiveRoleAssignmentSpec { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignmentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimActiveRoleAssignmentStatus) DeepCopyInto(out *PimActiveRoleAssignmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimActiveRoleAssignmentStatus. +func (in *PimActiveRoleAssignmentStatus) DeepCopy() *PimActiveRoleAssignmentStatus { + if in == nil { + return nil + } + out := new(PimActiveRoleAssignmentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignment) DeepCopyInto(out *PimEligibleRoleAssignment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignment. +func (in *PimEligibleRoleAssignment) DeepCopy() *PimEligibleRoleAssignment { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PimEligibleRoleAssignment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentInitParameters) DeepCopyInto(out *PimEligibleRoleAssignmentInitParameters) { + *out = *in + if in.Justification != nil { + in, out := &in.Justification, &out.Justification + *out = new(string) + **out = **in + } + if in.PrincipalID != nil { + in, out := &in.PrincipalID, &out.PrincipalID + *out = new(string) + **out = **in + } + if in.RoleDefinitionID != nil { + in, out := &in.RoleDefinitionID, &out.RoleDefinitionID + *out = new(string) + **out = **in + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(PimEligibleRoleAssignmentScheduleInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ScopeRef != nil { + in, out := &in.ScopeRef, &out.ScopeRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Ticket != nil { + in, out := &in.Ticket, &out.Ticket + *out = new(PimEligibleRoleAssignmentTicketInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentInitParameters. +func (in *PimEligibleRoleAssignmentInitParameters) DeepCopy() *PimEligibleRoleAssignmentInitParameters { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentList) DeepCopyInto(out *PimEligibleRoleAssignmentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PimEligibleRoleAssignment, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentList. +func (in *PimEligibleRoleAssignmentList) DeepCopy() *PimEligibleRoleAssignmentList { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PimEligibleRoleAssignmentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentObservation) DeepCopyInto(out *PimEligibleRoleAssignmentObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Justification != nil { + in, out := &in.Justification, &out.Justification + *out = new(string) + **out = **in + } + if in.PrincipalID != nil { + in, out := &in.PrincipalID, &out.PrincipalID + *out = new(string) + **out = **in + } + if in.PrincipalType != nil { + in, out := &in.PrincipalType, &out.PrincipalType + *out = new(string) + **out = **in + } + if in.RoleDefinitionID != nil { + in, out := &in.RoleDefinitionID, &out.RoleDefinitionID + *out = new(string) + **out = **in + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(PimEligibleRoleAssignmentScheduleObservation) + (*in).DeepCopyInto(*out) + } + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.Ticket != nil { + in, out := &in.Ticket, &out.Ticket + *out = new(PimEligibleRoleAssignmentTicketObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentObservation. +func (in *PimEligibleRoleAssignmentObservation) DeepCopy() *PimEligibleRoleAssignmentObservation { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentParameters) DeepCopyInto(out *PimEligibleRoleAssignmentParameters) { + *out = *in + if in.Justification != nil { + in, out := &in.Justification, &out.Justification + *out = new(string) + **out = **in + } + if in.PrincipalID != nil { + in, out := &in.PrincipalID, &out.PrincipalID + *out = new(string) + **out = **in + } + if in.RoleDefinitionID != nil { + in, out := &in.RoleDefinitionID, &out.RoleDefinitionID + *out = new(string) + **out = **in + } + if in.Schedule != nil { + in, out := &in.Schedule, &out.Schedule + *out = new(PimEligibleRoleAssignmentScheduleParameters) + (*in).DeepCopyInto(*out) + } + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ScopeRef != nil { + in, out := &in.ScopeRef, &out.ScopeRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ScopeSelector != nil { + in, out := &in.ScopeSelector, &out.ScopeSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Ticket != nil { + in, out := &in.Ticket, &out.Ticket + *out = new(PimEligibleRoleAssignmentTicketParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentParameters. +func (in *PimEligibleRoleAssignmentParameters) DeepCopy() *PimEligibleRoleAssignmentParameters { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentScheduleInitParameters) DeepCopyInto(out *PimEligibleRoleAssignmentScheduleInitParameters) { + *out = *in + if in.Expiration != nil { + in, out := &in.Expiration, &out.Expiration + *out = new(ScheduleExpirationInitParameters) + (*in).DeepCopyInto(*out) + } + if in.StartDateTime != nil { + in, out := &in.StartDateTime, &out.StartDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentScheduleInitParameters. +func (in *PimEligibleRoleAssignmentScheduleInitParameters) DeepCopy() *PimEligibleRoleAssignmentScheduleInitParameters { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentScheduleInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentScheduleObservation) DeepCopyInto(out *PimEligibleRoleAssignmentScheduleObservation) { + *out = *in + if in.Expiration != nil { + in, out := &in.Expiration, &out.Expiration + *out = new(ScheduleExpirationObservation) + (*in).DeepCopyInto(*out) + } + if in.StartDateTime != nil { + in, out := &in.StartDateTime, &out.StartDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentScheduleObservation. +func (in *PimEligibleRoleAssignmentScheduleObservation) DeepCopy() *PimEligibleRoleAssignmentScheduleObservation { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentScheduleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentScheduleParameters) DeepCopyInto(out *PimEligibleRoleAssignmentScheduleParameters) { + *out = *in + if in.Expiration != nil { + in, out := &in.Expiration, &out.Expiration + *out = new(ScheduleExpirationParameters) + (*in).DeepCopyInto(*out) + } + if in.StartDateTime != nil { + in, out := &in.StartDateTime, &out.StartDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentScheduleParameters. +func (in *PimEligibleRoleAssignmentScheduleParameters) DeepCopy() *PimEligibleRoleAssignmentScheduleParameters { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentScheduleParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentSpec) DeepCopyInto(out *PimEligibleRoleAssignmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentSpec. +func (in *PimEligibleRoleAssignmentSpec) DeepCopy() *PimEligibleRoleAssignmentSpec { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentStatus) DeepCopyInto(out *PimEligibleRoleAssignmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentStatus. +func (in *PimEligibleRoleAssignmentStatus) DeepCopy() *PimEligibleRoleAssignmentStatus { + if in == nil { + return nil + } + out := new(PimEligibleRoleAssignmentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PimEligibleRoleAssignmentTicketInitParameters) DeepCopyInto(out *PimEligibleRoleAssignmentTicketInitParameters) { + *out = *in + if in.Number != nil { + in, out := &in.Number, &out.Number + *out = new(string) + **out = **in + } + if in.System != nil { + in, out := &in.System, &out.System + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentTicketInitParameters. +func (in *PimEligibleRoleAssignmentTicketInitParameters) DeepCopy() *PimEligibleRoleAssignmentTicketInitParameters { if in == nil { return nil } - out := new(PermissionsInitParameters) + out := new(PimEligibleRoleAssignmentTicketInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionsObservation) DeepCopyInto(out *PermissionsObservation) { +func (in *PimEligibleRoleAssignmentTicketObservation) DeepCopyInto(out *PimEligibleRoleAssignmentTicketObservation) { *out = *in - if in.Actions != nil { - in, out := &in.Actions, &out.Actions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.DataActions != nil { - in, out := &in.DataActions, &out.DataActions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.NotActions != nil { - in, out := &in.NotActions, &out.NotActions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Number != nil { + in, out := &in.Number, &out.Number + *out = new(string) + **out = **in } - if in.NotDataActions != nil { - in, out := &in.NotDataActions, &out.NotDataActions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.System != nil { + in, out := &in.System, &out.System + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsObservation. -func (in *PermissionsObservation) DeepCopy() *PermissionsObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentTicketObservation. +func (in *PimEligibleRoleAssignmentTicketObservation) DeepCopy() *PimEligibleRoleAssignmentTicketObservation { if in == nil { return nil } - out := new(PermissionsObservation) + out := new(PimEligibleRoleAssignmentTicketObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionsParameters) DeepCopyInto(out *PermissionsParameters) { +func (in *PimEligibleRoleAssignmentTicketParameters) DeepCopyInto(out *PimEligibleRoleAssignmentTicketParameters) { *out = *in - if in.Actions != nil { - in, out := &in.Actions, &out.Actions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.DataActions != nil { - in, out := &in.DataActions, &out.DataActions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.NotActions != nil { - in, out := &in.NotActions, &out.NotActions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.Number != nil { + in, out := &in.Number, &out.Number + *out = new(string) + **out = **in } - if in.NotDataActions != nil { - in, out := &in.NotDataActions, &out.NotDataActions - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } + if in.System != nil { + in, out := &in.System, &out.System + *out = new(string) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsParameters. -func (in *PermissionsParameters) DeepCopy() *PermissionsParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PimEligibleRoleAssignmentTicketParameters. +func (in *PimEligibleRoleAssignmentTicketParameters) DeepCopy() *PimEligibleRoleAssignmentTicketParameters { if in == nil { return nil } - out := new(PermissionsParameters) + out := new(PimEligibleRoleAssignmentTicketParameters) in.DeepCopyInto(out) return out } @@ -3503,6 +4261,171 @@ func (in *RoleDefinitionStatus) DeepCopy() *RoleDefinitionStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduleExpirationInitParameters) DeepCopyInto(out *ScheduleExpirationInitParameters) { + *out = *in + if in.DurationDays != nil { + in, out := &in.DurationDays, &out.DurationDays + *out = new(float64) + **out = **in + } + if in.DurationHours != nil { + in, out := &in.DurationHours, &out.DurationHours + *out = new(float64) + **out = **in + } + if in.EndDateTime != nil { + in, out := &in.EndDateTime, &out.EndDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduleExpirationInitParameters. +func (in *ScheduleExpirationInitParameters) DeepCopy() *ScheduleExpirationInitParameters { + if in == nil { + return nil + } + out := new(ScheduleExpirationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduleExpirationObservation) DeepCopyInto(out *ScheduleExpirationObservation) { + *out = *in + if in.DurationDays != nil { + in, out := &in.DurationDays, &out.DurationDays + *out = new(float64) + **out = **in + } + if in.DurationHours != nil { + in, out := &in.DurationHours, &out.DurationHours + *out = new(float64) + **out = **in + } + if in.EndDateTime != nil { + in, out := &in.EndDateTime, &out.EndDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduleExpirationObservation. +func (in *ScheduleExpirationObservation) DeepCopy() *ScheduleExpirationObservation { + if in == nil { + return nil + } + out := new(ScheduleExpirationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduleExpirationParameters) DeepCopyInto(out *ScheduleExpirationParameters) { + *out = *in + if in.DurationDays != nil { + in, out := &in.DurationDays, &out.DurationDays + *out = new(float64) + **out = **in + } + if in.DurationHours != nil { + in, out := &in.DurationHours, &out.DurationHours + *out = new(float64) + **out = **in + } + if in.EndDateTime != nil { + in, out := &in.EndDateTime, &out.EndDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduleExpirationParameters. +func (in *ScheduleExpirationParameters) DeepCopy() *ScheduleExpirationParameters { + if in == nil { + return nil + } + out := new(ScheduleExpirationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduleInitParameters) DeepCopyInto(out *ScheduleInitParameters) { + *out = *in + if in.Expiration != nil { + in, out := &in.Expiration, &out.Expiration + *out = new(ExpirationInitParameters) + (*in).DeepCopyInto(*out) + } + if in.StartDateTime != nil { + in, out := &in.StartDateTime, &out.StartDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduleInitParameters. +func (in *ScheduleInitParameters) DeepCopy() *ScheduleInitParameters { + if in == nil { + return nil + } + out := new(ScheduleInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduleObservation) DeepCopyInto(out *ScheduleObservation) { + *out = *in + if in.Expiration != nil { + in, out := &in.Expiration, &out.Expiration + *out = new(ExpirationObservation) + (*in).DeepCopyInto(*out) + } + if in.StartDateTime != nil { + in, out := &in.StartDateTime, &out.StartDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduleObservation. +func (in *ScheduleObservation) DeepCopy() *ScheduleObservation { + if in == nil { + return nil + } + out := new(ScheduleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduleParameters) DeepCopyInto(out *ScheduleParameters) { + *out = *in + if in.Expiration != nil { + in, out := &in.Expiration, &out.Expiration + *out = new(ExpirationParameters) + (*in).DeepCopyInto(*out) + } + if in.StartDateTime != nil { + in, out := &in.StartDateTime, &out.StartDateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduleParameters. +func (in *ScheduleParameters) DeepCopy() *ScheduleParameters { + if in == nil { + return nil + } + out := new(ScheduleParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SelectorsInitParameters) DeepCopyInto(out *SelectorsInitParameters) { *out = *in @@ -4903,3 +5826,78 @@ func (in *SubscriptionPolicyExemptionStatus) DeepCopy() *SubscriptionPolicyExemp in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TicketInitParameters) DeepCopyInto(out *TicketInitParameters) { + *out = *in + if in.Number != nil { + in, out := &in.Number, &out.Number + *out = new(string) + **out = **in + } + if in.System != nil { + in, out := &in.System, &out.System + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TicketInitParameters. +func (in *TicketInitParameters) DeepCopy() *TicketInitParameters { + if in == nil { + return nil + } + out := new(TicketInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TicketObservation) DeepCopyInto(out *TicketObservation) { + *out = *in + if in.Number != nil { + in, out := &in.Number, &out.Number + *out = new(string) + **out = **in + } + if in.System != nil { + in, out := &in.System, &out.System + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TicketObservation. +func (in *TicketObservation) DeepCopy() *TicketObservation { + if in == nil { + return nil + } + out := new(TicketObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TicketParameters) DeepCopyInto(out *TicketParameters) { + *out = *in + if in.Number != nil { + in, out := &in.Number, &out.Number + *out = new(string) + **out = **in + } + if in.System != nil { + in, out := &in.System, &out.System + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TicketParameters. +func (in *TicketParameters) DeepCopy() *TicketParameters { + if in == nil { + return nil + } + out := new(TicketParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/authorization/v1beta1/zz_generated.managed.go b/apis/authorization/v1beta1/zz_generated.managed.go index 3880dc72e..92f297520 100644 --- a/apis/authorization/v1beta1/zz_generated.managed.go +++ b/apis/authorization/v1beta1/zz_generated.managed.go @@ -67,6 +67,126 @@ func (mg *ManagementLock) SetWriteConnectionSecretToReference(r *xpv1.SecretRefe mg.Spec.WriteConnectionSecretToReference = r } +// GetCondition of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this PolicyDefinition. func (mg *PolicyDefinition) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/authorization/v1beta1/zz_generated.managedlist.go b/apis/authorization/v1beta1/zz_generated.managedlist.go index 9f6e3a3b4..f770eef6a 100644 --- a/apis/authorization/v1beta1/zz_generated.managedlist.go +++ b/apis/authorization/v1beta1/zz_generated.managedlist.go @@ -16,6 +16,24 @@ func (l *ManagementLockList) GetItems() []resource.Managed { return items } +// GetItems of this PimActiveRoleAssignmentList. +func (l *PimActiveRoleAssignmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this PimEligibleRoleAssignmentList. +func (l *PimEligibleRoleAssignmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this PolicyDefinitionList. func (l *PolicyDefinitionList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/authorization/v1beta1/zz_generated.resolvers.go b/apis/authorization/v1beta1/zz_generated.resolvers.go index 995ed69ea..f430eaf2b 100644 --- a/apis/authorization/v1beta1/zz_generated.resolvers.go +++ b/apis/authorization/v1beta1/zz_generated.resolvers.go @@ -67,6 +67,106 @@ func (mg *ManagementLock) ResolveReferences( // ResolveReferences of this Manage return nil } +// ResolveReferences of this PimActiveRoleAssignment. +func (mg *PimActiveRoleAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("management.azure.upbound.io", "v1beta1", "ManagementGroup", "ManagementGroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Scope), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.ScopeRef, + Selector: mg.Spec.ForProvider.ScopeSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Scope") + } + mg.Spec.ForProvider.Scope = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ScopeRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("management.azure.upbound.io", "v1beta1", "ManagementGroup", "ManagementGroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Scope), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.ScopeRef, + Selector: mg.Spec.InitProvider.ScopeSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Scope") + } + mg.Spec.InitProvider.Scope = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ScopeRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this PimEligibleRoleAssignment. +func (mg *PimEligibleRoleAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("management.azure.upbound.io", "v1beta1", "ManagementGroup", "ManagementGroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Scope), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.ScopeRef, + Selector: mg.Spec.ForProvider.ScopeSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Scope") + } + mg.Spec.ForProvider.Scope = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ScopeRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("management.azure.upbound.io", "v1beta1", "ManagementGroup", "ManagementGroupList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Scope), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.ScopeRef, + Selector: mg.Spec.InitProvider.ScopeSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Scope") + } + mg.Spec.InitProvider.Scope = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ScopeRef = rsp.ResolvedReference + + return nil +} + // ResolveReferences of this ResourceGroupPolicyAssignment. func (mg *ResourceGroupPolicyAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { var m xpresource.Managed diff --git a/apis/authorization/v1beta1/zz_pimactiveroleassignment_terraformed.go b/apis/authorization/v1beta1/zz_pimactiveroleassignment_terraformed.go new file mode 100755 index 000000000..2a0c0b56a --- /dev/null +++ b/apis/authorization/v1beta1/zz_pimactiveroleassignment_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this PimActiveRoleAssignment +func (mg *PimActiveRoleAssignment) GetTerraformResourceType() string { + return "azurerm_pim_active_role_assignment" +} + +// GetConnectionDetailsMapping for this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this PimActiveRoleAssignment +func (tr *PimActiveRoleAssignment) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this PimActiveRoleAssignment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *PimActiveRoleAssignment) LateInitialize(attrs []byte) (bool, error) { + params := &PimActiveRoleAssignmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *PimActiveRoleAssignment) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/authorization/v1beta1/zz_pimactiveroleassignment_types.go b/apis/authorization/v1beta1/zz_pimactiveroleassignment_types.go new file mode 100755 index 000000000..845b76486 --- /dev/null +++ b/apis/authorization/v1beta1/zz_pimactiveroleassignment_types.go @@ -0,0 +1,306 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type ExpirationInitParameters struct { + + // The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + // The duration of the assignment in days. + DurationDays *float64 `json:"durationDays,omitempty" tf:"duration_days,omitempty"` + + // The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + // The duration of the assignment in hours. + DurationHours *float64 `json:"durationHours,omitempty" tf:"duration_hours,omitempty"` + + // The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Active Role Assignment to be created. + // The end date time of the assignment. + EndDateTime *string `json:"endDateTime,omitempty" tf:"end_date_time,omitempty"` +} + +type ExpirationObservation struct { + + // The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + // The duration of the assignment in days. + DurationDays *float64 `json:"durationDays,omitempty" tf:"duration_days,omitempty"` + + // The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + // The duration of the assignment in hours. + DurationHours *float64 `json:"durationHours,omitempty" tf:"duration_hours,omitempty"` + + // The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Active Role Assignment to be created. + // The end date time of the assignment. + EndDateTime *string `json:"endDateTime,omitempty" tf:"end_date_time,omitempty"` +} + +type ExpirationParameters struct { + + // The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + // The duration of the assignment in days. + // +kubebuilder:validation:Optional + DurationDays *float64 `json:"durationDays,omitempty" tf:"duration_days,omitempty"` + + // The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + // The duration of the assignment in hours. + // +kubebuilder:validation:Optional + DurationHours *float64 `json:"durationHours,omitempty" tf:"duration_hours,omitempty"` + + // The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Active Role Assignment to be created. + // The end date time of the assignment. + // +kubebuilder:validation:Optional + EndDateTime *string `json:"endDateTime,omitempty" tf:"end_date_time,omitempty"` +} + +type PimActiveRoleAssignmentInitParameters struct { + + // The justification of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + // The justification of the role assignment. + Justification *string `json:"justification,omitempty" tf:"justification,omitempty"` + + // The principal id. Changing this forces a new Pim Active Role Assignment to be created. + // The principal id. + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // The role definition id. Changing this forces a new Pim Active Role Assignment to be created. + // The role definition id. + RoleDefinitionID *string `json:"roleDefinitionId,omitempty" tf:"role_definition_id,omitempty"` + + // A schedule block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + // The schedule details of this role assignment. + Schedule *ScheduleInitParameters `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The scope. Changing this forces a new Pim Active Role Assignment to be created. + // The scope. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/management/v1beta1.ManagementGroup + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Reference to a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeRef *v1.Reference `json:"scopeRef,omitempty" tf:"-"` + + // Selector for a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeSelector *v1.Selector `json:"scopeSelector,omitempty" tf:"-"` + + // A ticket block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + // The ticket details. + Ticket *TicketInitParameters `json:"ticket,omitempty" tf:"ticket,omitempty"` +} + +type PimActiveRoleAssignmentObservation struct { + + // The ID of the Pim Active Role Assignment. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The justification of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + // The justification of the role assignment. + Justification *string `json:"justification,omitempty" tf:"justification,omitempty"` + + // The principal id. Changing this forces a new Pim Active Role Assignment to be created. + // The principal id. + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // The type of principal. + // The type of principal. + PrincipalType *string `json:"principalType,omitempty" tf:"principal_type,omitempty"` + + // The role definition id. Changing this forces a new Pim Active Role Assignment to be created. + // The role definition id. + RoleDefinitionID *string `json:"roleDefinitionId,omitempty" tf:"role_definition_id,omitempty"` + + // A schedule block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + // The schedule details of this role assignment. + Schedule *ScheduleObservation `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The scope. Changing this forces a new Pim Active Role Assignment to be created. + // The scope. + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // A ticket block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + // The ticket details. + Ticket *TicketObservation `json:"ticket,omitempty" tf:"ticket,omitempty"` +} + +type PimActiveRoleAssignmentParameters struct { + + // The justification of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + // The justification of the role assignment. + // +kubebuilder:validation:Optional + Justification *string `json:"justification,omitempty" tf:"justification,omitempty"` + + // The principal id. Changing this forces a new Pim Active Role Assignment to be created. + // The principal id. + // +kubebuilder:validation:Optional + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // The role definition id. Changing this forces a new Pim Active Role Assignment to be created. + // The role definition id. + // +kubebuilder:validation:Optional + RoleDefinitionID *string `json:"roleDefinitionId,omitempty" tf:"role_definition_id,omitempty"` + + // A schedule block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + // The schedule details of this role assignment. + // +kubebuilder:validation:Optional + Schedule *ScheduleParameters `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The scope. Changing this forces a new Pim Active Role Assignment to be created. + // The scope. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/management/v1beta1.ManagementGroup + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Reference to a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeRef *v1.Reference `json:"scopeRef,omitempty" tf:"-"` + + // Selector for a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeSelector *v1.Selector `json:"scopeSelector,omitempty" tf:"-"` + + // A ticket block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + // The ticket details. + // +kubebuilder:validation:Optional + Ticket *TicketParameters `json:"ticket,omitempty" tf:"ticket,omitempty"` +} + +type ScheduleInitParameters struct { + + // A expiration block as defined above. + Expiration *ExpirationInitParameters `json:"expiration,omitempty" tf:"expiration,omitempty"` + + // The start date time of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + // The start date time. + StartDateTime *string `json:"startDateTime,omitempty" tf:"start_date_time,omitempty"` +} + +type ScheduleObservation struct { + + // A expiration block as defined above. + Expiration *ExpirationObservation `json:"expiration,omitempty" tf:"expiration,omitempty"` + + // The start date time of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + // The start date time. + StartDateTime *string `json:"startDateTime,omitempty" tf:"start_date_time,omitempty"` +} + +type ScheduleParameters struct { + + // A expiration block as defined above. + // +kubebuilder:validation:Optional + Expiration *ExpirationParameters `json:"expiration,omitempty" tf:"expiration,omitempty"` + + // The start date time of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + // The start date time. + // +kubebuilder:validation:Optional + StartDateTime *string `json:"startDateTime,omitempty" tf:"start_date_time,omitempty"` +} + +type TicketInitParameters struct { + + // The ticket number. + // The ticket number. + Number *string `json:"number,omitempty" tf:"number,omitempty"` + + // The ticket system. + // The ticket system. + System *string `json:"system,omitempty" tf:"system,omitempty"` +} + +type TicketObservation struct { + + // The ticket number. + // The ticket number. + Number *string `json:"number,omitempty" tf:"number,omitempty"` + + // The ticket system. + // The ticket system. + System *string `json:"system,omitempty" tf:"system,omitempty"` +} + +type TicketParameters struct { + + // The ticket number. + // The ticket number. + // +kubebuilder:validation:Optional + Number *string `json:"number,omitempty" tf:"number,omitempty"` + + // The ticket system. + // The ticket system. + // +kubebuilder:validation:Optional + System *string `json:"system,omitempty" tf:"system,omitempty"` +} + +// PimActiveRoleAssignmentSpec defines the desired state of PimActiveRoleAssignment +type PimActiveRoleAssignmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider PimActiveRoleAssignmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider PimActiveRoleAssignmentInitParameters `json:"initProvider,omitempty"` +} + +// PimActiveRoleAssignmentStatus defines the observed state of PimActiveRoleAssignment. +type PimActiveRoleAssignmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider PimActiveRoleAssignmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// PimActiveRoleAssignment is the Schema for the PimActiveRoleAssignments API. Manages a Pim Active Role Assignment. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azure} +type PimActiveRoleAssignment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.principalId) || (has(self.initProvider) && has(self.initProvider.principalId))",message="spec.forProvider.principalId is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roleDefinitionId) || (has(self.initProvider) && has(self.initProvider.roleDefinitionId))",message="spec.forProvider.roleDefinitionId is a required parameter" + Spec PimActiveRoleAssignmentSpec `json:"spec"` + Status PimActiveRoleAssignmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// PimActiveRoleAssignmentList contains a list of PimActiveRoleAssignments +type PimActiveRoleAssignmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PimActiveRoleAssignment `json:"items"` +} + +// Repository type metadata. +var ( + PimActiveRoleAssignment_Kind = "PimActiveRoleAssignment" + PimActiveRoleAssignment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: PimActiveRoleAssignment_Kind}.String() + PimActiveRoleAssignment_KindAPIVersion = PimActiveRoleAssignment_Kind + "." + CRDGroupVersion.String() + PimActiveRoleAssignment_GroupVersionKind = CRDGroupVersion.WithKind(PimActiveRoleAssignment_Kind) +) + +func init() { + SchemeBuilder.Register(&PimActiveRoleAssignment{}, &PimActiveRoleAssignmentList{}) +} diff --git a/apis/authorization/v1beta1/zz_pimeligibleroleassignment_terraformed.go b/apis/authorization/v1beta1/zz_pimeligibleroleassignment_terraformed.go new file mode 100755 index 000000000..80e0c9b2a --- /dev/null +++ b/apis/authorization/v1beta1/zz_pimeligibleroleassignment_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this PimEligibleRoleAssignment +func (mg *PimEligibleRoleAssignment) GetTerraformResourceType() string { + return "azurerm_pim_eligible_role_assignment" +} + +// GetConnectionDetailsMapping for this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this PimEligibleRoleAssignment +func (tr *PimEligibleRoleAssignment) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this PimEligibleRoleAssignment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *PimEligibleRoleAssignment) LateInitialize(attrs []byte) (bool, error) { + params := &PimEligibleRoleAssignmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *PimEligibleRoleAssignment) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/authorization/v1beta1/zz_pimeligibleroleassignment_types.go b/apis/authorization/v1beta1/zz_pimeligibleroleassignment_types.go new file mode 100755 index 000000000..648f3842e --- /dev/null +++ b/apis/authorization/v1beta1/zz_pimeligibleroleassignment_types.go @@ -0,0 +1,306 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type PimEligibleRoleAssignmentInitParameters struct { + + // The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + // The justification of the eligible role assignment. + Justification *string `json:"justification,omitempty" tf:"justification,omitempty"` + + // The principal id. Changing this forces a new Pim Eligible Role Assignment to be created. + // The principal id. + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created. + // The role definition id. + RoleDefinitionID *string `json:"roleDefinitionId,omitempty" tf:"role_definition_id,omitempty"` + + // A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + // The schedule details of this eligible role assignment. + Schedule *PimEligibleRoleAssignmentScheduleInitParameters `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The scope. Changing this forces a new Pim Eligible Role Assignment to be created. + // The scope. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/management/v1beta1.ManagementGroup + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Reference to a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeRef *v1.Reference `json:"scopeRef,omitempty" tf:"-"` + + // Selector for a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeSelector *v1.Selector `json:"scopeSelector,omitempty" tf:"-"` + + // A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + // Ticket details relating to the assignment. + Ticket *PimEligibleRoleAssignmentTicketInitParameters `json:"ticket,omitempty" tf:"ticket,omitempty"` +} + +type PimEligibleRoleAssignmentObservation struct { + + // The ID of the Pim Eligible Role Assignment. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + // The justification of the eligible role assignment. + Justification *string `json:"justification,omitempty" tf:"justification,omitempty"` + + // The principal id. Changing this forces a new Pim Eligible Role Assignment to be created. + // The principal id. + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // The type of principal. + // The type of principal. + PrincipalType *string `json:"principalType,omitempty" tf:"principal_type,omitempty"` + + // The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created. + // The role definition id. + RoleDefinitionID *string `json:"roleDefinitionId,omitempty" tf:"role_definition_id,omitempty"` + + // A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + // The schedule details of this eligible role assignment. + Schedule *PimEligibleRoleAssignmentScheduleObservation `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The scope. Changing this forces a new Pim Eligible Role Assignment to be created. + // The scope. + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + // Ticket details relating to the assignment. + Ticket *PimEligibleRoleAssignmentTicketObservation `json:"ticket,omitempty" tf:"ticket,omitempty"` +} + +type PimEligibleRoleAssignmentParameters struct { + + // The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + // The justification of the eligible role assignment. + // +kubebuilder:validation:Optional + Justification *string `json:"justification,omitempty" tf:"justification,omitempty"` + + // The principal id. Changing this forces a new Pim Eligible Role Assignment to be created. + // The principal id. + // +kubebuilder:validation:Optional + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created. + // The role definition id. + // +kubebuilder:validation:Optional + RoleDefinitionID *string `json:"roleDefinitionId,omitempty" tf:"role_definition_id,omitempty"` + + // A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + // The schedule details of this eligible role assignment. + // +kubebuilder:validation:Optional + Schedule *PimEligibleRoleAssignmentScheduleParameters `json:"schedule,omitempty" tf:"schedule,omitempty"` + + // The scope. Changing this forces a new Pim Eligible Role Assignment to be created. + // The scope. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/management/v1beta1.ManagementGroup + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Reference to a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeRef *v1.Reference `json:"scopeRef,omitempty" tf:"-"` + + // Selector for a ManagementGroup in management to populate scope. + // +kubebuilder:validation:Optional + ScopeSelector *v1.Selector `json:"scopeSelector,omitempty" tf:"-"` + + // A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + // Ticket details relating to the assignment. + // +kubebuilder:validation:Optional + Ticket *PimEligibleRoleAssignmentTicketParameters `json:"ticket,omitempty" tf:"ticket,omitempty"` +} + +type PimEligibleRoleAssignmentScheduleInitParameters struct { + + // A expiration block as defined above. + Expiration *ScheduleExpirationInitParameters `json:"expiration,omitempty" tf:"expiration,omitempty"` + + // The start date time of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + // The start date time. + StartDateTime *string `json:"startDateTime,omitempty" tf:"start_date_time,omitempty"` +} + +type PimEligibleRoleAssignmentScheduleObservation struct { + + // A expiration block as defined above. + Expiration *ScheduleExpirationObservation `json:"expiration,omitempty" tf:"expiration,omitempty"` + + // The start date time of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + // The start date time. + StartDateTime *string `json:"startDateTime,omitempty" tf:"start_date_time,omitempty"` +} + +type PimEligibleRoleAssignmentScheduleParameters struct { + + // A expiration block as defined above. + // +kubebuilder:validation:Optional + Expiration *ScheduleExpirationParameters `json:"expiration,omitempty" tf:"expiration,omitempty"` + + // The start date time of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + // The start date time. + // +kubebuilder:validation:Optional + StartDateTime *string `json:"startDateTime,omitempty" tf:"start_date_time,omitempty"` +} + +type PimEligibleRoleAssignmentTicketInitParameters struct { + + // The ticket number. + // The ticket number. + Number *string `json:"number,omitempty" tf:"number,omitempty"` + + // The ticket system. + // The ticket system. + System *string `json:"system,omitempty" tf:"system,omitempty"` +} + +type PimEligibleRoleAssignmentTicketObservation struct { + + // The ticket number. + // The ticket number. + Number *string `json:"number,omitempty" tf:"number,omitempty"` + + // The ticket system. + // The ticket system. + System *string `json:"system,omitempty" tf:"system,omitempty"` +} + +type PimEligibleRoleAssignmentTicketParameters struct { + + // The ticket number. + // The ticket number. + // +kubebuilder:validation:Optional + Number *string `json:"number,omitempty" tf:"number,omitempty"` + + // The ticket system. + // The ticket system. + // +kubebuilder:validation:Optional + System *string `json:"system,omitempty" tf:"system,omitempty"` +} + +type ScheduleExpirationInitParameters struct { + + // The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + // The duration of the assignment in days. + DurationDays *float64 `json:"durationDays,omitempty" tf:"duration_days,omitempty"` + + // The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + // The duration of the assignment in hours. + DurationHours *float64 `json:"durationHours,omitempty" tf:"duration_hours,omitempty"` + + // The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Eligible Role Assignment to be created. + // The end date time of the assignment. + EndDateTime *string `json:"endDateTime,omitempty" tf:"end_date_time,omitempty"` +} + +type ScheduleExpirationObservation struct { + + // The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + // The duration of the assignment in days. + DurationDays *float64 `json:"durationDays,omitempty" tf:"duration_days,omitempty"` + + // The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + // The duration of the assignment in hours. + DurationHours *float64 `json:"durationHours,omitempty" tf:"duration_hours,omitempty"` + + // The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Eligible Role Assignment to be created. + // The end date time of the assignment. + EndDateTime *string `json:"endDateTime,omitempty" tf:"end_date_time,omitempty"` +} + +type ScheduleExpirationParameters struct { + + // The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + // The duration of the assignment in days. + // +kubebuilder:validation:Optional + DurationDays *float64 `json:"durationDays,omitempty" tf:"duration_days,omitempty"` + + // The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + // The duration of the assignment in hours. + // +kubebuilder:validation:Optional + DurationHours *float64 `json:"durationHours,omitempty" tf:"duration_hours,omitempty"` + + // The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Eligible Role Assignment to be created. + // The end date time of the assignment. + // +kubebuilder:validation:Optional + EndDateTime *string `json:"endDateTime,omitempty" tf:"end_date_time,omitempty"` +} + +// PimEligibleRoleAssignmentSpec defines the desired state of PimEligibleRoleAssignment +type PimEligibleRoleAssignmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider PimEligibleRoleAssignmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider PimEligibleRoleAssignmentInitParameters `json:"initProvider,omitempty"` +} + +// PimEligibleRoleAssignmentStatus defines the observed state of PimEligibleRoleAssignment. +type PimEligibleRoleAssignmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider PimEligibleRoleAssignmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// PimEligibleRoleAssignment is the Schema for the PimEligibleRoleAssignments API. Manages a Pim Eligible Role Assignment. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azure} +type PimEligibleRoleAssignment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.principalId) || (has(self.initProvider) && has(self.initProvider.principalId))",message="spec.forProvider.principalId is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roleDefinitionId) || (has(self.initProvider) && has(self.initProvider.roleDefinitionId))",message="spec.forProvider.roleDefinitionId is a required parameter" + Spec PimEligibleRoleAssignmentSpec `json:"spec"` + Status PimEligibleRoleAssignmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// PimEligibleRoleAssignmentList contains a list of PimEligibleRoleAssignments +type PimEligibleRoleAssignmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PimEligibleRoleAssignment `json:"items"` +} + +// Repository type metadata. +var ( + PimEligibleRoleAssignment_Kind = "PimEligibleRoleAssignment" + PimEligibleRoleAssignment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: PimEligibleRoleAssignment_Kind}.String() + PimEligibleRoleAssignment_KindAPIVersion = PimEligibleRoleAssignment_Kind + "." + CRDGroupVersion.String() + PimEligibleRoleAssignment_GroupVersionKind = CRDGroupVersion.WithKind(PimEligibleRoleAssignment_Kind) +) + +func init() { + SchemeBuilder.Register(&PimEligibleRoleAssignment{}, &PimEligibleRoleAssignmentList{}) +} diff --git a/config/authorization/config.go b/config/authorization/config.go index e162612d1..f3ce19089 100644 --- a/config/authorization/config.go +++ b/config/authorization/config.go @@ -20,4 +20,20 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azurerm_resource_group_policy_assignment", func(r *config.Resource) { r.ExternalName.IdentifierFields = common.RemoveIndex(r.ExternalName.IdentifierFields, "resource_group_id") }) + p.AddResourceConfigurator("azurerm_pim_active_role_assignment", func(r *config.Resource) { + r.PreviousVersions = nil + r.Version = "v1beta1" + r.Conversions = nil + r.TerraformConversions = []config.TerraformConversion{ + config.NewTFSingletonConversion(), + } + }) + p.AddResourceConfigurator("azurerm_pim_eligible_role_assignment", func(r *config.Resource) { + r.PreviousVersions = nil + r.Version = "v1beta1" + r.Conversions = nil + r.TerraformConversions = []config.TerraformConversion{ + config.NewTFSingletonConversion(), + } + }) } diff --git a/config/externalname.go b/config/externalname.go index 82261e9e1..609b36c1a 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -133,6 +133,10 @@ var TerraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // authorization "azurerm_resource_group_policy_assignment": config.TemplatedStringAsIdentifier("name", "{{ .parameters.resource_group_id }}/providers/Microsoft.Authorization/policyAssignments/{{ .external_name }}"), "azurerm_role_assignment": config.IdentifierFromProvider, + // Pim Eligible Role Assignments can be imported using the resource id + "azurerm_pim_eligible_role_assignment": config.IdentifierFromProvider, + // Pim Active Role Assignments can be imported using the resource id + "azurerm_pim_active_role_assignment": config.IdentifierFromProvider, // /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Authorization/locks/lock1 "azurerm_management_lock": config.IdentifierFromProvider, // {resource}/providers/Microsoft.Authorization/policyAssignments/assignment1 diff --git a/config/generated.lst b/config/generated.lst index 07b8b82d5..12b85c17b 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["azurerm_advanced_threat_protection","azurerm_analysis_services_server","azurerm_api_management","azurerm_api_management_api","azurerm_api_management_api_diagnostic","azurerm_api_management_api_operation","azurerm_api_management_api_operation_policy","azurerm_api_management_api_operation_tag","azurerm_api_management_api_policy","azurerm_api_management_api_release","azurerm_api_management_api_schema","azurerm_api_management_api_tag","azurerm_api_management_api_version_set","azurerm_api_management_authorization_server","azurerm_api_management_backend","azurerm_api_management_certificate","azurerm_api_management_custom_domain","azurerm_api_management_diagnostic","azurerm_api_management_email_template","azurerm_api_management_gateway","azurerm_api_management_gateway_api","azurerm_api_management_global_schema","azurerm_api_management_identity_provider_aad","azurerm_api_management_identity_provider_facebook","azurerm_api_management_identity_provider_google","azurerm_api_management_identity_provider_microsoft","azurerm_api_management_identity_provider_twitter","azurerm_api_management_logger","azurerm_api_management_named_value","azurerm_api_management_notification_recipient_email","azurerm_api_management_notification_recipient_user","azurerm_api_management_openid_connect_provider","azurerm_api_management_policy","azurerm_api_management_product","azurerm_api_management_product_api","azurerm_api_management_product_policy","azurerm_api_management_product_tag","azurerm_api_management_redis_cache","azurerm_api_management_subscription","azurerm_api_management_tag","azurerm_api_management_user","azurerm_app_configuration","azurerm_app_service_certificate_order","azurerm_app_service_plan","azurerm_application_gateway","azurerm_application_insights","azurerm_application_insights_analytics_item","azurerm_application_insights_api_key","azurerm_application_insights_smart_detection_rule","azurerm_application_insights_standard_web_test","azurerm_application_insights_web_test","azurerm_application_insights_workbook","azurerm_application_insights_workbook_template","azurerm_application_security_group","azurerm_attestation_provider","azurerm_automation_account","azurerm_automation_connection","azurerm_automation_connection_classic_certificate","azurerm_automation_connection_type","azurerm_automation_credential","azurerm_automation_hybrid_runbook_worker_group","azurerm_automation_module","azurerm_automation_runbook","azurerm_automation_schedule","azurerm_automation_variable_bool","azurerm_automation_variable_datetime","azurerm_automation_variable_int","azurerm_automation_variable_string","azurerm_automation_webhook","azurerm_availability_set","azurerm_backup_container_storage_account","azurerm_backup_policy_file_share","azurerm_backup_policy_vm","azurerm_backup_policy_vm_workload","azurerm_backup_protected_file_share","azurerm_backup_protected_vm","azurerm_bot_channel_alexa","azurerm_bot_channel_directline","azurerm_bot_channel_line","azurerm_bot_channel_ms_teams","azurerm_bot_channel_slack","azurerm_bot_channel_sms","azurerm_bot_channel_web_chat","azurerm_bot_channels_registration","azurerm_bot_connection","azurerm_bot_web_app","azurerm_capacity_reservation","azurerm_capacity_reservation_group","azurerm_cdn_endpoint","azurerm_cdn_frontdoor_custom_domain","azurerm_cdn_frontdoor_custom_domain_association","azurerm_cdn_frontdoor_endpoint","azurerm_cdn_frontdoor_firewall_policy","azurerm_cdn_frontdoor_origin","azurerm_cdn_frontdoor_origin_group","azurerm_cdn_frontdoor_profile","azurerm_cdn_frontdoor_route","azurerm_cdn_frontdoor_rule","azurerm_cdn_frontdoor_rule_set","azurerm_cdn_frontdoor_security_policy","azurerm_cdn_profile","azurerm_cognitive_account","azurerm_cognitive_deployment","azurerm_communication_service","azurerm_confidential_ledger","azurerm_consumption_budget_management_group","azurerm_consumption_budget_resource_group","azurerm_consumption_budget_subscription","azurerm_container_app","azurerm_container_app_environment","azurerm_container_connected_registry","azurerm_container_registry","azurerm_container_registry_agent_pool","azurerm_container_registry_scope_map","azurerm_container_registry_token","azurerm_container_registry_token_password","azurerm_container_registry_webhook","azurerm_cosmosdb_account","azurerm_cosmosdb_cassandra_cluster","azurerm_cosmosdb_cassandra_datacenter","azurerm_cosmosdb_cassandra_keyspace","azurerm_cosmosdb_cassandra_table","azurerm_cosmosdb_gremlin_database","azurerm_cosmosdb_gremlin_graph","azurerm_cosmosdb_mongo_collection","azurerm_cosmosdb_mongo_database","azurerm_cosmosdb_sql_container","azurerm_cosmosdb_sql_database","azurerm_cosmosdb_sql_dedicated_gateway","azurerm_cosmosdb_sql_function","azurerm_cosmosdb_sql_role_assignment","azurerm_cosmosdb_sql_role_definition","azurerm_cosmosdb_sql_stored_procedure","azurerm_cosmosdb_sql_trigger","azurerm_cosmosdb_table","azurerm_cost_anomaly_alert","azurerm_custom_provider","azurerm_data_factory","azurerm_data_factory_custom_dataset","azurerm_data_factory_data_flow","azurerm_data_factory_dataset_azure_blob","azurerm_data_factory_dataset_binary","azurerm_data_factory_dataset_cosmosdb_sqlapi","azurerm_data_factory_dataset_delimited_text","azurerm_data_factory_dataset_http","azurerm_data_factory_dataset_json","azurerm_data_factory_dataset_mysql","azurerm_data_factory_dataset_parquet","azurerm_data_factory_dataset_postgresql","azurerm_data_factory_dataset_snowflake","azurerm_data_factory_dataset_sql_server_table","azurerm_data_factory_integration_runtime_azure","azurerm_data_factory_integration_runtime_azure_ssis","azurerm_data_factory_integration_runtime_managed","azurerm_data_factory_integration_runtime_self_hosted","azurerm_data_factory_linked_custom_service","azurerm_data_factory_linked_service_azure_blob_storage","azurerm_data_factory_linked_service_azure_databricks","azurerm_data_factory_linked_service_azure_file_storage","azurerm_data_factory_linked_service_azure_function","azurerm_data_factory_linked_service_azure_search","azurerm_data_factory_linked_service_azure_sql_database","azurerm_data_factory_linked_service_azure_table_storage","azurerm_data_factory_linked_service_cosmosdb","azurerm_data_factory_linked_service_cosmosdb_mongoapi","azurerm_data_factory_linked_service_data_lake_storage_gen2","azurerm_data_factory_linked_service_key_vault","azurerm_data_factory_linked_service_kusto","azurerm_data_factory_linked_service_mysql","azurerm_data_factory_linked_service_odata","azurerm_data_factory_linked_service_odbc","azurerm_data_factory_linked_service_postgresql","azurerm_data_factory_linked_service_sftp","azurerm_data_factory_linked_service_snowflake","azurerm_data_factory_linked_service_sql_server","azurerm_data_factory_linked_service_synapse","azurerm_data_factory_linked_service_web","azurerm_data_factory_managed_private_endpoint","azurerm_data_factory_pipeline","azurerm_data_factory_trigger_blob_event","azurerm_data_factory_trigger_custom_event","azurerm_data_factory_trigger_schedule","azurerm_data_protection_backup_instance_blob_storage","azurerm_data_protection_backup_instance_disk","azurerm_data_protection_backup_instance_postgresql","azurerm_data_protection_backup_policy_blob_storage","azurerm_data_protection_backup_policy_disk","azurerm_data_protection_backup_policy_postgresql","azurerm_data_protection_backup_vault","azurerm_data_protection_resource_guard","azurerm_data_share","azurerm_data_share_account","azurerm_data_share_dataset_blob_storage","azurerm_data_share_dataset_data_lake_gen2","azurerm_data_share_dataset_kusto_cluster","azurerm_data_share_dataset_kusto_database","azurerm_database_migration_project","azurerm_database_migration_service","azurerm_databox_edge_device","azurerm_databricks_access_connector","azurerm_databricks_workspace","azurerm_databricks_workspace_customer_managed_key","azurerm_databricks_workspace_root_dbfs_customer_managed_key","azurerm_dedicated_host","azurerm_dev_test_global_vm_shutdown_schedule","azurerm_dev_test_lab","azurerm_dev_test_linux_virtual_machine","azurerm_dev_test_policy","azurerm_dev_test_schedule","azurerm_dev_test_virtual_network","azurerm_dev_test_windows_virtual_machine","azurerm_digital_twins_instance","azurerm_disk_access","azurerm_disk_encryption_set","azurerm_disk_pool","azurerm_dns_a_record","azurerm_dns_aaaa_record","azurerm_dns_caa_record","azurerm_dns_cname_record","azurerm_dns_mx_record","azurerm_dns_ns_record","azurerm_dns_ptr_record","azurerm_dns_srv_record","azurerm_dns_txt_record","azurerm_dns_zone","azurerm_elastic_cloud_elasticsearch","azurerm_eventgrid_domain","azurerm_eventgrid_domain_topic","azurerm_eventgrid_event_subscription","azurerm_eventgrid_system_topic","azurerm_eventgrid_topic","azurerm_eventhub","azurerm_eventhub_authorization_rule","azurerm_eventhub_consumer_group","azurerm_eventhub_namespace","azurerm_eventhub_namespace_authorization_rule","azurerm_eventhub_namespace_disaster_recovery_config","azurerm_eventhub_namespace_schema_group","azurerm_express_route_circuit","azurerm_express_route_circuit_authorization","azurerm_express_route_circuit_connection","azurerm_express_route_circuit_peering","azurerm_express_route_connection","azurerm_express_route_gateway","azurerm_express_route_port","azurerm_federated_identity_credential","azurerm_firewall","azurerm_firewall_application_rule_collection","azurerm_firewall_nat_rule_collection","azurerm_firewall_network_rule_collection","azurerm_firewall_policy","azurerm_firewall_policy_rule_collection_group","azurerm_fluid_relay_server","azurerm_frontdoor","azurerm_frontdoor_custom_https_configuration","azurerm_frontdoor_firewall_policy","azurerm_frontdoor_rules_engine","azurerm_function_app","azurerm_function_app_active_slot","azurerm_function_app_function","azurerm_function_app_hybrid_connection","azurerm_function_app_slot","azurerm_gallery_application","azurerm_gallery_application_version","azurerm_hdinsight_hadoop_cluster","azurerm_hdinsight_hbase_cluster","azurerm_hdinsight_interactive_query_cluster","azurerm_hdinsight_kafka_cluster","azurerm_hdinsight_spark_cluster","azurerm_healthbot","azurerm_healthcare_dicom_service","azurerm_healthcare_fhir_service","azurerm_healthcare_medtech_service","azurerm_healthcare_medtech_service_fhir_destination","azurerm_healthcare_service","azurerm_healthcare_workspace","azurerm_hpc_cache","azurerm_hpc_cache_access_policy","azurerm_hpc_cache_blob_nfs_target","azurerm_hpc_cache_blob_target","azurerm_hpc_cache_nfs_target","azurerm_image","azurerm_integration_service_environment","azurerm_iot_security_device_group","azurerm_iot_security_solution","azurerm_iot_time_series_insights_event_source_eventhub","azurerm_iot_time_series_insights_event_source_iothub","azurerm_iot_time_series_insights_gen2_environment","azurerm_iot_time_series_insights_reference_data_set","azurerm_iot_time_series_insights_standard_environment","azurerm_iotcentral_application","azurerm_iotcentral_application_network_rule_set","azurerm_iothub","azurerm_iothub_certificate","azurerm_iothub_consumer_group","azurerm_iothub_device_update_account","azurerm_iothub_device_update_instance","azurerm_iothub_dps","azurerm_iothub_dps_certificate","azurerm_iothub_dps_shared_access_policy","azurerm_iothub_endpoint_eventhub","azurerm_iothub_endpoint_servicebus_queue","azurerm_iothub_endpoint_servicebus_topic","azurerm_iothub_endpoint_storage_container","azurerm_iothub_enrichment","azurerm_iothub_fallback_route","azurerm_iothub_route","azurerm_iothub_shared_access_policy","azurerm_ip_group","azurerm_key_vault","azurerm_key_vault_access_policy","azurerm_key_vault_certificate","azurerm_key_vault_certificate_contacts","azurerm_key_vault_certificate_issuer","azurerm_key_vault_key","azurerm_key_vault_managed_hardware_security_module","azurerm_key_vault_managed_storage_account","azurerm_key_vault_managed_storage_account_sas_token_definition","azurerm_key_vault_secret","azurerm_kubernetes_cluster","azurerm_kubernetes_cluster_node_pool","azurerm_kubernetes_fleet_manager","azurerm_kusto_attached_database_configuration","azurerm_kusto_cluster","azurerm_kusto_cluster_managed_private_endpoint","azurerm_kusto_cluster_principal_assignment","azurerm_kusto_database","azurerm_kusto_database_principal_assignment","azurerm_kusto_eventgrid_data_connection","azurerm_kusto_eventhub_data_connection","azurerm_kusto_iothub_data_connection","azurerm_lab_service_lab","azurerm_lab_service_plan","azurerm_lb","azurerm_lb_backend_address_pool","azurerm_lb_backend_address_pool_address","azurerm_lb_nat_pool","azurerm_lb_nat_rule","azurerm_lb_outbound_rule","azurerm_lb_probe","azurerm_lb_rule","azurerm_linux_function_app","azurerm_linux_function_app_slot","azurerm_linux_virtual_machine","azurerm_linux_virtual_machine_scale_set","azurerm_linux_web_app","azurerm_linux_web_app_slot","azurerm_load_test","azurerm_local_network_gateway","azurerm_log_analytics_data_export_rule","azurerm_log_analytics_datasource_windows_event","azurerm_log_analytics_datasource_windows_performance_counter","azurerm_log_analytics_linked_service","azurerm_log_analytics_linked_storage_account","azurerm_log_analytics_query_pack","azurerm_log_analytics_query_pack_query","azurerm_log_analytics_saved_search","azurerm_log_analytics_solution","azurerm_log_analytics_workspace","azurerm_logic_app_action_custom","azurerm_logic_app_action_http","azurerm_logic_app_integration_account","azurerm_logic_app_integration_account_batch_configuration","azurerm_logic_app_integration_account_partner","azurerm_logic_app_integration_account_schema","azurerm_logic_app_integration_account_session","azurerm_logic_app_trigger_custom","azurerm_logic_app_trigger_http_request","azurerm_logic_app_trigger_recurrence","azurerm_logic_app_workflow","azurerm_logz_monitor","azurerm_logz_sub_account","azurerm_logz_sub_account_tag_rule","azurerm_logz_tag_rule","azurerm_machine_learning_compute_cluster","azurerm_machine_learning_compute_instance","azurerm_machine_learning_synapse_spark","azurerm_machine_learning_workspace","azurerm_maintenance_assignment_dedicated_host","azurerm_maintenance_assignment_virtual_machine","azurerm_maintenance_configuration","azurerm_managed_application_definition","azurerm_managed_disk","azurerm_managed_disk_sas_token","azurerm_management_group","azurerm_management_group_subscription_association","azurerm_management_lock","azurerm_maps_account","azurerm_maps_creator","azurerm_mariadb_configuration","azurerm_mariadb_database","azurerm_mariadb_firewall_rule","azurerm_mariadb_server","azurerm_mariadb_virtual_network_rule","azurerm_marketplace_agreement","azurerm_media_asset","azurerm_media_asset_filter","azurerm_media_content_key_policy","azurerm_media_job","azurerm_media_live_event","azurerm_media_live_event_output","azurerm_media_services_account","azurerm_media_services_account_filter","azurerm_media_streaming_endpoint","azurerm_media_streaming_locator","azurerm_media_streaming_policy","azurerm_media_transform","azurerm_monitor_action_group","azurerm_monitor_action_rule_action_group","azurerm_monitor_action_rule_suppression","azurerm_monitor_activity_log_alert","azurerm_monitor_alert_processing_rule_action_group","azurerm_monitor_alert_processing_rule_suppression","azurerm_monitor_autoscale_setting","azurerm_monitor_data_collection_endpoint","azurerm_monitor_data_collection_rule","azurerm_monitor_data_collection_rule_association","azurerm_monitor_diagnostic_setting","azurerm_monitor_metric_alert","azurerm_monitor_private_link_scope","azurerm_monitor_private_link_scoped_service","azurerm_monitor_scheduled_query_rules_alert","azurerm_monitor_scheduled_query_rules_alert_v2","azurerm_monitor_scheduled_query_rules_log","azurerm_monitor_smart_detector_alert_rule","azurerm_mssql_database","azurerm_mssql_database_extended_auditing_policy","azurerm_mssql_database_vulnerability_assessment_rule_baseline","azurerm_mssql_elasticpool","azurerm_mssql_failover_group","azurerm_mssql_firewall_rule","azurerm_mssql_job_agent","azurerm_mssql_job_credential","azurerm_mssql_managed_database","azurerm_mssql_managed_instance","azurerm_mssql_managed_instance_active_directory_administrator","azurerm_mssql_managed_instance_failover_group","azurerm_mssql_managed_instance_vulnerability_assessment","azurerm_mssql_outbound_firewall_rule","azurerm_mssql_server","azurerm_mssql_server_dns_alias","azurerm_mssql_server_microsoft_support_auditing_policy","azurerm_mssql_server_security_alert_policy","azurerm_mssql_server_transparent_data_encryption","azurerm_mssql_server_vulnerability_assessment","azurerm_mssql_virtual_network_rule","azurerm_mysql_active_directory_administrator","azurerm_mysql_configuration","azurerm_mysql_database","azurerm_mysql_firewall_rule","azurerm_mysql_flexible_database","azurerm_mysql_flexible_server","azurerm_mysql_flexible_server_configuration","azurerm_mysql_flexible_server_firewall_rule","azurerm_mysql_server","azurerm_mysql_virtual_network_rule","azurerm_nat_gateway","azurerm_nat_gateway_public_ip_association","azurerm_nat_gateway_public_ip_prefix_association","azurerm_netapp_account","azurerm_netapp_pool","azurerm_netapp_snapshot","azurerm_netapp_snapshot_policy","azurerm_netapp_volume","azurerm_network_connection_monitor","azurerm_network_ddos_protection_plan","azurerm_network_interface","azurerm_network_interface_application_security_group_association","azurerm_network_interface_backend_address_pool_association","azurerm_network_interface_nat_rule_association","azurerm_network_interface_security_group_association","azurerm_network_manager","azurerm_network_manager_management_group_connection","azurerm_network_manager_network_group","azurerm_network_manager_static_member","azurerm_network_manager_subscription_connection","azurerm_network_packet_capture","azurerm_network_profile","azurerm_network_security_group","azurerm_network_security_rule","azurerm_network_watcher","azurerm_network_watcher_flow_log","azurerm_notification_hub","azurerm_notification_hub_authorization_rule","azurerm_notification_hub_namespace","azurerm_orbital_contact_profile","azurerm_orbital_spacecraft","azurerm_orchestrated_virtual_machine_scale_set","azurerm_point_to_site_vpn_gateway","azurerm_policy_definition","azurerm_policy_virtual_machine_configuration_assignment","azurerm_portal_dashboard","azurerm_postgresql_active_directory_administrator","azurerm_postgresql_configuration","azurerm_postgresql_database","azurerm_postgresql_firewall_rule","azurerm_postgresql_flexible_server","azurerm_postgresql_flexible_server_active_directory_administrator","azurerm_postgresql_flexible_server_configuration","azurerm_postgresql_flexible_server_database","azurerm_postgresql_flexible_server_firewall_rule","azurerm_postgresql_server","azurerm_postgresql_server_key","azurerm_postgresql_virtual_network_rule","azurerm_powerbi_embedded","azurerm_private_dns_a_record","azurerm_private_dns_aaaa_record","azurerm_private_dns_cname_record","azurerm_private_dns_mx_record","azurerm_private_dns_ptr_record","azurerm_private_dns_resolver","azurerm_private_dns_srv_record","azurerm_private_dns_txt_record","azurerm_private_dns_zone","azurerm_private_dns_zone_virtual_network_link","azurerm_private_endpoint","azurerm_private_endpoint_application_security_group_association","azurerm_private_link_service","azurerm_proximity_placement_group","azurerm_public_ip","azurerm_public_ip_prefix","azurerm_purview_account","azurerm_recovery_services_vault","azurerm_redis_cache","azurerm_redis_enterprise_cluster","azurerm_redis_enterprise_database","azurerm_redis_firewall_rule","azurerm_redis_linked_server","azurerm_relay_hybrid_connection","azurerm_relay_hybrid_connection_authorization_rule","azurerm_relay_namespace","azurerm_relay_namespace_authorization_rule","azurerm_resource_deployment_script_azure_cli","azurerm_resource_deployment_script_azure_power_shell","azurerm_resource_group","azurerm_resource_group_cost_management_export","azurerm_resource_group_policy_assignment","azurerm_resource_group_template_deployment","azurerm_resource_policy_assignment","azurerm_resource_policy_exemption","azurerm_resource_policy_remediation","azurerm_resource_provider_registration","azurerm_role_assignment","azurerm_role_definition","azurerm_route","azurerm_route_filter","azurerm_route_map","azurerm_route_server","azurerm_route_server_bgp_connection","azurerm_route_table","azurerm_search_service","azurerm_search_shared_private_link_service","azurerm_security_center_assessment","azurerm_security_center_assessment_policy","azurerm_security_center_auto_provisioning","azurerm_security_center_contact","azurerm_security_center_server_vulnerability_assessment","azurerm_security_center_server_vulnerability_assessment_virtual_machine","azurerm_security_center_setting","azurerm_security_center_subscription_pricing","azurerm_security_center_workspace","azurerm_sentinel_alert_rule_fusion","azurerm_sentinel_alert_rule_machine_learning_behavior_analytics","azurerm_sentinel_alert_rule_ms_security_incident","azurerm_sentinel_automation_rule","azurerm_sentinel_data_connector_iot","azurerm_sentinel_log_analytics_workspace_onboarding","azurerm_sentinel_watchlist","azurerm_service_fabric_cluster","azurerm_service_fabric_managed_cluster","azurerm_service_plan","azurerm_servicebus_namespace","azurerm_servicebus_namespace_authorization_rule","azurerm_servicebus_namespace_disaster_recovery_config","azurerm_servicebus_namespace_network_rule_set","azurerm_servicebus_queue","azurerm_servicebus_queue_authorization_rule","azurerm_servicebus_subscription","azurerm_servicebus_subscription_rule","azurerm_servicebus_topic","azurerm_servicebus_topic_authorization_rule","azurerm_shared_image","azurerm_shared_image_gallery","azurerm_signalr_service","azurerm_signalr_service_network_acl","azurerm_signalr_shared_private_link_resource","azurerm_site_recovery_fabric","azurerm_site_recovery_network_mapping","azurerm_site_recovery_protection_container","azurerm_site_recovery_protection_container_mapping","azurerm_site_recovery_replication_policy","azurerm_snapshot","azurerm_source_control_token","azurerm_spatial_anchors_account","azurerm_spring_cloud_accelerator","azurerm_spring_cloud_active_deployment","azurerm_spring_cloud_api_portal","azurerm_spring_cloud_api_portal_custom_domain","azurerm_spring_cloud_app","azurerm_spring_cloud_app_cosmosdb_association","azurerm_spring_cloud_app_mysql_association","azurerm_spring_cloud_app_redis_association","azurerm_spring_cloud_application_live_view","azurerm_spring_cloud_build_deployment","azurerm_spring_cloud_build_pack_binding","azurerm_spring_cloud_builder","azurerm_spring_cloud_certificate","azurerm_spring_cloud_configuration_service","azurerm_spring_cloud_connection","azurerm_spring_cloud_container_deployment","azurerm_spring_cloud_custom_domain","azurerm_spring_cloud_customized_accelerator","azurerm_spring_cloud_dev_tool_portal","azurerm_spring_cloud_gateway","azurerm_spring_cloud_gateway_custom_domain","azurerm_spring_cloud_java_deployment","azurerm_spring_cloud_service","azurerm_spring_cloud_storage","azurerm_ssh_public_key","azurerm_stack_hci_cluster","azurerm_static_site","azurerm_storage_account","azurerm_storage_account_local_user","azurerm_storage_account_network_rules","azurerm_storage_blob","azurerm_storage_blob_inventory_policy","azurerm_storage_container","azurerm_storage_data_lake_gen2_filesystem","azurerm_storage_data_lake_gen2_path","azurerm_storage_encryption_scope","azurerm_storage_management_policy","azurerm_storage_object_replication","azurerm_storage_queue","azurerm_storage_share","azurerm_storage_share_directory","azurerm_storage_sync","azurerm_storage_table","azurerm_storage_table_entity","azurerm_stream_analytics_cluster","azurerm_stream_analytics_function_javascript_uda","azurerm_stream_analytics_job","azurerm_stream_analytics_managed_private_endpoint","azurerm_stream_analytics_output_blob","azurerm_stream_analytics_output_eventhub","azurerm_stream_analytics_output_function","azurerm_stream_analytics_output_mssql","azurerm_stream_analytics_output_powerbi","azurerm_stream_analytics_output_servicebus_queue","azurerm_stream_analytics_output_servicebus_topic","azurerm_stream_analytics_output_synapse","azurerm_stream_analytics_output_table","azurerm_stream_analytics_reference_input_blob","azurerm_stream_analytics_reference_input_mssql","azurerm_stream_analytics_stream_input_blob","azurerm_stream_analytics_stream_input_eventhub","azurerm_stream_analytics_stream_input_iothub","azurerm_subnet","azurerm_subnet_nat_gateway_association","azurerm_subnet_network_security_group_association","azurerm_subnet_route_table_association","azurerm_subnet_service_endpoint_storage_policy","azurerm_subscription","azurerm_subscription_cost_management_export","azurerm_subscription_policy_assignment","azurerm_subscription_policy_exemption","azurerm_subscription_policy_remediation","azurerm_subscription_template_deployment","azurerm_synapse_firewall_rule","azurerm_synapse_integration_runtime_azure","azurerm_synapse_integration_runtime_self_hosted","azurerm_synapse_linked_service","azurerm_synapse_managed_private_endpoint","azurerm_synapse_private_link_hub","azurerm_synapse_role_assignment","azurerm_synapse_spark_pool","azurerm_synapse_sql_pool","azurerm_synapse_sql_pool_extended_auditing_policy","azurerm_synapse_sql_pool_security_alert_policy","azurerm_synapse_sql_pool_workload_classifier","azurerm_synapse_sql_pool_workload_group","azurerm_synapse_workspace","azurerm_synapse_workspace_aad_admin","azurerm_synapse_workspace_extended_auditing_policy","azurerm_synapse_workspace_security_alert_policy","azurerm_synapse_workspace_sql_aad_admin","azurerm_synapse_workspace_vulnerability_assessment","azurerm_traffic_manager_azure_endpoint","azurerm_traffic_manager_external_endpoint","azurerm_traffic_manager_nested_endpoint","azurerm_traffic_manager_profile","azurerm_user_assigned_identity","azurerm_virtual_hub","azurerm_virtual_hub_connection","azurerm_virtual_hub_ip","azurerm_virtual_hub_route_table","azurerm_virtual_hub_route_table_route","azurerm_virtual_hub_security_partner_provider","azurerm_virtual_machine_data_disk_attachment","azurerm_virtual_machine_extension","azurerm_virtual_machine_run_command","azurerm_virtual_network","azurerm_virtual_network_gateway","azurerm_virtual_network_gateway_connection","azurerm_virtual_network_peering","azurerm_virtual_wan","azurerm_vpn_gateway","azurerm_vpn_gateway_connection","azurerm_vpn_server_configuration","azurerm_vpn_server_configuration_policy_group","azurerm_vpn_site","azurerm_web_app_active_slot","azurerm_web_app_hybrid_connection","azurerm_web_application_firewall_policy","azurerm_web_pubsub","azurerm_web_pubsub_hub","azurerm_web_pubsub_network_acl","azurerm_windows_function_app","azurerm_windows_function_app_slot","azurerm_windows_virtual_machine","azurerm_windows_virtual_machine_scale_set","azurerm_windows_web_app","azurerm_windows_web_app_slot"] \ No newline at end of file +["azurerm_advanced_threat_protection","azurerm_analysis_services_server","azurerm_api_management","azurerm_api_management_api","azurerm_api_management_api_diagnostic","azurerm_api_management_api_operation","azurerm_api_management_api_operation_policy","azurerm_api_management_api_operation_tag","azurerm_api_management_api_policy","azurerm_api_management_api_release","azurerm_api_management_api_schema","azurerm_api_management_api_tag","azurerm_api_management_api_version_set","azurerm_api_management_authorization_server","azurerm_api_management_backend","azurerm_api_management_certificate","azurerm_api_management_custom_domain","azurerm_api_management_diagnostic","azurerm_api_management_email_template","azurerm_api_management_gateway","azurerm_api_management_gateway_api","azurerm_api_management_global_schema","azurerm_api_management_identity_provider_aad","azurerm_api_management_identity_provider_facebook","azurerm_api_management_identity_provider_google","azurerm_api_management_identity_provider_microsoft","azurerm_api_management_identity_provider_twitter","azurerm_api_management_logger","azurerm_api_management_named_value","azurerm_api_management_notification_recipient_email","azurerm_api_management_notification_recipient_user","azurerm_api_management_openid_connect_provider","azurerm_api_management_policy","azurerm_api_management_product","azurerm_api_management_product_api","azurerm_api_management_product_policy","azurerm_api_management_product_tag","azurerm_api_management_redis_cache","azurerm_api_management_subscription","azurerm_api_management_tag","azurerm_api_management_user","azurerm_app_configuration","azurerm_app_service_certificate_order","azurerm_app_service_plan","azurerm_application_gateway","azurerm_application_insights","azurerm_application_insights_analytics_item","azurerm_application_insights_api_key","azurerm_application_insights_smart_detection_rule","azurerm_application_insights_standard_web_test","azurerm_application_insights_web_test","azurerm_application_insights_workbook","azurerm_application_insights_workbook_template","azurerm_application_security_group","azurerm_attestation_provider","azurerm_automation_account","azurerm_automation_connection","azurerm_automation_connection_classic_certificate","azurerm_automation_connection_type","azurerm_automation_credential","azurerm_automation_hybrid_runbook_worker_group","azurerm_automation_module","azurerm_automation_runbook","azurerm_automation_schedule","azurerm_automation_variable_bool","azurerm_automation_variable_datetime","azurerm_automation_variable_int","azurerm_automation_variable_string","azurerm_automation_webhook","azurerm_availability_set","azurerm_backup_container_storage_account","azurerm_backup_policy_file_share","azurerm_backup_policy_vm","azurerm_backup_policy_vm_workload","azurerm_backup_protected_file_share","azurerm_backup_protected_vm","azurerm_bot_channel_alexa","azurerm_bot_channel_directline","azurerm_bot_channel_line","azurerm_bot_channel_ms_teams","azurerm_bot_channel_slack","azurerm_bot_channel_sms","azurerm_bot_channel_web_chat","azurerm_bot_channels_registration","azurerm_bot_connection","azurerm_bot_web_app","azurerm_capacity_reservation","azurerm_capacity_reservation_group","azurerm_cdn_endpoint","azurerm_cdn_frontdoor_custom_domain","azurerm_cdn_frontdoor_custom_domain_association","azurerm_cdn_frontdoor_endpoint","azurerm_cdn_frontdoor_firewall_policy","azurerm_cdn_frontdoor_origin","azurerm_cdn_frontdoor_origin_group","azurerm_cdn_frontdoor_profile","azurerm_cdn_frontdoor_route","azurerm_cdn_frontdoor_rule","azurerm_cdn_frontdoor_rule_set","azurerm_cdn_frontdoor_security_policy","azurerm_cdn_profile","azurerm_cognitive_account","azurerm_cognitive_deployment","azurerm_communication_service","azurerm_confidential_ledger","azurerm_consumption_budget_management_group","azurerm_consumption_budget_resource_group","azurerm_consumption_budget_subscription","azurerm_container_app","azurerm_container_app_environment","azurerm_container_connected_registry","azurerm_container_registry","azurerm_container_registry_agent_pool","azurerm_container_registry_scope_map","azurerm_container_registry_token","azurerm_container_registry_token_password","azurerm_container_registry_webhook","azurerm_cosmosdb_account","azurerm_cosmosdb_cassandra_cluster","azurerm_cosmosdb_cassandra_datacenter","azurerm_cosmosdb_cassandra_keyspace","azurerm_cosmosdb_cassandra_table","azurerm_cosmosdb_gremlin_database","azurerm_cosmosdb_gremlin_graph","azurerm_cosmosdb_mongo_collection","azurerm_cosmosdb_mongo_database","azurerm_cosmosdb_sql_container","azurerm_cosmosdb_sql_database","azurerm_cosmosdb_sql_dedicated_gateway","azurerm_cosmosdb_sql_function","azurerm_cosmosdb_sql_role_assignment","azurerm_cosmosdb_sql_role_definition","azurerm_cosmosdb_sql_stored_procedure","azurerm_cosmosdb_sql_trigger","azurerm_cosmosdb_table","azurerm_cost_anomaly_alert","azurerm_custom_provider","azurerm_data_factory","azurerm_data_factory_custom_dataset","azurerm_data_factory_data_flow","azurerm_data_factory_dataset_azure_blob","azurerm_data_factory_dataset_binary","azurerm_data_factory_dataset_cosmosdb_sqlapi","azurerm_data_factory_dataset_delimited_text","azurerm_data_factory_dataset_http","azurerm_data_factory_dataset_json","azurerm_data_factory_dataset_mysql","azurerm_data_factory_dataset_parquet","azurerm_data_factory_dataset_postgresql","azurerm_data_factory_dataset_snowflake","azurerm_data_factory_dataset_sql_server_table","azurerm_data_factory_integration_runtime_azure","azurerm_data_factory_integration_runtime_azure_ssis","azurerm_data_factory_integration_runtime_managed","azurerm_data_factory_integration_runtime_self_hosted","azurerm_data_factory_linked_custom_service","azurerm_data_factory_linked_service_azure_blob_storage","azurerm_data_factory_linked_service_azure_databricks","azurerm_data_factory_linked_service_azure_file_storage","azurerm_data_factory_linked_service_azure_function","azurerm_data_factory_linked_service_azure_search","azurerm_data_factory_linked_service_azure_sql_database","azurerm_data_factory_linked_service_azure_table_storage","azurerm_data_factory_linked_service_cosmosdb","azurerm_data_factory_linked_service_cosmosdb_mongoapi","azurerm_data_factory_linked_service_data_lake_storage_gen2","azurerm_data_factory_linked_service_key_vault","azurerm_data_factory_linked_service_kusto","azurerm_data_factory_linked_service_mysql","azurerm_data_factory_linked_service_odata","azurerm_data_factory_linked_service_odbc","azurerm_data_factory_linked_service_postgresql","azurerm_data_factory_linked_service_sftp","azurerm_data_factory_linked_service_snowflake","azurerm_data_factory_linked_service_sql_server","azurerm_data_factory_linked_service_synapse","azurerm_data_factory_linked_service_web","azurerm_data_factory_managed_private_endpoint","azurerm_data_factory_pipeline","azurerm_data_factory_trigger_blob_event","azurerm_data_factory_trigger_custom_event","azurerm_data_factory_trigger_schedule","azurerm_data_protection_backup_instance_blob_storage","azurerm_data_protection_backup_instance_disk","azurerm_data_protection_backup_instance_postgresql","azurerm_data_protection_backup_policy_blob_storage","azurerm_data_protection_backup_policy_disk","azurerm_data_protection_backup_policy_postgresql","azurerm_data_protection_backup_vault","azurerm_data_protection_resource_guard","azurerm_data_share","azurerm_data_share_account","azurerm_data_share_dataset_blob_storage","azurerm_data_share_dataset_data_lake_gen2","azurerm_data_share_dataset_kusto_cluster","azurerm_data_share_dataset_kusto_database","azurerm_database_migration_project","azurerm_database_migration_service","azurerm_databox_edge_device","azurerm_databricks_access_connector","azurerm_databricks_workspace","azurerm_databricks_workspace_customer_managed_key","azurerm_databricks_workspace_root_dbfs_customer_managed_key","azurerm_dedicated_host","azurerm_dev_test_global_vm_shutdown_schedule","azurerm_dev_test_lab","azurerm_dev_test_linux_virtual_machine","azurerm_dev_test_policy","azurerm_dev_test_schedule","azurerm_dev_test_virtual_network","azurerm_dev_test_windows_virtual_machine","azurerm_digital_twins_instance","azurerm_disk_access","azurerm_disk_encryption_set","azurerm_disk_pool","azurerm_dns_a_record","azurerm_dns_aaaa_record","azurerm_dns_caa_record","azurerm_dns_cname_record","azurerm_dns_mx_record","azurerm_dns_ns_record","azurerm_dns_ptr_record","azurerm_dns_srv_record","azurerm_dns_txt_record","azurerm_dns_zone","azurerm_elastic_cloud_elasticsearch","azurerm_eventgrid_domain","azurerm_eventgrid_domain_topic","azurerm_eventgrid_event_subscription","azurerm_eventgrid_system_topic","azurerm_eventgrid_topic","azurerm_eventhub","azurerm_eventhub_authorization_rule","azurerm_eventhub_consumer_group","azurerm_eventhub_namespace","azurerm_eventhub_namespace_authorization_rule","azurerm_eventhub_namespace_disaster_recovery_config","azurerm_eventhub_namespace_schema_group","azurerm_express_route_circuit","azurerm_express_route_circuit_authorization","azurerm_express_route_circuit_connection","azurerm_express_route_circuit_peering","azurerm_express_route_connection","azurerm_express_route_gateway","azurerm_express_route_port","azurerm_federated_identity_credential","azurerm_firewall","azurerm_firewall_application_rule_collection","azurerm_firewall_nat_rule_collection","azurerm_firewall_network_rule_collection","azurerm_firewall_policy","azurerm_firewall_policy_rule_collection_group","azurerm_fluid_relay_server","azurerm_frontdoor","azurerm_frontdoor_custom_https_configuration","azurerm_frontdoor_firewall_policy","azurerm_frontdoor_rules_engine","azurerm_function_app","azurerm_function_app_active_slot","azurerm_function_app_function","azurerm_function_app_hybrid_connection","azurerm_function_app_slot","azurerm_gallery_application","azurerm_gallery_application_version","azurerm_hdinsight_hadoop_cluster","azurerm_hdinsight_hbase_cluster","azurerm_hdinsight_interactive_query_cluster","azurerm_hdinsight_kafka_cluster","azurerm_hdinsight_spark_cluster","azurerm_healthbot","azurerm_healthcare_dicom_service","azurerm_healthcare_fhir_service","azurerm_healthcare_medtech_service","azurerm_healthcare_medtech_service_fhir_destination","azurerm_healthcare_service","azurerm_healthcare_workspace","azurerm_hpc_cache","azurerm_hpc_cache_access_policy","azurerm_hpc_cache_blob_nfs_target","azurerm_hpc_cache_blob_target","azurerm_hpc_cache_nfs_target","azurerm_image","azurerm_integration_service_environment","azurerm_iot_security_device_group","azurerm_iot_security_solution","azurerm_iot_time_series_insights_event_source_eventhub","azurerm_iot_time_series_insights_event_source_iothub","azurerm_iot_time_series_insights_gen2_environment","azurerm_iot_time_series_insights_reference_data_set","azurerm_iot_time_series_insights_standard_environment","azurerm_iotcentral_application","azurerm_iotcentral_application_network_rule_set","azurerm_iothub","azurerm_iothub_certificate","azurerm_iothub_consumer_group","azurerm_iothub_device_update_account","azurerm_iothub_device_update_instance","azurerm_iothub_dps","azurerm_iothub_dps_certificate","azurerm_iothub_dps_shared_access_policy","azurerm_iothub_endpoint_eventhub","azurerm_iothub_endpoint_servicebus_queue","azurerm_iothub_endpoint_servicebus_topic","azurerm_iothub_endpoint_storage_container","azurerm_iothub_enrichment","azurerm_iothub_fallback_route","azurerm_iothub_route","azurerm_iothub_shared_access_policy","azurerm_ip_group","azurerm_key_vault","azurerm_key_vault_access_policy","azurerm_key_vault_certificate","azurerm_key_vault_certificate_contacts","azurerm_key_vault_certificate_issuer","azurerm_key_vault_key","azurerm_key_vault_managed_hardware_security_module","azurerm_key_vault_managed_storage_account","azurerm_key_vault_managed_storage_account_sas_token_definition","azurerm_key_vault_secret","azurerm_kubernetes_cluster","azurerm_kubernetes_cluster_node_pool","azurerm_kubernetes_fleet_manager","azurerm_kusto_attached_database_configuration","azurerm_kusto_cluster","azurerm_kusto_cluster_managed_private_endpoint","azurerm_kusto_cluster_principal_assignment","azurerm_kusto_database","azurerm_kusto_database_principal_assignment","azurerm_kusto_eventgrid_data_connection","azurerm_kusto_eventhub_data_connection","azurerm_kusto_iothub_data_connection","azurerm_lab_service_lab","azurerm_lab_service_plan","azurerm_lb","azurerm_lb_backend_address_pool","azurerm_lb_backend_address_pool_address","azurerm_lb_nat_pool","azurerm_lb_nat_rule","azurerm_lb_outbound_rule","azurerm_lb_probe","azurerm_lb_rule","azurerm_linux_function_app","azurerm_linux_function_app_slot","azurerm_linux_virtual_machine","azurerm_linux_virtual_machine_scale_set","azurerm_linux_web_app","azurerm_linux_web_app_slot","azurerm_load_test","azurerm_local_network_gateway","azurerm_log_analytics_data_export_rule","azurerm_log_analytics_datasource_windows_event","azurerm_log_analytics_datasource_windows_performance_counter","azurerm_log_analytics_linked_service","azurerm_log_analytics_linked_storage_account","azurerm_log_analytics_query_pack","azurerm_log_analytics_query_pack_query","azurerm_log_analytics_saved_search","azurerm_log_analytics_solution","azurerm_log_analytics_workspace","azurerm_logic_app_action_custom","azurerm_logic_app_action_http","azurerm_logic_app_integration_account","azurerm_logic_app_integration_account_batch_configuration","azurerm_logic_app_integration_account_partner","azurerm_logic_app_integration_account_schema","azurerm_logic_app_integration_account_session","azurerm_logic_app_trigger_custom","azurerm_logic_app_trigger_http_request","azurerm_logic_app_trigger_recurrence","azurerm_logic_app_workflow","azurerm_logz_monitor","azurerm_logz_sub_account","azurerm_logz_sub_account_tag_rule","azurerm_logz_tag_rule","azurerm_machine_learning_compute_cluster","azurerm_machine_learning_compute_instance","azurerm_machine_learning_synapse_spark","azurerm_machine_learning_workspace","azurerm_maintenance_assignment_dedicated_host","azurerm_maintenance_assignment_virtual_machine","azurerm_maintenance_configuration","azurerm_managed_application_definition","azurerm_managed_disk","azurerm_managed_disk_sas_token","azurerm_management_group","azurerm_management_group_subscription_association","azurerm_management_lock","azurerm_maps_account","azurerm_maps_creator","azurerm_mariadb_configuration","azurerm_mariadb_database","azurerm_mariadb_firewall_rule","azurerm_mariadb_server","azurerm_mariadb_virtual_network_rule","azurerm_marketplace_agreement","azurerm_media_asset","azurerm_media_asset_filter","azurerm_media_content_key_policy","azurerm_media_job","azurerm_media_live_event","azurerm_media_live_event_output","azurerm_media_services_account","azurerm_media_services_account_filter","azurerm_media_streaming_endpoint","azurerm_media_streaming_locator","azurerm_media_streaming_policy","azurerm_media_transform","azurerm_monitor_action_group","azurerm_monitor_action_rule_action_group","azurerm_monitor_action_rule_suppression","azurerm_monitor_activity_log_alert","azurerm_monitor_alert_processing_rule_action_group","azurerm_monitor_alert_processing_rule_suppression","azurerm_monitor_autoscale_setting","azurerm_monitor_data_collection_endpoint","azurerm_monitor_data_collection_rule","azurerm_monitor_data_collection_rule_association","azurerm_monitor_diagnostic_setting","azurerm_monitor_metric_alert","azurerm_monitor_private_link_scope","azurerm_monitor_private_link_scoped_service","azurerm_monitor_scheduled_query_rules_alert","azurerm_monitor_scheduled_query_rules_alert_v2","azurerm_monitor_scheduled_query_rules_log","azurerm_monitor_smart_detector_alert_rule","azurerm_mssql_database","azurerm_mssql_database_extended_auditing_policy","azurerm_mssql_database_vulnerability_assessment_rule_baseline","azurerm_mssql_elasticpool","azurerm_mssql_failover_group","azurerm_mssql_firewall_rule","azurerm_mssql_job_agent","azurerm_mssql_job_credential","azurerm_mssql_managed_database","azurerm_mssql_managed_instance","azurerm_mssql_managed_instance_active_directory_administrator","azurerm_mssql_managed_instance_failover_group","azurerm_mssql_managed_instance_vulnerability_assessment","azurerm_mssql_outbound_firewall_rule","azurerm_mssql_server","azurerm_mssql_server_dns_alias","azurerm_mssql_server_microsoft_support_auditing_policy","azurerm_mssql_server_security_alert_policy","azurerm_mssql_server_transparent_data_encryption","azurerm_mssql_server_vulnerability_assessment","azurerm_mssql_virtual_network_rule","azurerm_mysql_active_directory_administrator","azurerm_mysql_configuration","azurerm_mysql_database","azurerm_mysql_firewall_rule","azurerm_mysql_flexible_database","azurerm_mysql_flexible_server","azurerm_mysql_flexible_server_configuration","azurerm_mysql_flexible_server_firewall_rule","azurerm_mysql_server","azurerm_mysql_virtual_network_rule","azurerm_nat_gateway","azurerm_nat_gateway_public_ip_association","azurerm_nat_gateway_public_ip_prefix_association","azurerm_netapp_account","azurerm_netapp_pool","azurerm_netapp_snapshot","azurerm_netapp_snapshot_policy","azurerm_netapp_volume","azurerm_network_connection_monitor","azurerm_network_ddos_protection_plan","azurerm_network_interface","azurerm_network_interface_application_security_group_association","azurerm_network_interface_backend_address_pool_association","azurerm_network_interface_nat_rule_association","azurerm_network_interface_security_group_association","azurerm_network_manager","azurerm_network_manager_management_group_connection","azurerm_network_manager_network_group","azurerm_network_manager_static_member","azurerm_network_manager_subscription_connection","azurerm_network_packet_capture","azurerm_network_profile","azurerm_network_security_group","azurerm_network_security_rule","azurerm_network_watcher","azurerm_network_watcher_flow_log","azurerm_notification_hub","azurerm_notification_hub_authorization_rule","azurerm_notification_hub_namespace","azurerm_orbital_contact_profile","azurerm_orbital_spacecraft","azurerm_orchestrated_virtual_machine_scale_set","azurerm_pim_active_role_assignment","azurerm_pim_eligible_role_assignment","azurerm_point_to_site_vpn_gateway","azurerm_policy_definition","azurerm_policy_virtual_machine_configuration_assignment","azurerm_portal_dashboard","azurerm_postgresql_active_directory_administrator","azurerm_postgresql_configuration","azurerm_postgresql_database","azurerm_postgresql_firewall_rule","azurerm_postgresql_flexible_server","azurerm_postgresql_flexible_server_active_directory_administrator","azurerm_postgresql_flexible_server_configuration","azurerm_postgresql_flexible_server_database","azurerm_postgresql_flexible_server_firewall_rule","azurerm_postgresql_server","azurerm_postgresql_server_key","azurerm_postgresql_virtual_network_rule","azurerm_powerbi_embedded","azurerm_private_dns_a_record","azurerm_private_dns_aaaa_record","azurerm_private_dns_cname_record","azurerm_private_dns_mx_record","azurerm_private_dns_ptr_record","azurerm_private_dns_resolver","azurerm_private_dns_srv_record","azurerm_private_dns_txt_record","azurerm_private_dns_zone","azurerm_private_dns_zone_virtual_network_link","azurerm_private_endpoint","azurerm_private_endpoint_application_security_group_association","azurerm_private_link_service","azurerm_proximity_placement_group","azurerm_public_ip","azurerm_public_ip_prefix","azurerm_purview_account","azurerm_recovery_services_vault","azurerm_redis_cache","azurerm_redis_enterprise_cluster","azurerm_redis_enterprise_database","azurerm_redis_firewall_rule","azurerm_redis_linked_server","azurerm_relay_hybrid_connection","azurerm_relay_hybrid_connection_authorization_rule","azurerm_relay_namespace","azurerm_relay_namespace_authorization_rule","azurerm_resource_deployment_script_azure_cli","azurerm_resource_deployment_script_azure_power_shell","azurerm_resource_group","azurerm_resource_group_cost_management_export","azurerm_resource_group_policy_assignment","azurerm_resource_group_template_deployment","azurerm_resource_policy_assignment","azurerm_resource_policy_exemption","azurerm_resource_policy_remediation","azurerm_resource_provider_registration","azurerm_role_assignment","azurerm_role_definition","azurerm_route","azurerm_route_filter","azurerm_route_map","azurerm_route_server","azurerm_route_server_bgp_connection","azurerm_route_table","azurerm_search_service","azurerm_search_shared_private_link_service","azurerm_security_center_assessment","azurerm_security_center_assessment_policy","azurerm_security_center_auto_provisioning","azurerm_security_center_contact","azurerm_security_center_server_vulnerability_assessment","azurerm_security_center_server_vulnerability_assessment_virtual_machine","azurerm_security_center_setting","azurerm_security_center_subscription_pricing","azurerm_security_center_workspace","azurerm_sentinel_alert_rule_fusion","azurerm_sentinel_alert_rule_machine_learning_behavior_analytics","azurerm_sentinel_alert_rule_ms_security_incident","azurerm_sentinel_automation_rule","azurerm_sentinel_data_connector_iot","azurerm_sentinel_log_analytics_workspace_onboarding","azurerm_sentinel_watchlist","azurerm_service_fabric_cluster","azurerm_service_fabric_managed_cluster","azurerm_service_plan","azurerm_servicebus_namespace","azurerm_servicebus_namespace_authorization_rule","azurerm_servicebus_namespace_disaster_recovery_config","azurerm_servicebus_namespace_network_rule_set","azurerm_servicebus_queue","azurerm_servicebus_queue_authorization_rule","azurerm_servicebus_subscription","azurerm_servicebus_subscription_rule","azurerm_servicebus_topic","azurerm_servicebus_topic_authorization_rule","azurerm_shared_image","azurerm_shared_image_gallery","azurerm_signalr_service","azurerm_signalr_service_network_acl","azurerm_signalr_shared_private_link_resource","azurerm_site_recovery_fabric","azurerm_site_recovery_network_mapping","azurerm_site_recovery_protection_container","azurerm_site_recovery_protection_container_mapping","azurerm_site_recovery_replication_policy","azurerm_snapshot","azurerm_source_control_token","azurerm_spatial_anchors_account","azurerm_spring_cloud_accelerator","azurerm_spring_cloud_active_deployment","azurerm_spring_cloud_api_portal","azurerm_spring_cloud_api_portal_custom_domain","azurerm_spring_cloud_app","azurerm_spring_cloud_app_cosmosdb_association","azurerm_spring_cloud_app_mysql_association","azurerm_spring_cloud_app_redis_association","azurerm_spring_cloud_application_live_view","azurerm_spring_cloud_build_deployment","azurerm_spring_cloud_build_pack_binding","azurerm_spring_cloud_builder","azurerm_spring_cloud_certificate","azurerm_spring_cloud_configuration_service","azurerm_spring_cloud_connection","azurerm_spring_cloud_container_deployment","azurerm_spring_cloud_custom_domain","azurerm_spring_cloud_customized_accelerator","azurerm_spring_cloud_dev_tool_portal","azurerm_spring_cloud_gateway","azurerm_spring_cloud_gateway_custom_domain","azurerm_spring_cloud_java_deployment","azurerm_spring_cloud_service","azurerm_spring_cloud_storage","azurerm_ssh_public_key","azurerm_stack_hci_cluster","azurerm_static_site","azurerm_storage_account","azurerm_storage_account_local_user","azurerm_storage_account_network_rules","azurerm_storage_blob","azurerm_storage_blob_inventory_policy","azurerm_storage_container","azurerm_storage_data_lake_gen2_filesystem","azurerm_storage_data_lake_gen2_path","azurerm_storage_encryption_scope","azurerm_storage_management_policy","azurerm_storage_object_replication","azurerm_storage_queue","azurerm_storage_share","azurerm_storage_share_directory","azurerm_storage_sync","azurerm_storage_table","azurerm_storage_table_entity","azurerm_stream_analytics_cluster","azurerm_stream_analytics_function_javascript_uda","azurerm_stream_analytics_job","azurerm_stream_analytics_managed_private_endpoint","azurerm_stream_analytics_output_blob","azurerm_stream_analytics_output_eventhub","azurerm_stream_analytics_output_function","azurerm_stream_analytics_output_mssql","azurerm_stream_analytics_output_powerbi","azurerm_stream_analytics_output_servicebus_queue","azurerm_stream_analytics_output_servicebus_topic","azurerm_stream_analytics_output_synapse","azurerm_stream_analytics_output_table","azurerm_stream_analytics_reference_input_blob","azurerm_stream_analytics_reference_input_mssql","azurerm_stream_analytics_stream_input_blob","azurerm_stream_analytics_stream_input_eventhub","azurerm_stream_analytics_stream_input_iothub","azurerm_subnet","azurerm_subnet_nat_gateway_association","azurerm_subnet_network_security_group_association","azurerm_subnet_route_table_association","azurerm_subnet_service_endpoint_storage_policy","azurerm_subscription","azurerm_subscription_cost_management_export","azurerm_subscription_policy_assignment","azurerm_subscription_policy_exemption","azurerm_subscription_policy_remediation","azurerm_subscription_template_deployment","azurerm_synapse_firewall_rule","azurerm_synapse_integration_runtime_azure","azurerm_synapse_integration_runtime_self_hosted","azurerm_synapse_linked_service","azurerm_synapse_managed_private_endpoint","azurerm_synapse_private_link_hub","azurerm_synapse_role_assignment","azurerm_synapse_spark_pool","azurerm_synapse_sql_pool","azurerm_synapse_sql_pool_extended_auditing_policy","azurerm_synapse_sql_pool_security_alert_policy","azurerm_synapse_sql_pool_workload_classifier","azurerm_synapse_sql_pool_workload_group","azurerm_synapse_workspace","azurerm_synapse_workspace_aad_admin","azurerm_synapse_workspace_extended_auditing_policy","azurerm_synapse_workspace_security_alert_policy","azurerm_synapse_workspace_sql_aad_admin","azurerm_synapse_workspace_vulnerability_assessment","azurerm_traffic_manager_azure_endpoint","azurerm_traffic_manager_external_endpoint","azurerm_traffic_manager_nested_endpoint","azurerm_traffic_manager_profile","azurerm_user_assigned_identity","azurerm_virtual_hub","azurerm_virtual_hub_connection","azurerm_virtual_hub_ip","azurerm_virtual_hub_route_table","azurerm_virtual_hub_route_table_route","azurerm_virtual_hub_security_partner_provider","azurerm_virtual_machine_data_disk_attachment","azurerm_virtual_machine_extension","azurerm_virtual_machine_run_command","azurerm_virtual_network","azurerm_virtual_network_gateway","azurerm_virtual_network_gateway_connection","azurerm_virtual_network_peering","azurerm_virtual_wan","azurerm_vpn_gateway","azurerm_vpn_gateway_connection","azurerm_vpn_server_configuration","azurerm_vpn_server_configuration_policy_group","azurerm_vpn_site","azurerm_web_app_active_slot","azurerm_web_app_hybrid_connection","azurerm_web_application_firewall_policy","azurerm_web_pubsub","azurerm_web_pubsub_hub","azurerm_web_pubsub_network_acl","azurerm_windows_function_app","azurerm_windows_function_app_slot","azurerm_windows_virtual_machine","azurerm_windows_virtual_machine_scale_set","azurerm_windows_web_app","azurerm_windows_web_app_slot"] \ No newline at end of file diff --git a/examples-generated/authorization/v1beta1/pimactiveroleassignment.yaml b/examples-generated/authorization/v1beta1/pimactiveroleassignment.yaml new file mode 100644 index 000000000..1409d1d11 --- /dev/null +++ b/examples-generated/authorization/v1beta1/pimactiveroleassignment.yaml @@ -0,0 +1,23 @@ +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: PimActiveRoleAssignment +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/pimactiveroleassignment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + justification: Expiration Duration Set + principalId: ${data.azurerm_client_config.example.object_id} + roleDefinitionId: ${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id} + schedule: + - expiration: + - durationHours: 8 + startDateTime: ${time_static.example.rfc3339} + scopeSelector: + matchLabels: + testing.upbound.io/example-name: azurerm_subscription + ticket: + - number: "1" + system: example ticket system diff --git a/examples-generated/authorization/v1beta1/pimeligibleroleassignment.yaml b/examples-generated/authorization/v1beta1/pimeligibleroleassignment.yaml new file mode 100644 index 000000000..2885cf976 --- /dev/null +++ b/examples-generated/authorization/v1beta1/pimeligibleroleassignment.yaml @@ -0,0 +1,23 @@ +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: PimEligibleRoleAssignment +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/pimeligibleroleassignment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + justification: Expiration Duration Set + principalId: ${data.azurerm_client_config.example.object_id} + roleDefinitionId: ${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id} + schedule: + - expiration: + - durationHours: 8 + startDateTime: ${time_static.example.rfc3339} + scopeSelector: + matchLabels: + testing.upbound.io/example-name: azurerm_subscription + ticket: + - number: "1" + system: example ticket system diff --git a/examples/authorization/v1beta1/pimactiveroleassignment.yaml b/examples/authorization/v1beta1/pimactiveroleassignment.yaml new file mode 100644 index 000000000..60e6d8093 --- /dev/null +++ b/examples/authorization/v1beta1/pimactiveroleassignment.yaml @@ -0,0 +1,21 @@ +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: PimActiveRoleAssignment +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/pimactiveroleassignment + upjet.upbound.io/manual-intervention: "This resource needs a valid roleDefinitionId" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + justification: Expiration Duration Set + principalId: ${data.azurerm_client_config.service_principal.object_id} + roleDefinitionId: ${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id} + schedule: + expiration: + durationHours: 8 + scope: ${data.azurerm_client_config.current.subscription_resource_id} + ticket: + number: "1" + system: example ticket system diff --git a/examples/authorization/v1beta1/pimeligibleroleassignment.yaml b/examples/authorization/v1beta1/pimeligibleroleassignment.yaml new file mode 100644 index 000000000..e78c90103 --- /dev/null +++ b/examples/authorization/v1beta1/pimeligibleroleassignment.yaml @@ -0,0 +1,21 @@ +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: PimEligibleRoleAssignment +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/pimeligibleroleassignment + upjet.upbound.io/manual-intervention: "This resource needs a valid roleDefinitionId" + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + justification: Expiration Duration Set + principalId: ${data.azurerm_client_config.service_principal.object_id} + roleDefinitionId: ${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id} + schedule: + expiration: + durationHours: 8 + scope: ${data.azurerm_client_config.current.subscription_resource_id} + ticket: + number: "1" + system: example ticket system diff --git a/internal/controller/authorization/pimactiveroleassignment/zz_controller.go b/internal/controller/authorization/pimactiveroleassignment/zz_controller.go new file mode 100755 index 000000000..da063732c --- /dev/null +++ b/internal/controller/authorization/pimactiveroleassignment/zz_controller.go @@ -0,0 +1,91 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package pimactiveroleassignment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-azure/apis/authorization/v1beta1" + features "github.com/upbound/provider-azure/internal/features" +) + +// Setup adds a controller that reconciles PimActiveRoleAssignment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.PimActiveRoleAssignment_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.PimActiveRoleAssignment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PimActiveRoleAssignment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azurerm_pim_active_role_assignment"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.PimActiveRoleAssignment_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.PimActiveRoleAssignment + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.PimActiveRoleAssignment{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.PimActiveRoleAssignment") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.PimActiveRoleAssignmentList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.PimActiveRoleAssignmentList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PimActiveRoleAssignment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.PimActiveRoleAssignment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/authorization/pimeligibleroleassignment/zz_controller.go b/internal/controller/authorization/pimeligibleroleassignment/zz_controller.go new file mode 100755 index 000000000..8085d555b --- /dev/null +++ b/internal/controller/authorization/pimeligibleroleassignment/zz_controller.go @@ -0,0 +1,91 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package pimeligibleroleassignment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-azure/apis/authorization/v1beta1" + features "github.com/upbound/provider-azure/internal/features" +) + +// Setup adds a controller that reconciles PimEligibleRoleAssignment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.PimEligibleRoleAssignment_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.PimEligibleRoleAssignment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PimEligibleRoleAssignment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azurerm_pim_eligible_role_assignment"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.PimEligibleRoleAssignment_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.PimEligibleRoleAssignment + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.PimEligibleRoleAssignment{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.PimEligibleRoleAssignment") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.PimEligibleRoleAssignmentList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.PimEligibleRoleAssignmentList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PimEligibleRoleAssignment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.PimEligibleRoleAssignment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_authorization_setup.go b/internal/controller/zz_authorization_setup.go index ab62028f8..557c4b07c 100755 --- a/internal/controller/zz_authorization_setup.go +++ b/internal/controller/zz_authorization_setup.go @@ -10,6 +10,8 @@ import ( "github.com/crossplane/upjet/pkg/controller" managementlock "github.com/upbound/provider-azure/internal/controller/authorization/managementlock" + pimactiveroleassignment "github.com/upbound/provider-azure/internal/controller/authorization/pimactiveroleassignment" + pimeligibleroleassignment "github.com/upbound/provider-azure/internal/controller/authorization/pimeligibleroleassignment" policydefinition "github.com/upbound/provider-azure/internal/controller/authorization/policydefinition" resourcegrouppolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/resourcegrouppolicyassignment" resourcepolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/resourcepolicyassignment" @@ -25,6 +27,8 @@ import ( func Setup_authorization(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ managementlock.Setup, + pimactiveroleassignment.Setup, + pimeligibleroleassignment.Setup, policydefinition.Setup, resourcegrouppolicyassignment.Setup, resourcepolicyassignment.Setup, diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 8010348ea..ee08fb698 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -79,6 +79,8 @@ import ( springcloudstorage "github.com/upbound/provider-azure/internal/controller/appplatform/springcloudstorage" provider "github.com/upbound/provider-azure/internal/controller/attestation/provider" managementlock "github.com/upbound/provider-azure/internal/controller/authorization/managementlock" + pimactiveroleassignment "github.com/upbound/provider-azure/internal/controller/authorization/pimactiveroleassignment" + pimeligibleroleassignment "github.com/upbound/provider-azure/internal/controller/authorization/pimeligibleroleassignment" policydefinition "github.com/upbound/provider-azure/internal/controller/authorization/policydefinition" resourcegrouppolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/resourcegrouppolicyassignment" resourcepolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/resourcepolicyassignment" @@ -808,6 +810,8 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { springcloudstorage.Setup, provider.Setup, managementlock.Setup, + pimactiveroleassignment.Setup, + pimeligibleroleassignment.Setup, policydefinition.Setup, resourcegrouppolicyassignment.Setup, resourcepolicyassignment.Setup, diff --git a/package/crds/authorization.azure.upbound.io_pimactiveroleassignments.yaml b/package/crds/authorization.azure.upbound.io_pimactiveroleassignments.yaml new file mode 100644 index 000000000..70a68a673 --- /dev/null +++ b/package/crds/authorization.azure.upbound.io_pimactiveroleassignments.yaml @@ -0,0 +1,693 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: pimactiveroleassignments.authorization.azure.upbound.io +spec: + group: authorization.azure.upbound.io + names: + categories: + - crossplane + - managed + - azure + kind: PimActiveRoleAssignment + listKind: PimActiveRoleAssignmentList + plural: pimactiveroleassignments + singular: pimactiveroleassignment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PimActiveRoleAssignment is the Schema for the PimActiveRoleAssignments + API. Manages a Pim Active Role Assignment. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PimActiveRoleAssignmentSpec defines the desired state of + PimActiveRoleAssignment + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + justification: + description: |- + The justification of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + The justification of the role assignment. + type: string + principalId: + description: |- + The principal id. Changing this forces a new Pim Active Role Assignment to be created. + The principal id. + type: string + roleDefinitionId: + description: |- + The role definition id. Changing this forces a new Pim Active Role Assignment to be created. + The role definition id. + type: string + schedule: + description: |- + A schedule block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + The schedule details of this role assignment. + properties: + expiration: + description: A expiration block as defined above. + properties: + durationDays: + description: |- + The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + The duration of the assignment in days. + type: number + durationHours: + description: |- + The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + The duration of the assignment in hours. + type: number + endDateTime: + description: |- + The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Active Role Assignment to be created. + The end date time of the assignment. + type: string + type: object + startDateTime: + description: |- + The start date time of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + The start date time. + type: string + type: object + scope: + description: |- + The scope. Changing this forces a new Pim Active Role Assignment to be created. + The scope. + type: string + scopeRef: + description: Reference to a ManagementGroup in management to populate + scope. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + scopeSelector: + description: Selector for a ManagementGroup in management to populate + scope. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + ticket: + description: |- + A ticket block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + The ticket details. + properties: + number: + description: |- + The ticket number. + The ticket number. + type: string + system: + description: |- + The ticket system. + The ticket system. + type: string + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + justification: + description: |- + The justification of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + The justification of the role assignment. + type: string + principalId: + description: |- + The principal id. Changing this forces a new Pim Active Role Assignment to be created. + The principal id. + type: string + roleDefinitionId: + description: |- + The role definition id. Changing this forces a new Pim Active Role Assignment to be created. + The role definition id. + type: string + schedule: + description: |- + A schedule block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + The schedule details of this role assignment. + properties: + expiration: + description: A expiration block as defined above. + properties: + durationDays: + description: |- + The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + The duration of the assignment in days. + type: number + durationHours: + description: |- + The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + The duration of the assignment in hours. + type: number + endDateTime: + description: |- + The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Active Role Assignment to be created. + The end date time of the assignment. + type: string + type: object + startDateTime: + description: |- + The start date time of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + The start date time. + type: string + type: object + scope: + description: |- + The scope. Changing this forces a new Pim Active Role Assignment to be created. + The scope. + type: string + scopeRef: + description: Reference to a ManagementGroup in management to populate + scope. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + scopeSelector: + description: Selector for a ManagementGroup in management to populate + scope. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + ticket: + description: |- + A ticket block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + The ticket details. + properties: + number: + description: |- + The ticket number. + The ticket number. + type: string + system: + description: |- + The ticket system. + The ticket system. + type: string + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.principalId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.principalId) + || (has(self.initProvider) && has(self.initProvider.principalId))' + - message: spec.forProvider.roleDefinitionId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.roleDefinitionId) + || (has(self.initProvider) && has(self.initProvider.roleDefinitionId))' + status: + description: PimActiveRoleAssignmentStatus defines the observed state + of PimActiveRoleAssignment. + properties: + atProvider: + properties: + id: + description: The ID of the Pim Active Role Assignment. + type: string + justification: + description: |- + The justification of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + The justification of the role assignment. + type: string + principalId: + description: |- + The principal id. Changing this forces a new Pim Active Role Assignment to be created. + The principal id. + type: string + principalType: + description: |- + The type of principal. + The type of principal. + type: string + roleDefinitionId: + description: |- + The role definition id. Changing this forces a new Pim Active Role Assignment to be created. + The role definition id. + type: string + schedule: + description: |- + A schedule block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + The schedule details of this role assignment. + properties: + expiration: + description: A expiration block as defined above. + properties: + durationDays: + description: |- + The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + The duration of the assignment in days. + type: number + durationHours: + description: |- + The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Active Role Assignment to be created. + The duration of the assignment in hours. + type: number + endDateTime: + description: |- + The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Active Role Assignment to be created. + The end date time of the assignment. + type: string + type: object + startDateTime: + description: |- + The start date time of the role assignment. Changing this forces a new Pim Active Role Assignment to be created. + The start date time. + type: string + type: object + scope: + description: |- + The scope. Changing this forces a new Pim Active Role Assignment to be created. + The scope. + type: string + ticket: + description: |- + A ticket block as defined below. Changing this forces a new Pim Active Role Assignment to be created. + The ticket details. + properties: + number: + description: |- + The ticket number. + The ticket number. + type: string + system: + description: |- + The ticket system. + The ticket system. + type: string + type: object + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/authorization.azure.upbound.io_pimeligibleroleassignments.yaml b/package/crds/authorization.azure.upbound.io_pimeligibleroleassignments.yaml new file mode 100644 index 000000000..2058ed7b7 --- /dev/null +++ b/package/crds/authorization.azure.upbound.io_pimeligibleroleassignments.yaml @@ -0,0 +1,693 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: pimeligibleroleassignments.authorization.azure.upbound.io +spec: + group: authorization.azure.upbound.io + names: + categories: + - crossplane + - managed + - azure + kind: PimEligibleRoleAssignment + listKind: PimEligibleRoleAssignmentList + plural: pimeligibleroleassignments + singular: pimeligibleroleassignment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PimEligibleRoleAssignment is the Schema for the PimEligibleRoleAssignments + API. Manages a Pim Eligible Role Assignment. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PimEligibleRoleAssignmentSpec defines the desired state of + PimEligibleRoleAssignment + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + justification: + description: |- + The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + The justification of the eligible role assignment. + type: string + principalId: + description: |- + The principal id. Changing this forces a new Pim Eligible Role Assignment to be created. + The principal id. + type: string + roleDefinitionId: + description: |- + The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created. + The role definition id. + type: string + schedule: + description: |- + A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + The schedule details of this eligible role assignment. + properties: + expiration: + description: A expiration block as defined above. + properties: + durationDays: + description: |- + The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + The duration of the assignment in days. + type: number + durationHours: + description: |- + The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + The duration of the assignment in hours. + type: number + endDateTime: + description: |- + The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Eligible Role Assignment to be created. + The end date time of the assignment. + type: string + type: object + startDateTime: + description: |- + The start date time of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + The start date time. + type: string + type: object + scope: + description: |- + The scope. Changing this forces a new Pim Eligible Role Assignment to be created. + The scope. + type: string + scopeRef: + description: Reference to a ManagementGroup in management to populate + scope. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + scopeSelector: + description: Selector for a ManagementGroup in management to populate + scope. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + ticket: + description: |- + A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + Ticket details relating to the assignment. + properties: + number: + description: |- + The ticket number. + The ticket number. + type: string + system: + description: |- + The ticket system. + The ticket system. + type: string + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + justification: + description: |- + The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + The justification of the eligible role assignment. + type: string + principalId: + description: |- + The principal id. Changing this forces a new Pim Eligible Role Assignment to be created. + The principal id. + type: string + roleDefinitionId: + description: |- + The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created. + The role definition id. + type: string + schedule: + description: |- + A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + The schedule details of this eligible role assignment. + properties: + expiration: + description: A expiration block as defined above. + properties: + durationDays: + description: |- + The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + The duration of the assignment in days. + type: number + durationHours: + description: |- + The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + The duration of the assignment in hours. + type: number + endDateTime: + description: |- + The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Eligible Role Assignment to be created. + The end date time of the assignment. + type: string + type: object + startDateTime: + description: |- + The start date time of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + The start date time. + type: string + type: object + scope: + description: |- + The scope. Changing this forces a new Pim Eligible Role Assignment to be created. + The scope. + type: string + scopeRef: + description: Reference to a ManagementGroup in management to populate + scope. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + scopeSelector: + description: Selector for a ManagementGroup in management to populate + scope. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + ticket: + description: |- + A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + Ticket details relating to the assignment. + properties: + number: + description: |- + The ticket number. + The ticket number. + type: string + system: + description: |- + The ticket system. + The ticket system. + type: string + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.principalId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.principalId) + || (has(self.initProvider) && has(self.initProvider.principalId))' + - message: spec.forProvider.roleDefinitionId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.roleDefinitionId) + || (has(self.initProvider) && has(self.initProvider.roleDefinitionId))' + status: + description: PimEligibleRoleAssignmentStatus defines the observed state + of PimEligibleRoleAssignment. + properties: + atProvider: + properties: + id: + description: The ID of the Pim Eligible Role Assignment. + type: string + justification: + description: |- + The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + The justification of the eligible role assignment. + type: string + principalId: + description: |- + The principal id. Changing this forces a new Pim Eligible Role Assignment to be created. + The principal id. + type: string + principalType: + description: |- + The type of principal. + The type of principal. + type: string + roleDefinitionId: + description: |- + The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created. + The role definition id. + type: string + schedule: + description: |- + A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + The schedule details of this eligible role assignment. + properties: + expiration: + description: A expiration block as defined above. + properties: + durationDays: + description: |- + The duration of the role assignment in days. Conflicts with schedule[0].expiration[0].duration_hours,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + The duration of the assignment in days. + type: number + durationHours: + description: |- + The duration of the role assignment in hours. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].end_date_time Changing this forces a new Pim Eligible Role Assignment to be created. + The duration of the assignment in hours. + type: number + endDateTime: + description: |- + The end date time of the role assignment. Conflicts with schedule[0].expiration[0].duration_days,schedule[0].expiration[0].duration_hours Changing this forces a new Pim Eligible Role Assignment to be created. + The end date time of the assignment. + type: string + type: object + startDateTime: + description: |- + The start date time of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created. + The start date time. + type: string + type: object + scope: + description: |- + The scope. Changing this forces a new Pim Eligible Role Assignment to be created. + The scope. + type: string + ticket: + description: |- + A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created. + Ticket details relating to the assignment. + properties: + number: + description: |- + The ticket number. + The ticket number. + type: string + system: + description: |- + The ticket system. + The ticket system. + type: string + type: object + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} From cafde2a6f48c8d70fa40a1e2dc10036e35f1fa11 Mon Sep 17 00:00:00 2001 From: Knut-Erik Johnsen Date: Fri, 31 May 2024 16:38:11 +0200 Subject: [PATCH 2/2] Added the license statement Signed-off-by: Knut-Erik Johnsen --- examples/authorization/v1beta1/pimactiveroleassignment.yaml | 4 ++++ examples/authorization/v1beta1/pimeligibleroleassignment.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/examples/authorization/v1beta1/pimactiveroleassignment.yaml b/examples/authorization/v1beta1/pimactiveroleassignment.yaml index 60e6d8093..0867e5410 100644 --- a/examples/authorization/v1beta1/pimactiveroleassignment.yaml +++ b/examples/authorization/v1beta1/pimactiveroleassignment.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + apiVersion: authorization.azure.upbound.io/v1beta1 kind: PimActiveRoleAssignment metadata: diff --git a/examples/authorization/v1beta1/pimeligibleroleassignment.yaml b/examples/authorization/v1beta1/pimeligibleroleassignment.yaml index e78c90103..ca6eb9015 100644 --- a/examples/authorization/v1beta1/pimeligibleroleassignment.yaml +++ b/examples/authorization/v1beta1/pimeligibleroleassignment.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + apiVersion: authorization.azure.upbound.io/v1beta1 kind: PimEligibleRoleAssignment metadata: