diff --git a/apis/authorization/v1beta1/zz_generated.conversion_hubs.go b/apis/authorization/v1beta1/zz_generated.conversion_hubs.go index 052db10da..bda0c62d6 100755 --- a/apis/authorization/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/authorization/v1beta1/zz_generated.conversion_hubs.go @@ -29,3 +29,6 @@ func (tr *RoleDefinition) Hub() {} // Hub marks this type as a conversion hub. func (tr *SubscriptionPolicyExemption) Hub() {} + +// Hub marks this type as a conversion hub. +func (tr *TrustedAccessRoleBinding) Hub() {} diff --git a/apis/authorization/v1beta1/zz_generated.deepcopy.go b/apis/authorization/v1beta1/zz_generated.deepcopy.go index d6d3ed755..5ba514ad6 100644 --- a/apis/authorization/v1beta1/zz_generated.deepcopy.go +++ b/apis/authorization/v1beta1/zz_generated.deepcopy.go @@ -5901,3 +5901,235 @@ func (in *TicketParameters) DeepCopy() *TicketParameters { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBinding) DeepCopyInto(out *TrustedAccessRoleBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBinding. +func (in *TrustedAccessRoleBinding) DeepCopy() *TrustedAccessRoleBinding { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrustedAccessRoleBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBindingInitParameters) DeepCopyInto(out *TrustedAccessRoleBindingInitParameters) { + *out = *in + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SourceResourceID != nil { + in, out := &in.SourceResourceID, &out.SourceResourceID + *out = new(string) + **out = **in + } + if in.SourceResourceIDRef != nil { + in, out := &in.SourceResourceIDRef, &out.SourceResourceIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SourceResourceIDSelector != nil { + in, out := &in.SourceResourceIDSelector, &out.SourceResourceIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBindingInitParameters. +func (in *TrustedAccessRoleBindingInitParameters) DeepCopy() *TrustedAccessRoleBindingInitParameters { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBindingInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBindingList) DeepCopyInto(out *TrustedAccessRoleBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TrustedAccessRoleBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBindingList. +func (in *TrustedAccessRoleBindingList) DeepCopy() *TrustedAccessRoleBindingList { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrustedAccessRoleBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBindingObservation) DeepCopyInto(out *TrustedAccessRoleBindingObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.KubernetesClusterID != nil { + in, out := &in.KubernetesClusterID, &out.KubernetesClusterID + *out = new(string) + **out = **in + } + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SourceResourceID != nil { + in, out := &in.SourceResourceID, &out.SourceResourceID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBindingObservation. +func (in *TrustedAccessRoleBindingObservation) DeepCopy() *TrustedAccessRoleBindingObservation { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBindingObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBindingParameters) DeepCopyInto(out *TrustedAccessRoleBindingParameters) { + *out = *in + if in.KubernetesClusterID != nil { + in, out := &in.KubernetesClusterID, &out.KubernetesClusterID + *out = new(string) + **out = **in + } + if in.KubernetesClusterIDRef != nil { + in, out := &in.KubernetesClusterIDRef, &out.KubernetesClusterIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.KubernetesClusterIDSelector != nil { + in, out := &in.KubernetesClusterIDSelector, &out.KubernetesClusterIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Roles != nil { + in, out := &in.Roles, &out.Roles + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.SourceResourceID != nil { + in, out := &in.SourceResourceID, &out.SourceResourceID + *out = new(string) + **out = **in + } + if in.SourceResourceIDRef != nil { + in, out := &in.SourceResourceIDRef, &out.SourceResourceIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SourceResourceIDSelector != nil { + in, out := &in.SourceResourceIDSelector, &out.SourceResourceIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBindingParameters. +func (in *TrustedAccessRoleBindingParameters) DeepCopy() *TrustedAccessRoleBindingParameters { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBindingParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBindingSpec) DeepCopyInto(out *TrustedAccessRoleBindingSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBindingSpec. +func (in *TrustedAccessRoleBindingSpec) DeepCopy() *TrustedAccessRoleBindingSpec { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBindingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustedAccessRoleBindingStatus) DeepCopyInto(out *TrustedAccessRoleBindingStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedAccessRoleBindingStatus. +func (in *TrustedAccessRoleBindingStatus) DeepCopy() *TrustedAccessRoleBindingStatus { + if in == nil { + return nil + } + out := new(TrustedAccessRoleBindingStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/authorization/v1beta1/zz_generated.managed.go b/apis/authorization/v1beta1/zz_generated.managed.go index 92f297520..ac9651efa 100644 --- a/apis/authorization/v1beta1/zz_generated.managed.go +++ b/apis/authorization/v1beta1/zz_generated.managed.go @@ -666,3 +666,63 @@ func (mg *SubscriptionPolicyExemption) SetPublishConnectionDetailsTo(r *xpv1.Pub func (mg *SubscriptionPolicyExemption) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/authorization/v1beta1/zz_generated.managedlist.go b/apis/authorization/v1beta1/zz_generated.managedlist.go index f770eef6a..a28cc83fe 100644 --- a/apis/authorization/v1beta1/zz_generated.managedlist.go +++ b/apis/authorization/v1beta1/zz_generated.managedlist.go @@ -105,3 +105,12 @@ func (l *SubscriptionPolicyExemptionList) GetItems() []resource.Managed { } return items } + +// GetItems of this TrustedAccessRoleBindingList. +func (l *TrustedAccessRoleBindingList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/authorization/v1beta1/zz_generated.resolvers.go b/apis/authorization/v1beta1/zz_generated.resolvers.go index f430eaf2b..84de35973 100644 --- a/apis/authorization/v1beta1/zz_generated.resolvers.go +++ b/apis/authorization/v1beta1/zz_generated.resolvers.go @@ -13,6 +13,7 @@ import ( errors "github.com/pkg/errors" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + rconfig "github.com/upbound/provider-azure/apis/rconfig" apisresolver "github.com/upbound/provider-azure/internal/apis" client "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -542,3 +543,72 @@ func (mg *SubscriptionPolicyExemption) ResolveReferences(ctx context.Context, c return nil } + +// ResolveReferences of this TrustedAccessRoleBinding. +func (mg *TrustedAccessRoleBinding) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("containerservice.azure.upbound.io", "v1beta2", "KubernetesCluster", "KubernetesClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.KubernetesClusterID), + Extract: rconfig.ExtractResourceID(), + Reference: mg.Spec.ForProvider.KubernetesClusterIDRef, + Selector: mg.Spec.ForProvider.KubernetesClusterIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.KubernetesClusterID") + } + mg.Spec.ForProvider.KubernetesClusterID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.KubernetesClusterIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("machinelearningservices.azure.upbound.io", "v1beta2", "Workspace", "WorkspaceList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SourceResourceID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.SourceResourceIDRef, + Selector: mg.Spec.ForProvider.SourceResourceIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SourceResourceID") + } + mg.Spec.ForProvider.SourceResourceID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SourceResourceIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("machinelearningservices.azure.upbound.io", "v1beta2", "Workspace", "WorkspaceList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SourceResourceID), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.SourceResourceIDRef, + Selector: mg.Spec.InitProvider.SourceResourceIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SourceResourceID") + } + mg.Spec.InitProvider.SourceResourceID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SourceResourceIDRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/authorization/v1beta1/zz_trustedaccessrolebinding_terraformed.go b/apis/authorization/v1beta1/zz_trustedaccessrolebinding_terraformed.go new file mode 100755 index 000000000..816e69049 --- /dev/null +++ b/apis/authorization/v1beta1/zz_trustedaccessrolebinding_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this TrustedAccessRoleBinding +func (mg *TrustedAccessRoleBinding) GetTerraformResourceType() string { + return "azurerm_kubernetes_cluster_trusted_access_role_binding" +} + +// GetConnectionDetailsMapping for this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this TrustedAccessRoleBinding +func (tr *TrustedAccessRoleBinding) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this TrustedAccessRoleBinding using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *TrustedAccessRoleBinding) LateInitialize(attrs []byte) (bool, error) { + params := &TrustedAccessRoleBindingParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *TrustedAccessRoleBinding) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/authorization/v1beta1/zz_trustedaccessrolebinding_types.go b/apis/authorization/v1beta1/zz_trustedaccessrolebinding_types.go new file mode 100755 index 000000000..e31f60b9e --- /dev/null +++ b/apis/authorization/v1beta1/zz_trustedaccessrolebinding_types.go @@ -0,0 +1,145 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type TrustedAccessRoleBindingInitParameters struct { + + // A list of roles to bind, each item is a resource type qualified role name. + Roles []*string `json:"roles,omitempty" tf:"roles,omitempty"` + + // The ARM resource ID of source resource that trusted access is configured for. Changing this forces a new Kubernetes Cluster Trusted Access Role Binding to be created. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/machinelearningservices/v1beta2.Workspace + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + SourceResourceID *string `json:"sourceResourceId,omitempty" tf:"source_resource_id,omitempty"` + + // Reference to a Workspace in machinelearningservices to populate sourceResourceId. + // +kubebuilder:validation:Optional + SourceResourceIDRef *v1.Reference `json:"sourceResourceIdRef,omitempty" tf:"-"` + + // Selector for a Workspace in machinelearningservices to populate sourceResourceId. + // +kubebuilder:validation:Optional + SourceResourceIDSelector *v1.Selector `json:"sourceResourceIdSelector,omitempty" tf:"-"` +} + +type TrustedAccessRoleBindingObservation struct { + + // The ID of the Kubernetes Cluster Trusted Access Role Binding. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Specifies the Kubernetes Cluster Id within which this Kubernetes Cluster Trusted Access Role Binding should exist. Changing this forces a new Kubernetes Cluster Trusted Access Role Binding to be created. + KubernetesClusterID *string `json:"kubernetesClusterId,omitempty" tf:"kubernetes_cluster_id,omitempty"` + + // A list of roles to bind, each item is a resource type qualified role name. + Roles []*string `json:"roles,omitempty" tf:"roles,omitempty"` + + // The ARM resource ID of source resource that trusted access is configured for. Changing this forces a new Kubernetes Cluster Trusted Access Role Binding to be created. + SourceResourceID *string `json:"sourceResourceId,omitempty" tf:"source_resource_id,omitempty"` +} + +type TrustedAccessRoleBindingParameters struct { + + // Specifies the Kubernetes Cluster Id within which this Kubernetes Cluster Trusted Access Role Binding should exist. Changing this forces a new Kubernetes Cluster Trusted Access Role Binding to be created. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/containerservice/v1beta2.KubernetesCluster + // +crossplane:generate:reference:extractor=github.com/upbound/provider-azure/apis/rconfig.ExtractResourceID() + // +kubebuilder:validation:Optional + KubernetesClusterID *string `json:"kubernetesClusterId,omitempty" tf:"kubernetes_cluster_id,omitempty"` + + // Reference to a KubernetesCluster in containerservice to populate kubernetesClusterId. + // +kubebuilder:validation:Optional + KubernetesClusterIDRef *v1.Reference `json:"kubernetesClusterIdRef,omitempty" tf:"-"` + + // Selector for a KubernetesCluster in containerservice to populate kubernetesClusterId. + // +kubebuilder:validation:Optional + KubernetesClusterIDSelector *v1.Selector `json:"kubernetesClusterIdSelector,omitempty" tf:"-"` + + // A list of roles to bind, each item is a resource type qualified role name. + // +kubebuilder:validation:Optional + Roles []*string `json:"roles,omitempty" tf:"roles,omitempty"` + + // The ARM resource ID of source resource that trusted access is configured for. Changing this forces a new Kubernetes Cluster Trusted Access Role Binding to be created. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/machinelearningservices/v1beta2.Workspace + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + SourceResourceID *string `json:"sourceResourceId,omitempty" tf:"source_resource_id,omitempty"` + + // Reference to a Workspace in machinelearningservices to populate sourceResourceId. + // +kubebuilder:validation:Optional + SourceResourceIDRef *v1.Reference `json:"sourceResourceIdRef,omitempty" tf:"-"` + + // Selector for a Workspace in machinelearningservices to populate sourceResourceId. + // +kubebuilder:validation:Optional + SourceResourceIDSelector *v1.Selector `json:"sourceResourceIdSelector,omitempty" tf:"-"` +} + +// TrustedAccessRoleBindingSpec defines the desired state of TrustedAccessRoleBinding +type TrustedAccessRoleBindingSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider TrustedAccessRoleBindingParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider TrustedAccessRoleBindingInitParameters `json:"initProvider,omitempty"` +} + +// TrustedAccessRoleBindingStatus defines the observed state of TrustedAccessRoleBinding. +type TrustedAccessRoleBindingStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider TrustedAccessRoleBindingObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// TrustedAccessRoleBinding is the Schema for the TrustedAccessRoleBindings API. Manages a Kubernetes Cluster Trusted Access Role Binding. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azure} +type TrustedAccessRoleBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roles) || (has(self.initProvider) && has(self.initProvider.roles))",message="spec.forProvider.roles is a required parameter" + Spec TrustedAccessRoleBindingSpec `json:"spec"` + Status TrustedAccessRoleBindingStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// TrustedAccessRoleBindingList contains a list of TrustedAccessRoleBindings +type TrustedAccessRoleBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TrustedAccessRoleBinding `json:"items"` +} + +// Repository type metadata. +var ( + TrustedAccessRoleBinding_Kind = "TrustedAccessRoleBinding" + TrustedAccessRoleBinding_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: TrustedAccessRoleBinding_Kind}.String() + TrustedAccessRoleBinding_KindAPIVersion = TrustedAccessRoleBinding_Kind + "." + CRDGroupVersion.String() + TrustedAccessRoleBinding_GroupVersionKind = CRDGroupVersion.WithKind(TrustedAccessRoleBinding_Kind) +) + +func init() { + SchemeBuilder.Register(&TrustedAccessRoleBinding{}, &TrustedAccessRoleBindingList{}) +} diff --git a/config/authorization/config.go b/config/authorization/config.go index e162612d1..3de1b1771 100644 --- a/config/authorization/config.go +++ b/config/authorization/config.go @@ -7,6 +7,7 @@ package authorization import ( "github.com/crossplane/upjet/pkg/config" + "github.com/upbound/provider-azure/apis/rconfig" "github.com/upbound/provider-azure/config/common" ) @@ -20,4 +21,13 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("azurerm_resource_group_policy_assignment", func(r *config.Resource) { r.ExternalName.IdentifierFields = common.RemoveIndex(r.ExternalName.IdentifierFields, "resource_group_id") }) + + p.AddResourceConfigurator("azurerm_kubernetes_cluster_trusted_access_role_binding", func(r *config.Resource) { + r.Kind = "TrustedAccessRoleBinding" + r.ShortGroup = "authorization" + r.References["kubernetes_cluster_id"] = config.Reference{ + TerraformName: "azurerm_kubernetes_cluster", + Extractor: rconfig.ExtractResourceIDFuncPath, + } + }) } diff --git a/config/externalname.go b/config/externalname.go index 2ad61fd26..b5c841c7c 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -131,8 +131,9 @@ var TerraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ "azurerm_api_management_custom_domain": config.TemplatedStringAsIdentifier("", "{{ .parameters.api_management_id }}/customDomains/{{ .external_name }}"), // authorization - "azurerm_resource_group_policy_assignment": config.TemplatedStringAsIdentifier("name", "{{ .parameters.resource_group_id }}/providers/Microsoft.Authorization/policyAssignments/{{ .external_name }}"), - "azurerm_role_assignment": config.IdentifierFromProvider, + "azurerm_resource_group_policy_assignment": config.TemplatedStringAsIdentifier("name", "{{ .parameters.resource_group_id }}/providers/Microsoft.Authorization/policyAssignments/{{ .external_name }}"), + "azurerm_role_assignment": config.IdentifierFromProvider, + "azurerm_kubernetes_cluster_trusted_access_role_binding": config.TemplatedStringAsIdentifier("name", "{{ .parameters.kubernetes_cluster_id }}/trustedAccessRoleBindings/{{ .external_name }}"), // Pim Eligible Role Assignments can be imported using the resource id "azurerm_pim_eligible_role_assignment": config.IdentifierFromProvider, // Pim Active Role Assignments can be imported using the resource id diff --git a/config/generated.lst b/config/generated.lst index 1d67fad77..ab7e35d6b 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["azurerm_advanced_threat_protection","azurerm_analysis_services_server","azurerm_api_management","azurerm_api_management_api","azurerm_api_management_api_diagnostic","azurerm_api_management_api_operation","azurerm_api_management_api_operation_policy","azurerm_api_management_api_operation_tag","azurerm_api_management_api_policy","azurerm_api_management_api_release","azurerm_api_management_api_schema","azurerm_api_management_api_tag","azurerm_api_management_api_version_set","azurerm_api_management_authorization_server","azurerm_api_management_backend","azurerm_api_management_certificate","azurerm_api_management_custom_domain","azurerm_api_management_diagnostic","azurerm_api_management_email_template","azurerm_api_management_gateway","azurerm_api_management_gateway_api","azurerm_api_management_global_schema","azurerm_api_management_identity_provider_aad","azurerm_api_management_identity_provider_facebook","azurerm_api_management_identity_provider_google","azurerm_api_management_identity_provider_microsoft","azurerm_api_management_identity_provider_twitter","azurerm_api_management_logger","azurerm_api_management_named_value","azurerm_api_management_notification_recipient_email","azurerm_api_management_notification_recipient_user","azurerm_api_management_openid_connect_provider","azurerm_api_management_policy","azurerm_api_management_product","azurerm_api_management_product_api","azurerm_api_management_product_policy","azurerm_api_management_product_tag","azurerm_api_management_redis_cache","azurerm_api_management_subscription","azurerm_api_management_tag","azurerm_api_management_user","azurerm_app_configuration","azurerm_app_service_certificate_order","azurerm_app_service_plan","azurerm_application_gateway","azurerm_application_insights","azurerm_application_insights_analytics_item","azurerm_application_insights_api_key","azurerm_application_insights_smart_detection_rule","azurerm_application_insights_standard_web_test","azurerm_application_insights_web_test","azurerm_application_insights_workbook","azurerm_application_insights_workbook_template","azurerm_application_security_group","azurerm_attestation_provider","azurerm_automation_account","azurerm_automation_connection","azurerm_automation_connection_classic_certificate","azurerm_automation_connection_type","azurerm_automation_credential","azurerm_automation_hybrid_runbook_worker_group","azurerm_automation_module","azurerm_automation_runbook","azurerm_automation_schedule","azurerm_automation_variable_bool","azurerm_automation_variable_datetime","azurerm_automation_variable_int","azurerm_automation_variable_string","azurerm_automation_webhook","azurerm_availability_set","azurerm_backup_container_storage_account","azurerm_backup_policy_file_share","azurerm_backup_policy_vm","azurerm_backup_policy_vm_workload","azurerm_backup_protected_file_share","azurerm_backup_protected_vm","azurerm_bastion_host","azurerm_bot_channel_alexa","azurerm_bot_channel_directline","azurerm_bot_channel_line","azurerm_bot_channel_ms_teams","azurerm_bot_channel_slack","azurerm_bot_channel_sms","azurerm_bot_channel_web_chat","azurerm_bot_channels_registration","azurerm_bot_connection","azurerm_bot_web_app","azurerm_capacity_reservation","azurerm_capacity_reservation_group","azurerm_cdn_endpoint","azurerm_cdn_frontdoor_custom_domain","azurerm_cdn_frontdoor_custom_domain_association","azurerm_cdn_frontdoor_endpoint","azurerm_cdn_frontdoor_firewall_policy","azurerm_cdn_frontdoor_origin","azurerm_cdn_frontdoor_origin_group","azurerm_cdn_frontdoor_profile","azurerm_cdn_frontdoor_route","azurerm_cdn_frontdoor_rule","azurerm_cdn_frontdoor_rule_set","azurerm_cdn_frontdoor_security_policy","azurerm_cdn_profile","azurerm_cognitive_account","azurerm_cognitive_deployment","azurerm_communication_service","azurerm_confidential_ledger","azurerm_consumption_budget_management_group","azurerm_consumption_budget_resource_group","azurerm_consumption_budget_subscription","azurerm_container_app","azurerm_container_app_custom_domain","azurerm_container_app_environment","azurerm_container_app_environment_certificate","azurerm_container_app_environment_custom_domain","azurerm_container_app_environment_dapr_component","azurerm_container_app_environment_storage","azurerm_container_connected_registry","azurerm_container_registry","azurerm_container_registry_agent_pool","azurerm_container_registry_scope_map","azurerm_container_registry_token","azurerm_container_registry_token_password","azurerm_container_registry_webhook","azurerm_cosmosdb_account","azurerm_cosmosdb_cassandra_cluster","azurerm_cosmosdb_cassandra_datacenter","azurerm_cosmosdb_cassandra_keyspace","azurerm_cosmosdb_cassandra_table","azurerm_cosmosdb_gremlin_database","azurerm_cosmosdb_gremlin_graph","azurerm_cosmosdb_mongo_collection","azurerm_cosmosdb_mongo_database","azurerm_cosmosdb_sql_container","azurerm_cosmosdb_sql_database","azurerm_cosmosdb_sql_dedicated_gateway","azurerm_cosmosdb_sql_function","azurerm_cosmosdb_sql_role_assignment","azurerm_cosmosdb_sql_role_definition","azurerm_cosmosdb_sql_stored_procedure","azurerm_cosmosdb_sql_trigger","azurerm_cosmosdb_table","azurerm_cost_anomaly_alert","azurerm_custom_provider","azurerm_data_factory","azurerm_data_factory_custom_dataset","azurerm_data_factory_data_flow","azurerm_data_factory_dataset_azure_blob","azurerm_data_factory_dataset_binary","azurerm_data_factory_dataset_cosmosdb_sqlapi","azurerm_data_factory_dataset_delimited_text","azurerm_data_factory_dataset_http","azurerm_data_factory_dataset_json","azurerm_data_factory_dataset_mysql","azurerm_data_factory_dataset_parquet","azurerm_data_factory_dataset_postgresql","azurerm_data_factory_dataset_snowflake","azurerm_data_factory_dataset_sql_server_table","azurerm_data_factory_integration_runtime_azure","azurerm_data_factory_integration_runtime_azure_ssis","azurerm_data_factory_integration_runtime_managed","azurerm_data_factory_integration_runtime_self_hosted","azurerm_data_factory_linked_custom_service","azurerm_data_factory_linked_service_azure_blob_storage","azurerm_data_factory_linked_service_azure_databricks","azurerm_data_factory_linked_service_azure_file_storage","azurerm_data_factory_linked_service_azure_function","azurerm_data_factory_linked_service_azure_search","azurerm_data_factory_linked_service_azure_sql_database","azurerm_data_factory_linked_service_azure_table_storage","azurerm_data_factory_linked_service_cosmosdb","azurerm_data_factory_linked_service_cosmosdb_mongoapi","azurerm_data_factory_linked_service_data_lake_storage_gen2","azurerm_data_factory_linked_service_key_vault","azurerm_data_factory_linked_service_kusto","azurerm_data_factory_linked_service_mysql","azurerm_data_factory_linked_service_odata","azurerm_data_factory_linked_service_odbc","azurerm_data_factory_linked_service_postgresql","azurerm_data_factory_linked_service_sftp","azurerm_data_factory_linked_service_snowflake","azurerm_data_factory_linked_service_sql_server","azurerm_data_factory_linked_service_synapse","azurerm_data_factory_linked_service_web","azurerm_data_factory_managed_private_endpoint","azurerm_data_factory_pipeline","azurerm_data_factory_trigger_blob_event","azurerm_data_factory_trigger_custom_event","azurerm_data_factory_trigger_schedule","azurerm_data_protection_backup_instance_blob_storage","azurerm_data_protection_backup_instance_disk","azurerm_data_protection_backup_instance_kubernetes_cluster","azurerm_data_protection_backup_instance_postgresql","azurerm_data_protection_backup_policy_blob_storage","azurerm_data_protection_backup_policy_disk","azurerm_data_protection_backup_policy_kubernetes_cluster","azurerm_data_protection_backup_policy_postgresql","azurerm_data_protection_backup_vault","azurerm_data_protection_resource_guard","azurerm_data_share","azurerm_data_share_account","azurerm_data_share_dataset_blob_storage","azurerm_data_share_dataset_data_lake_gen2","azurerm_data_share_dataset_kusto_cluster","azurerm_data_share_dataset_kusto_database","azurerm_database_migration_project","azurerm_database_migration_service","azurerm_databox_edge_device","azurerm_databricks_access_connector","azurerm_databricks_workspace","azurerm_databricks_workspace_customer_managed_key","azurerm_databricks_workspace_root_dbfs_customer_managed_key","azurerm_dedicated_host","azurerm_dev_test_global_vm_shutdown_schedule","azurerm_dev_test_lab","azurerm_dev_test_linux_virtual_machine","azurerm_dev_test_policy","azurerm_dev_test_schedule","azurerm_dev_test_virtual_network","azurerm_dev_test_windows_virtual_machine","azurerm_digital_twins_instance","azurerm_disk_access","azurerm_disk_encryption_set","azurerm_disk_pool","azurerm_dns_a_record","azurerm_dns_aaaa_record","azurerm_dns_caa_record","azurerm_dns_cname_record","azurerm_dns_mx_record","azurerm_dns_ns_record","azurerm_dns_ptr_record","azurerm_dns_srv_record","azurerm_dns_txt_record","azurerm_dns_zone","azurerm_elastic_cloud_elasticsearch","azurerm_eventgrid_domain","azurerm_eventgrid_domain_topic","azurerm_eventgrid_event_subscription","azurerm_eventgrid_system_topic","azurerm_eventgrid_topic","azurerm_eventhub","azurerm_eventhub_authorization_rule","azurerm_eventhub_consumer_group","azurerm_eventhub_namespace","azurerm_eventhub_namespace_authorization_rule","azurerm_eventhub_namespace_disaster_recovery_config","azurerm_eventhub_namespace_schema_group","azurerm_express_route_circuit","azurerm_express_route_circuit_authorization","azurerm_express_route_circuit_connection","azurerm_express_route_circuit_peering","azurerm_express_route_connection","azurerm_express_route_gateway","azurerm_express_route_port","azurerm_federated_identity_credential","azurerm_firewall","azurerm_firewall_application_rule_collection","azurerm_firewall_nat_rule_collection","azurerm_firewall_network_rule_collection","azurerm_firewall_policy","azurerm_firewall_policy_rule_collection_group","azurerm_fluid_relay_server","azurerm_frontdoor","azurerm_frontdoor_custom_https_configuration","azurerm_frontdoor_firewall_policy","azurerm_frontdoor_rules_engine","azurerm_function_app","azurerm_function_app_active_slot","azurerm_function_app_function","azurerm_function_app_hybrid_connection","azurerm_function_app_slot","azurerm_gallery_application","azurerm_gallery_application_version","azurerm_hdinsight_hadoop_cluster","azurerm_hdinsight_hbase_cluster","azurerm_hdinsight_interactive_query_cluster","azurerm_hdinsight_kafka_cluster","azurerm_hdinsight_spark_cluster","azurerm_healthbot","azurerm_healthcare_dicom_service","azurerm_healthcare_fhir_service","azurerm_healthcare_medtech_service","azurerm_healthcare_medtech_service_fhir_destination","azurerm_healthcare_service","azurerm_healthcare_workspace","azurerm_hpc_cache","azurerm_hpc_cache_access_policy","azurerm_hpc_cache_blob_nfs_target","azurerm_hpc_cache_blob_target","azurerm_hpc_cache_nfs_target","azurerm_image","azurerm_integration_service_environment","azurerm_iot_security_device_group","azurerm_iot_security_solution","azurerm_iot_time_series_insights_event_source_eventhub","azurerm_iot_time_series_insights_event_source_iothub","azurerm_iot_time_series_insights_gen2_environment","azurerm_iot_time_series_insights_reference_data_set","azurerm_iot_time_series_insights_standard_environment","azurerm_iotcentral_application","azurerm_iotcentral_application_network_rule_set","azurerm_iothub","azurerm_iothub_certificate","azurerm_iothub_consumer_group","azurerm_iothub_device_update_account","azurerm_iothub_device_update_instance","azurerm_iothub_dps","azurerm_iothub_dps_certificate","azurerm_iothub_dps_shared_access_policy","azurerm_iothub_endpoint_eventhub","azurerm_iothub_endpoint_servicebus_queue","azurerm_iothub_endpoint_servicebus_topic","azurerm_iothub_endpoint_storage_container","azurerm_iothub_enrichment","azurerm_iothub_fallback_route","azurerm_iothub_route","azurerm_iothub_shared_access_policy","azurerm_ip_group","azurerm_key_vault","azurerm_key_vault_access_policy","azurerm_key_vault_certificate","azurerm_key_vault_certificate_contacts","azurerm_key_vault_certificate_issuer","azurerm_key_vault_key","azurerm_key_vault_managed_hardware_security_module","azurerm_key_vault_managed_storage_account","azurerm_key_vault_managed_storage_account_sas_token_definition","azurerm_key_vault_secret","azurerm_kubernetes_cluster","azurerm_kubernetes_cluster_extension","azurerm_kubernetes_cluster_node_pool","azurerm_kubernetes_fleet_manager","azurerm_kusto_attached_database_configuration","azurerm_kusto_cluster","azurerm_kusto_cluster_managed_private_endpoint","azurerm_kusto_cluster_principal_assignment","azurerm_kusto_database","azurerm_kusto_database_principal_assignment","azurerm_kusto_eventgrid_data_connection","azurerm_kusto_eventhub_data_connection","azurerm_kusto_iothub_data_connection","azurerm_lab_service_lab","azurerm_lab_service_plan","azurerm_lb","azurerm_lb_backend_address_pool","azurerm_lb_backend_address_pool_address","azurerm_lb_nat_pool","azurerm_lb_nat_rule","azurerm_lb_outbound_rule","azurerm_lb_probe","azurerm_lb_rule","azurerm_linux_function_app","azurerm_linux_function_app_slot","azurerm_linux_virtual_machine","azurerm_linux_virtual_machine_scale_set","azurerm_linux_web_app","azurerm_linux_web_app_slot","azurerm_load_test","azurerm_local_network_gateway","azurerm_log_analytics_data_export_rule","azurerm_log_analytics_datasource_windows_event","azurerm_log_analytics_datasource_windows_performance_counter","azurerm_log_analytics_linked_service","azurerm_log_analytics_linked_storage_account","azurerm_log_analytics_query_pack","azurerm_log_analytics_query_pack_query","azurerm_log_analytics_saved_search","azurerm_log_analytics_solution","azurerm_log_analytics_workspace","azurerm_logic_app_action_custom","azurerm_logic_app_action_http","azurerm_logic_app_integration_account","azurerm_logic_app_integration_account_batch_configuration","azurerm_logic_app_integration_account_partner","azurerm_logic_app_integration_account_schema","azurerm_logic_app_integration_account_session","azurerm_logic_app_trigger_custom","azurerm_logic_app_trigger_http_request","azurerm_logic_app_trigger_recurrence","azurerm_logic_app_workflow","azurerm_logz_monitor","azurerm_logz_sub_account","azurerm_logz_sub_account_tag_rule","azurerm_logz_tag_rule","azurerm_machine_learning_compute_cluster","azurerm_machine_learning_compute_instance","azurerm_machine_learning_synapse_spark","azurerm_machine_learning_workspace","azurerm_maintenance_assignment_dedicated_host","azurerm_maintenance_assignment_virtual_machine","azurerm_maintenance_configuration","azurerm_managed_application_definition","azurerm_managed_disk","azurerm_managed_disk_sas_token","azurerm_management_group","azurerm_management_group_subscription_association","azurerm_management_lock","azurerm_maps_account","azurerm_maps_creator","azurerm_mariadb_configuration","azurerm_mariadb_database","azurerm_mariadb_firewall_rule","azurerm_mariadb_server","azurerm_mariadb_virtual_network_rule","azurerm_marketplace_agreement","azurerm_media_asset","azurerm_media_asset_filter","azurerm_media_content_key_policy","azurerm_media_job","azurerm_media_live_event","azurerm_media_live_event_output","azurerm_media_services_account","azurerm_media_services_account_filter","azurerm_media_streaming_endpoint","azurerm_media_streaming_locator","azurerm_media_streaming_policy","azurerm_media_transform","azurerm_monitor_action_group","azurerm_monitor_action_rule_action_group","azurerm_monitor_action_rule_suppression","azurerm_monitor_activity_log_alert","azurerm_monitor_alert_processing_rule_action_group","azurerm_monitor_alert_processing_rule_suppression","azurerm_monitor_autoscale_setting","azurerm_monitor_data_collection_endpoint","azurerm_monitor_data_collection_rule","azurerm_monitor_data_collection_rule_association","azurerm_monitor_diagnostic_setting","azurerm_monitor_metric_alert","azurerm_monitor_private_link_scope","azurerm_monitor_private_link_scoped_service","azurerm_monitor_scheduled_query_rules_alert","azurerm_monitor_scheduled_query_rules_alert_v2","azurerm_monitor_scheduled_query_rules_log","azurerm_monitor_smart_detector_alert_rule","azurerm_mssql_database","azurerm_mssql_database_extended_auditing_policy","azurerm_mssql_database_vulnerability_assessment_rule_baseline","azurerm_mssql_elasticpool","azurerm_mssql_failover_group","azurerm_mssql_firewall_rule","azurerm_mssql_job_agent","azurerm_mssql_job_credential","azurerm_mssql_managed_database","azurerm_mssql_managed_instance","azurerm_mssql_managed_instance_active_directory_administrator","azurerm_mssql_managed_instance_failover_group","azurerm_mssql_managed_instance_vulnerability_assessment","azurerm_mssql_outbound_firewall_rule","azurerm_mssql_server","azurerm_mssql_server_dns_alias","azurerm_mssql_server_microsoft_support_auditing_policy","azurerm_mssql_server_security_alert_policy","azurerm_mssql_server_transparent_data_encryption","azurerm_mssql_server_vulnerability_assessment","azurerm_mssql_virtual_network_rule","azurerm_mysql_active_directory_administrator","azurerm_mysql_configuration","azurerm_mysql_database","azurerm_mysql_firewall_rule","azurerm_mysql_flexible_database","azurerm_mysql_flexible_server","azurerm_mysql_flexible_server_configuration","azurerm_mysql_flexible_server_firewall_rule","azurerm_mysql_server","azurerm_mysql_virtual_network_rule","azurerm_nat_gateway","azurerm_nat_gateway_public_ip_association","azurerm_nat_gateway_public_ip_prefix_association","azurerm_netapp_account","azurerm_netapp_pool","azurerm_netapp_snapshot","azurerm_netapp_snapshot_policy","azurerm_netapp_volume","azurerm_network_connection_monitor","azurerm_network_ddos_protection_plan","azurerm_network_interface","azurerm_network_interface_application_security_group_association","azurerm_network_interface_backend_address_pool_association","azurerm_network_interface_nat_rule_association","azurerm_network_interface_security_group_association","azurerm_network_manager","azurerm_network_manager_management_group_connection","azurerm_network_manager_network_group","azurerm_network_manager_static_member","azurerm_network_manager_subscription_connection","azurerm_network_packet_capture","azurerm_network_profile","azurerm_network_security_group","azurerm_network_security_rule","azurerm_network_watcher","azurerm_network_watcher_flow_log","azurerm_notification_hub","azurerm_notification_hub_authorization_rule","azurerm_notification_hub_namespace","azurerm_orbital_contact_profile","azurerm_orbital_spacecraft","azurerm_orchestrated_virtual_machine_scale_set","azurerm_pim_active_role_assignment","azurerm_pim_eligible_role_assignment","azurerm_point_to_site_vpn_gateway","azurerm_policy_definition","azurerm_policy_virtual_machine_configuration_assignment","azurerm_portal_dashboard","azurerm_postgresql_active_directory_administrator","azurerm_postgresql_configuration","azurerm_postgresql_database","azurerm_postgresql_firewall_rule","azurerm_postgresql_flexible_server","azurerm_postgresql_flexible_server_active_directory_administrator","azurerm_postgresql_flexible_server_configuration","azurerm_postgresql_flexible_server_database","azurerm_postgresql_flexible_server_firewall_rule","azurerm_postgresql_server","azurerm_postgresql_server_key","azurerm_postgresql_virtual_network_rule","azurerm_powerbi_embedded","azurerm_private_dns_a_record","azurerm_private_dns_aaaa_record","azurerm_private_dns_cname_record","azurerm_private_dns_mx_record","azurerm_private_dns_ptr_record","azurerm_private_dns_resolver","azurerm_private_dns_resolver_inbound_endpoint","azurerm_private_dns_resolver_outbound_endpoint","azurerm_private_dns_srv_record","azurerm_private_dns_txt_record","azurerm_private_dns_zone","azurerm_private_dns_zone_virtual_network_link","azurerm_private_endpoint","azurerm_private_endpoint_application_security_group_association","azurerm_private_link_service","azurerm_proximity_placement_group","azurerm_public_ip","azurerm_public_ip_prefix","azurerm_purview_account","azurerm_recovery_services_vault","azurerm_redis_cache","azurerm_redis_cache_access_policy","azurerm_redis_cache_access_policy_assignment","azurerm_redis_enterprise_cluster","azurerm_redis_enterprise_database","azurerm_redis_firewall_rule","azurerm_redis_linked_server","azurerm_relay_hybrid_connection","azurerm_relay_hybrid_connection_authorization_rule","azurerm_relay_namespace","azurerm_relay_namespace_authorization_rule","azurerm_resource_deployment_script_azure_cli","azurerm_resource_deployment_script_azure_power_shell","azurerm_resource_group","azurerm_resource_group_cost_management_export","azurerm_resource_group_policy_assignment","azurerm_resource_group_template_deployment","azurerm_resource_policy_assignment","azurerm_resource_policy_exemption","azurerm_resource_policy_remediation","azurerm_resource_provider_registration","azurerm_role_assignment","azurerm_role_definition","azurerm_route","azurerm_route_filter","azurerm_route_map","azurerm_route_server","azurerm_route_server_bgp_connection","azurerm_route_table","azurerm_search_service","azurerm_search_shared_private_link_service","azurerm_security_center_assessment","azurerm_security_center_assessment_policy","azurerm_security_center_auto_provisioning","azurerm_security_center_contact","azurerm_security_center_server_vulnerability_assessment","azurerm_security_center_server_vulnerability_assessment_virtual_machine","azurerm_security_center_setting","azurerm_security_center_storage_defender","azurerm_security_center_subscription_pricing","azurerm_security_center_workspace","azurerm_sentinel_alert_rule_fusion","azurerm_sentinel_alert_rule_machine_learning_behavior_analytics","azurerm_sentinel_alert_rule_ms_security_incident","azurerm_sentinel_automation_rule","azurerm_sentinel_data_connector_iot","azurerm_sentinel_log_analytics_workspace_onboarding","azurerm_sentinel_watchlist","azurerm_service_fabric_cluster","azurerm_service_fabric_managed_cluster","azurerm_service_plan","azurerm_servicebus_namespace","azurerm_servicebus_namespace_authorization_rule","azurerm_servicebus_namespace_disaster_recovery_config","azurerm_servicebus_namespace_network_rule_set","azurerm_servicebus_queue","azurerm_servicebus_queue_authorization_rule","azurerm_servicebus_subscription","azurerm_servicebus_subscription_rule","azurerm_servicebus_topic","azurerm_servicebus_topic_authorization_rule","azurerm_shared_image","azurerm_shared_image_gallery","azurerm_signalr_service","azurerm_signalr_service_network_acl","azurerm_signalr_shared_private_link_resource","azurerm_site_recovery_fabric","azurerm_site_recovery_network_mapping","azurerm_site_recovery_protection_container","azurerm_site_recovery_protection_container_mapping","azurerm_site_recovery_replication_policy","azurerm_snapshot","azurerm_source_control_token","azurerm_spatial_anchors_account","azurerm_spring_cloud_accelerator","azurerm_spring_cloud_active_deployment","azurerm_spring_cloud_api_portal","azurerm_spring_cloud_api_portal_custom_domain","azurerm_spring_cloud_app","azurerm_spring_cloud_app_cosmosdb_association","azurerm_spring_cloud_app_mysql_association","azurerm_spring_cloud_app_redis_association","azurerm_spring_cloud_application_live_view","azurerm_spring_cloud_build_deployment","azurerm_spring_cloud_build_pack_binding","azurerm_spring_cloud_builder","azurerm_spring_cloud_certificate","azurerm_spring_cloud_configuration_service","azurerm_spring_cloud_connection","azurerm_spring_cloud_container_deployment","azurerm_spring_cloud_custom_domain","azurerm_spring_cloud_customized_accelerator","azurerm_spring_cloud_dev_tool_portal","azurerm_spring_cloud_gateway","azurerm_spring_cloud_gateway_custom_domain","azurerm_spring_cloud_java_deployment","azurerm_spring_cloud_service","azurerm_spring_cloud_storage","azurerm_ssh_public_key","azurerm_stack_hci_cluster","azurerm_static_site","azurerm_storage_account","azurerm_storage_account_local_user","azurerm_storage_account_network_rules","azurerm_storage_blob","azurerm_storage_blob_inventory_policy","azurerm_storage_container","azurerm_storage_data_lake_gen2_filesystem","azurerm_storage_data_lake_gen2_path","azurerm_storage_encryption_scope","azurerm_storage_management_policy","azurerm_storage_object_replication","azurerm_storage_queue","azurerm_storage_share","azurerm_storage_share_directory","azurerm_storage_sync","azurerm_storage_table","azurerm_storage_table_entity","azurerm_stream_analytics_cluster","azurerm_stream_analytics_function_javascript_uda","azurerm_stream_analytics_job","azurerm_stream_analytics_managed_private_endpoint","azurerm_stream_analytics_output_blob","azurerm_stream_analytics_output_eventhub","azurerm_stream_analytics_output_function","azurerm_stream_analytics_output_mssql","azurerm_stream_analytics_output_powerbi","azurerm_stream_analytics_output_servicebus_queue","azurerm_stream_analytics_output_servicebus_topic","azurerm_stream_analytics_output_synapse","azurerm_stream_analytics_output_table","azurerm_stream_analytics_reference_input_blob","azurerm_stream_analytics_reference_input_mssql","azurerm_stream_analytics_stream_input_blob","azurerm_stream_analytics_stream_input_eventhub","azurerm_stream_analytics_stream_input_iothub","azurerm_subnet","azurerm_subnet_nat_gateway_association","azurerm_subnet_network_security_group_association","azurerm_subnet_route_table_association","azurerm_subnet_service_endpoint_storage_policy","azurerm_subscription","azurerm_subscription_cost_management_export","azurerm_subscription_policy_assignment","azurerm_subscription_policy_exemption","azurerm_subscription_policy_remediation","azurerm_subscription_template_deployment","azurerm_synapse_firewall_rule","azurerm_synapse_integration_runtime_azure","azurerm_synapse_integration_runtime_self_hosted","azurerm_synapse_linked_service","azurerm_synapse_managed_private_endpoint","azurerm_synapse_private_link_hub","azurerm_synapse_role_assignment","azurerm_synapse_spark_pool","azurerm_synapse_sql_pool","azurerm_synapse_sql_pool_extended_auditing_policy","azurerm_synapse_sql_pool_security_alert_policy","azurerm_synapse_sql_pool_workload_classifier","azurerm_synapse_sql_pool_workload_group","azurerm_synapse_workspace","azurerm_synapse_workspace_aad_admin","azurerm_synapse_workspace_extended_auditing_policy","azurerm_synapse_workspace_security_alert_policy","azurerm_synapse_workspace_sql_aad_admin","azurerm_synapse_workspace_vulnerability_assessment","azurerm_traffic_manager_azure_endpoint","azurerm_traffic_manager_external_endpoint","azurerm_traffic_manager_nested_endpoint","azurerm_traffic_manager_profile","azurerm_user_assigned_identity","azurerm_virtual_hub","azurerm_virtual_hub_connection","azurerm_virtual_hub_ip","azurerm_virtual_hub_route_table","azurerm_virtual_hub_route_table_route","azurerm_virtual_hub_security_partner_provider","azurerm_virtual_machine_data_disk_attachment","azurerm_virtual_machine_extension","azurerm_virtual_machine_run_command","azurerm_virtual_network","azurerm_virtual_network_gateway","azurerm_virtual_network_gateway_connection","azurerm_virtual_network_peering","azurerm_virtual_wan","azurerm_vpn_gateway","azurerm_vpn_gateway_connection","azurerm_vpn_server_configuration","azurerm_vpn_server_configuration_policy_group","azurerm_vpn_site","azurerm_web_app_active_slot","azurerm_web_app_hybrid_connection","azurerm_web_application_firewall_policy","azurerm_web_pubsub","azurerm_web_pubsub_hub","azurerm_web_pubsub_network_acl","azurerm_windows_function_app","azurerm_windows_function_app_slot","azurerm_windows_virtual_machine","azurerm_windows_virtual_machine_scale_set","azurerm_windows_web_app","azurerm_windows_web_app_slot"] \ No newline at end of file +["azurerm_advanced_threat_protection","azurerm_analysis_services_server","azurerm_api_management","azurerm_api_management_api","azurerm_api_management_api_diagnostic","azurerm_api_management_api_operation","azurerm_api_management_api_operation_policy","azurerm_api_management_api_operation_tag","azurerm_api_management_api_policy","azurerm_api_management_api_release","azurerm_api_management_api_schema","azurerm_api_management_api_tag","azurerm_api_management_api_version_set","azurerm_api_management_authorization_server","azurerm_api_management_backend","azurerm_api_management_certificate","azurerm_api_management_custom_domain","azurerm_api_management_diagnostic","azurerm_api_management_email_template","azurerm_api_management_gateway","azurerm_api_management_gateway_api","azurerm_api_management_global_schema","azurerm_api_management_identity_provider_aad","azurerm_api_management_identity_provider_facebook","azurerm_api_management_identity_provider_google","azurerm_api_management_identity_provider_microsoft","azurerm_api_management_identity_provider_twitter","azurerm_api_management_logger","azurerm_api_management_named_value","azurerm_api_management_notification_recipient_email","azurerm_api_management_notification_recipient_user","azurerm_api_management_openid_connect_provider","azurerm_api_management_policy","azurerm_api_management_product","azurerm_api_management_product_api","azurerm_api_management_product_policy","azurerm_api_management_product_tag","azurerm_api_management_redis_cache","azurerm_api_management_subscription","azurerm_api_management_tag","azurerm_api_management_user","azurerm_app_configuration","azurerm_app_service_certificate_order","azurerm_app_service_plan","azurerm_application_gateway","azurerm_application_insights","azurerm_application_insights_analytics_item","azurerm_application_insights_api_key","azurerm_application_insights_smart_detection_rule","azurerm_application_insights_standard_web_test","azurerm_application_insights_web_test","azurerm_application_insights_workbook","azurerm_application_insights_workbook_template","azurerm_application_security_group","azurerm_attestation_provider","azurerm_automation_account","azurerm_automation_connection","azurerm_automation_connection_classic_certificate","azurerm_automation_connection_type","azurerm_automation_credential","azurerm_automation_hybrid_runbook_worker_group","azurerm_automation_module","azurerm_automation_runbook","azurerm_automation_schedule","azurerm_automation_variable_bool","azurerm_automation_variable_datetime","azurerm_automation_variable_int","azurerm_automation_variable_string","azurerm_automation_webhook","azurerm_availability_set","azurerm_backup_container_storage_account","azurerm_backup_policy_file_share","azurerm_backup_policy_vm","azurerm_backup_policy_vm_workload","azurerm_backup_protected_file_share","azurerm_backup_protected_vm","azurerm_bastion_host","azurerm_bot_channel_alexa","azurerm_bot_channel_directline","azurerm_bot_channel_line","azurerm_bot_channel_ms_teams","azurerm_bot_channel_slack","azurerm_bot_channel_sms","azurerm_bot_channel_web_chat","azurerm_bot_channels_registration","azurerm_bot_connection","azurerm_bot_web_app","azurerm_capacity_reservation","azurerm_capacity_reservation_group","azurerm_cdn_endpoint","azurerm_cdn_frontdoor_custom_domain","azurerm_cdn_frontdoor_custom_domain_association","azurerm_cdn_frontdoor_endpoint","azurerm_cdn_frontdoor_firewall_policy","azurerm_cdn_frontdoor_origin","azurerm_cdn_frontdoor_origin_group","azurerm_cdn_frontdoor_profile","azurerm_cdn_frontdoor_route","azurerm_cdn_frontdoor_rule","azurerm_cdn_frontdoor_rule_set","azurerm_cdn_frontdoor_security_policy","azurerm_cdn_profile","azurerm_cognitive_account","azurerm_cognitive_deployment","azurerm_communication_service","azurerm_confidential_ledger","azurerm_consumption_budget_management_group","azurerm_consumption_budget_resource_group","azurerm_consumption_budget_subscription","azurerm_container_app","azurerm_container_app_custom_domain","azurerm_container_app_environment","azurerm_container_app_environment_certificate","azurerm_container_app_environment_custom_domain","azurerm_container_app_environment_dapr_component","azurerm_container_app_environment_storage","azurerm_container_connected_registry","azurerm_container_registry","azurerm_container_registry_agent_pool","azurerm_container_registry_scope_map","azurerm_container_registry_token","azurerm_container_registry_token_password","azurerm_container_registry_webhook","azurerm_cosmosdb_account","azurerm_cosmosdb_cassandra_cluster","azurerm_cosmosdb_cassandra_datacenter","azurerm_cosmosdb_cassandra_keyspace","azurerm_cosmosdb_cassandra_table","azurerm_cosmosdb_gremlin_database","azurerm_cosmosdb_gremlin_graph","azurerm_cosmosdb_mongo_collection","azurerm_cosmosdb_mongo_database","azurerm_cosmosdb_sql_container","azurerm_cosmosdb_sql_database","azurerm_cosmosdb_sql_dedicated_gateway","azurerm_cosmosdb_sql_function","azurerm_cosmosdb_sql_role_assignment","azurerm_cosmosdb_sql_role_definition","azurerm_cosmosdb_sql_stored_procedure","azurerm_cosmosdb_sql_trigger","azurerm_cosmosdb_table","azurerm_cost_anomaly_alert","azurerm_custom_provider","azurerm_data_factory","azurerm_data_factory_custom_dataset","azurerm_data_factory_data_flow","azurerm_data_factory_dataset_azure_blob","azurerm_data_factory_dataset_binary","azurerm_data_factory_dataset_cosmosdb_sqlapi","azurerm_data_factory_dataset_delimited_text","azurerm_data_factory_dataset_http","azurerm_data_factory_dataset_json","azurerm_data_factory_dataset_mysql","azurerm_data_factory_dataset_parquet","azurerm_data_factory_dataset_postgresql","azurerm_data_factory_dataset_snowflake","azurerm_data_factory_dataset_sql_server_table","azurerm_data_factory_integration_runtime_azure","azurerm_data_factory_integration_runtime_azure_ssis","azurerm_data_factory_integration_runtime_managed","azurerm_data_factory_integration_runtime_self_hosted","azurerm_data_factory_linked_custom_service","azurerm_data_factory_linked_service_azure_blob_storage","azurerm_data_factory_linked_service_azure_databricks","azurerm_data_factory_linked_service_azure_file_storage","azurerm_data_factory_linked_service_azure_function","azurerm_data_factory_linked_service_azure_search","azurerm_data_factory_linked_service_azure_sql_database","azurerm_data_factory_linked_service_azure_table_storage","azurerm_data_factory_linked_service_cosmosdb","azurerm_data_factory_linked_service_cosmosdb_mongoapi","azurerm_data_factory_linked_service_data_lake_storage_gen2","azurerm_data_factory_linked_service_key_vault","azurerm_data_factory_linked_service_kusto","azurerm_data_factory_linked_service_mysql","azurerm_data_factory_linked_service_odata","azurerm_data_factory_linked_service_odbc","azurerm_data_factory_linked_service_postgresql","azurerm_data_factory_linked_service_sftp","azurerm_data_factory_linked_service_snowflake","azurerm_data_factory_linked_service_sql_server","azurerm_data_factory_linked_service_synapse","azurerm_data_factory_linked_service_web","azurerm_data_factory_managed_private_endpoint","azurerm_data_factory_pipeline","azurerm_data_factory_trigger_blob_event","azurerm_data_factory_trigger_custom_event","azurerm_data_factory_trigger_schedule","azurerm_data_protection_backup_instance_blob_storage","azurerm_data_protection_backup_instance_disk","azurerm_data_protection_backup_instance_kubernetes_cluster","azurerm_data_protection_backup_instance_postgresql","azurerm_data_protection_backup_policy_blob_storage","azurerm_data_protection_backup_policy_disk","azurerm_data_protection_backup_policy_kubernetes_cluster","azurerm_data_protection_backup_policy_postgresql","azurerm_data_protection_backup_vault","azurerm_data_protection_resource_guard","azurerm_data_share","azurerm_data_share_account","azurerm_data_share_dataset_blob_storage","azurerm_data_share_dataset_data_lake_gen2","azurerm_data_share_dataset_kusto_cluster","azurerm_data_share_dataset_kusto_database","azurerm_database_migration_project","azurerm_database_migration_service","azurerm_databox_edge_device","azurerm_databricks_access_connector","azurerm_databricks_workspace","azurerm_databricks_workspace_customer_managed_key","azurerm_databricks_workspace_root_dbfs_customer_managed_key","azurerm_dedicated_host","azurerm_dev_test_global_vm_shutdown_schedule","azurerm_dev_test_lab","azurerm_dev_test_linux_virtual_machine","azurerm_dev_test_policy","azurerm_dev_test_schedule","azurerm_dev_test_virtual_network","azurerm_dev_test_windows_virtual_machine","azurerm_digital_twins_instance","azurerm_disk_access","azurerm_disk_encryption_set","azurerm_disk_pool","azurerm_dns_a_record","azurerm_dns_aaaa_record","azurerm_dns_caa_record","azurerm_dns_cname_record","azurerm_dns_mx_record","azurerm_dns_ns_record","azurerm_dns_ptr_record","azurerm_dns_srv_record","azurerm_dns_txt_record","azurerm_dns_zone","azurerm_elastic_cloud_elasticsearch","azurerm_eventgrid_domain","azurerm_eventgrid_domain_topic","azurerm_eventgrid_event_subscription","azurerm_eventgrid_system_topic","azurerm_eventgrid_topic","azurerm_eventhub","azurerm_eventhub_authorization_rule","azurerm_eventhub_consumer_group","azurerm_eventhub_namespace","azurerm_eventhub_namespace_authorization_rule","azurerm_eventhub_namespace_disaster_recovery_config","azurerm_eventhub_namespace_schema_group","azurerm_express_route_circuit","azurerm_express_route_circuit_authorization","azurerm_express_route_circuit_connection","azurerm_express_route_circuit_peering","azurerm_express_route_connection","azurerm_express_route_gateway","azurerm_express_route_port","azurerm_federated_identity_credential","azurerm_firewall","azurerm_firewall_application_rule_collection","azurerm_firewall_nat_rule_collection","azurerm_firewall_network_rule_collection","azurerm_firewall_policy","azurerm_firewall_policy_rule_collection_group","azurerm_fluid_relay_server","azurerm_frontdoor","azurerm_frontdoor_custom_https_configuration","azurerm_frontdoor_firewall_policy","azurerm_frontdoor_rules_engine","azurerm_function_app","azurerm_function_app_active_slot","azurerm_function_app_function","azurerm_function_app_hybrid_connection","azurerm_function_app_slot","azurerm_gallery_application","azurerm_gallery_application_version","azurerm_hdinsight_hadoop_cluster","azurerm_hdinsight_hbase_cluster","azurerm_hdinsight_interactive_query_cluster","azurerm_hdinsight_kafka_cluster","azurerm_hdinsight_spark_cluster","azurerm_healthbot","azurerm_healthcare_dicom_service","azurerm_healthcare_fhir_service","azurerm_healthcare_medtech_service","azurerm_healthcare_medtech_service_fhir_destination","azurerm_healthcare_service","azurerm_healthcare_workspace","azurerm_hpc_cache","azurerm_hpc_cache_access_policy","azurerm_hpc_cache_blob_nfs_target","azurerm_hpc_cache_blob_target","azurerm_hpc_cache_nfs_target","azurerm_image","azurerm_integration_service_environment","azurerm_iot_security_device_group","azurerm_iot_security_solution","azurerm_iot_time_series_insights_event_source_eventhub","azurerm_iot_time_series_insights_event_source_iothub","azurerm_iot_time_series_insights_gen2_environment","azurerm_iot_time_series_insights_reference_data_set","azurerm_iot_time_series_insights_standard_environment","azurerm_iotcentral_application","azurerm_iotcentral_application_network_rule_set","azurerm_iothub","azurerm_iothub_certificate","azurerm_iothub_consumer_group","azurerm_iothub_device_update_account","azurerm_iothub_device_update_instance","azurerm_iothub_dps","azurerm_iothub_dps_certificate","azurerm_iothub_dps_shared_access_policy","azurerm_iothub_endpoint_eventhub","azurerm_iothub_endpoint_servicebus_queue","azurerm_iothub_endpoint_servicebus_topic","azurerm_iothub_endpoint_storage_container","azurerm_iothub_enrichment","azurerm_iothub_fallback_route","azurerm_iothub_route","azurerm_iothub_shared_access_policy","azurerm_ip_group","azurerm_key_vault","azurerm_key_vault_access_policy","azurerm_key_vault_certificate","azurerm_key_vault_certificate_contacts","azurerm_key_vault_certificate_issuer","azurerm_key_vault_key","azurerm_key_vault_managed_hardware_security_module","azurerm_key_vault_managed_storage_account","azurerm_key_vault_managed_storage_account_sas_token_definition","azurerm_key_vault_secret","azurerm_kubernetes_cluster","azurerm_kubernetes_cluster_extension","azurerm_kubernetes_cluster_node_pool","azurerm_kubernetes_cluster_trusted_access_role_binding","azurerm_kubernetes_fleet_manager","azurerm_kusto_attached_database_configuration","azurerm_kusto_cluster","azurerm_kusto_cluster_managed_private_endpoint","azurerm_kusto_cluster_principal_assignment","azurerm_kusto_database","azurerm_kusto_database_principal_assignment","azurerm_kusto_eventgrid_data_connection","azurerm_kusto_eventhub_data_connection","azurerm_kusto_iothub_data_connection","azurerm_lab_service_lab","azurerm_lab_service_plan","azurerm_lb","azurerm_lb_backend_address_pool","azurerm_lb_backend_address_pool_address","azurerm_lb_nat_pool","azurerm_lb_nat_rule","azurerm_lb_outbound_rule","azurerm_lb_probe","azurerm_lb_rule","azurerm_linux_function_app","azurerm_linux_function_app_slot","azurerm_linux_virtual_machine","azurerm_linux_virtual_machine_scale_set","azurerm_linux_web_app","azurerm_linux_web_app_slot","azurerm_load_test","azurerm_local_network_gateway","azurerm_log_analytics_data_export_rule","azurerm_log_analytics_datasource_windows_event","azurerm_log_analytics_datasource_windows_performance_counter","azurerm_log_analytics_linked_service","azurerm_log_analytics_linked_storage_account","azurerm_log_analytics_query_pack","azurerm_log_analytics_query_pack_query","azurerm_log_analytics_saved_search","azurerm_log_analytics_solution","azurerm_log_analytics_workspace","azurerm_logic_app_action_custom","azurerm_logic_app_action_http","azurerm_logic_app_integration_account","azurerm_logic_app_integration_account_batch_configuration","azurerm_logic_app_integration_account_partner","azurerm_logic_app_integration_account_schema","azurerm_logic_app_integration_account_session","azurerm_logic_app_trigger_custom","azurerm_logic_app_trigger_http_request","azurerm_logic_app_trigger_recurrence","azurerm_logic_app_workflow","azurerm_logz_monitor","azurerm_logz_sub_account","azurerm_logz_sub_account_tag_rule","azurerm_logz_tag_rule","azurerm_machine_learning_compute_cluster","azurerm_machine_learning_compute_instance","azurerm_machine_learning_synapse_spark","azurerm_machine_learning_workspace","azurerm_maintenance_assignment_dedicated_host","azurerm_maintenance_assignment_virtual_machine","azurerm_maintenance_configuration","azurerm_managed_application_definition","azurerm_managed_disk","azurerm_managed_disk_sas_token","azurerm_management_group","azurerm_management_group_subscription_association","azurerm_management_lock","azurerm_maps_account","azurerm_maps_creator","azurerm_mariadb_configuration","azurerm_mariadb_database","azurerm_mariadb_firewall_rule","azurerm_mariadb_server","azurerm_mariadb_virtual_network_rule","azurerm_marketplace_agreement","azurerm_media_asset","azurerm_media_asset_filter","azurerm_media_content_key_policy","azurerm_media_job","azurerm_media_live_event","azurerm_media_live_event_output","azurerm_media_services_account","azurerm_media_services_account_filter","azurerm_media_streaming_endpoint","azurerm_media_streaming_locator","azurerm_media_streaming_policy","azurerm_media_transform","azurerm_monitor_action_group","azurerm_monitor_action_rule_action_group","azurerm_monitor_action_rule_suppression","azurerm_monitor_activity_log_alert","azurerm_monitor_alert_processing_rule_action_group","azurerm_monitor_alert_processing_rule_suppression","azurerm_monitor_autoscale_setting","azurerm_monitor_data_collection_endpoint","azurerm_monitor_data_collection_rule","azurerm_monitor_data_collection_rule_association","azurerm_monitor_diagnostic_setting","azurerm_monitor_metric_alert","azurerm_monitor_private_link_scope","azurerm_monitor_private_link_scoped_service","azurerm_monitor_scheduled_query_rules_alert","azurerm_monitor_scheduled_query_rules_alert_v2","azurerm_monitor_scheduled_query_rules_log","azurerm_monitor_smart_detector_alert_rule","azurerm_mssql_database","azurerm_mssql_database_extended_auditing_policy","azurerm_mssql_database_vulnerability_assessment_rule_baseline","azurerm_mssql_elasticpool","azurerm_mssql_failover_group","azurerm_mssql_firewall_rule","azurerm_mssql_job_agent","azurerm_mssql_job_credential","azurerm_mssql_managed_database","azurerm_mssql_managed_instance","azurerm_mssql_managed_instance_active_directory_administrator","azurerm_mssql_managed_instance_failover_group","azurerm_mssql_managed_instance_vulnerability_assessment","azurerm_mssql_outbound_firewall_rule","azurerm_mssql_server","azurerm_mssql_server_dns_alias","azurerm_mssql_server_microsoft_support_auditing_policy","azurerm_mssql_server_security_alert_policy","azurerm_mssql_server_transparent_data_encryption","azurerm_mssql_server_vulnerability_assessment","azurerm_mssql_virtual_network_rule","azurerm_mysql_active_directory_administrator","azurerm_mysql_configuration","azurerm_mysql_database","azurerm_mysql_firewall_rule","azurerm_mysql_flexible_database","azurerm_mysql_flexible_server","azurerm_mysql_flexible_server_configuration","azurerm_mysql_flexible_server_firewall_rule","azurerm_mysql_server","azurerm_mysql_virtual_network_rule","azurerm_nat_gateway","azurerm_nat_gateway_public_ip_association","azurerm_nat_gateway_public_ip_prefix_association","azurerm_netapp_account","azurerm_netapp_pool","azurerm_netapp_snapshot","azurerm_netapp_snapshot_policy","azurerm_netapp_volume","azurerm_network_connection_monitor","azurerm_network_ddos_protection_plan","azurerm_network_interface","azurerm_network_interface_application_security_group_association","azurerm_network_interface_backend_address_pool_association","azurerm_network_interface_nat_rule_association","azurerm_network_interface_security_group_association","azurerm_network_manager","azurerm_network_manager_management_group_connection","azurerm_network_manager_network_group","azurerm_network_manager_static_member","azurerm_network_manager_subscription_connection","azurerm_network_packet_capture","azurerm_network_profile","azurerm_network_security_group","azurerm_network_security_rule","azurerm_network_watcher","azurerm_network_watcher_flow_log","azurerm_notification_hub","azurerm_notification_hub_authorization_rule","azurerm_notification_hub_namespace","azurerm_orbital_contact_profile","azurerm_orbital_spacecraft","azurerm_orchestrated_virtual_machine_scale_set","azurerm_pim_active_role_assignment","azurerm_pim_eligible_role_assignment","azurerm_point_to_site_vpn_gateway","azurerm_policy_definition","azurerm_policy_virtual_machine_configuration_assignment","azurerm_portal_dashboard","azurerm_postgresql_active_directory_administrator","azurerm_postgresql_configuration","azurerm_postgresql_database","azurerm_postgresql_firewall_rule","azurerm_postgresql_flexible_server","azurerm_postgresql_flexible_server_active_directory_administrator","azurerm_postgresql_flexible_server_configuration","azurerm_postgresql_flexible_server_database","azurerm_postgresql_flexible_server_firewall_rule","azurerm_postgresql_server","azurerm_postgresql_server_key","azurerm_postgresql_virtual_network_rule","azurerm_powerbi_embedded","azurerm_private_dns_a_record","azurerm_private_dns_aaaa_record","azurerm_private_dns_cname_record","azurerm_private_dns_mx_record","azurerm_private_dns_ptr_record","azurerm_private_dns_resolver","azurerm_private_dns_resolver_inbound_endpoint","azurerm_private_dns_resolver_outbound_endpoint","azurerm_private_dns_srv_record","azurerm_private_dns_txt_record","azurerm_private_dns_zone","azurerm_private_dns_zone_virtual_network_link","azurerm_private_endpoint","azurerm_private_endpoint_application_security_group_association","azurerm_private_link_service","azurerm_proximity_placement_group","azurerm_public_ip","azurerm_public_ip_prefix","azurerm_purview_account","azurerm_recovery_services_vault","azurerm_redis_cache","azurerm_redis_cache_access_policy","azurerm_redis_cache_access_policy_assignment","azurerm_redis_enterprise_cluster","azurerm_redis_enterprise_database","azurerm_redis_firewall_rule","azurerm_redis_linked_server","azurerm_relay_hybrid_connection","azurerm_relay_hybrid_connection_authorization_rule","azurerm_relay_namespace","azurerm_relay_namespace_authorization_rule","azurerm_resource_deployment_script_azure_cli","azurerm_resource_deployment_script_azure_power_shell","azurerm_resource_group","azurerm_resource_group_cost_management_export","azurerm_resource_group_policy_assignment","azurerm_resource_group_template_deployment","azurerm_resource_policy_assignment","azurerm_resource_policy_exemption","azurerm_resource_policy_remediation","azurerm_resource_provider_registration","azurerm_role_assignment","azurerm_role_definition","azurerm_route","azurerm_route_filter","azurerm_route_map","azurerm_route_server","azurerm_route_server_bgp_connection","azurerm_route_table","azurerm_search_service","azurerm_search_shared_private_link_service","azurerm_security_center_assessment","azurerm_security_center_assessment_policy","azurerm_security_center_auto_provisioning","azurerm_security_center_contact","azurerm_security_center_server_vulnerability_assessment","azurerm_security_center_server_vulnerability_assessment_virtual_machine","azurerm_security_center_setting","azurerm_security_center_storage_defender","azurerm_security_center_subscription_pricing","azurerm_security_center_workspace","azurerm_sentinel_alert_rule_fusion","azurerm_sentinel_alert_rule_machine_learning_behavior_analytics","azurerm_sentinel_alert_rule_ms_security_incident","azurerm_sentinel_automation_rule","azurerm_sentinel_data_connector_iot","azurerm_sentinel_log_analytics_workspace_onboarding","azurerm_sentinel_watchlist","azurerm_service_fabric_cluster","azurerm_service_fabric_managed_cluster","azurerm_service_plan","azurerm_servicebus_namespace","azurerm_servicebus_namespace_authorization_rule","azurerm_servicebus_namespace_disaster_recovery_config","azurerm_servicebus_namespace_network_rule_set","azurerm_servicebus_queue","azurerm_servicebus_queue_authorization_rule","azurerm_servicebus_subscription","azurerm_servicebus_subscription_rule","azurerm_servicebus_topic","azurerm_servicebus_topic_authorization_rule","azurerm_shared_image","azurerm_shared_image_gallery","azurerm_signalr_service","azurerm_signalr_service_network_acl","azurerm_signalr_shared_private_link_resource","azurerm_site_recovery_fabric","azurerm_site_recovery_network_mapping","azurerm_site_recovery_protection_container","azurerm_site_recovery_protection_container_mapping","azurerm_site_recovery_replication_policy","azurerm_snapshot","azurerm_source_control_token","azurerm_spatial_anchors_account","azurerm_spring_cloud_accelerator","azurerm_spring_cloud_active_deployment","azurerm_spring_cloud_api_portal","azurerm_spring_cloud_api_portal_custom_domain","azurerm_spring_cloud_app","azurerm_spring_cloud_app_cosmosdb_association","azurerm_spring_cloud_app_mysql_association","azurerm_spring_cloud_app_redis_association","azurerm_spring_cloud_application_live_view","azurerm_spring_cloud_build_deployment","azurerm_spring_cloud_build_pack_binding","azurerm_spring_cloud_builder","azurerm_spring_cloud_certificate","azurerm_spring_cloud_configuration_service","azurerm_spring_cloud_connection","azurerm_spring_cloud_container_deployment","azurerm_spring_cloud_custom_domain","azurerm_spring_cloud_customized_accelerator","azurerm_spring_cloud_dev_tool_portal","azurerm_spring_cloud_gateway","azurerm_spring_cloud_gateway_custom_domain","azurerm_spring_cloud_java_deployment","azurerm_spring_cloud_service","azurerm_spring_cloud_storage","azurerm_ssh_public_key","azurerm_stack_hci_cluster","azurerm_static_site","azurerm_storage_account","azurerm_storage_account_local_user","azurerm_storage_account_network_rules","azurerm_storage_blob","azurerm_storage_blob_inventory_policy","azurerm_storage_container","azurerm_storage_data_lake_gen2_filesystem","azurerm_storage_data_lake_gen2_path","azurerm_storage_encryption_scope","azurerm_storage_management_policy","azurerm_storage_object_replication","azurerm_storage_queue","azurerm_storage_share","azurerm_storage_share_directory","azurerm_storage_sync","azurerm_storage_table","azurerm_storage_table_entity","azurerm_stream_analytics_cluster","azurerm_stream_analytics_function_javascript_uda","azurerm_stream_analytics_job","azurerm_stream_analytics_managed_private_endpoint","azurerm_stream_analytics_output_blob","azurerm_stream_analytics_output_eventhub","azurerm_stream_analytics_output_function","azurerm_stream_analytics_output_mssql","azurerm_stream_analytics_output_powerbi","azurerm_stream_analytics_output_servicebus_queue","azurerm_stream_analytics_output_servicebus_topic","azurerm_stream_analytics_output_synapse","azurerm_stream_analytics_output_table","azurerm_stream_analytics_reference_input_blob","azurerm_stream_analytics_reference_input_mssql","azurerm_stream_analytics_stream_input_blob","azurerm_stream_analytics_stream_input_eventhub","azurerm_stream_analytics_stream_input_iothub","azurerm_subnet","azurerm_subnet_nat_gateway_association","azurerm_subnet_network_security_group_association","azurerm_subnet_route_table_association","azurerm_subnet_service_endpoint_storage_policy","azurerm_subscription","azurerm_subscription_cost_management_export","azurerm_subscription_policy_assignment","azurerm_subscription_policy_exemption","azurerm_subscription_policy_remediation","azurerm_subscription_template_deployment","azurerm_synapse_firewall_rule","azurerm_synapse_integration_runtime_azure","azurerm_synapse_integration_runtime_self_hosted","azurerm_synapse_linked_service","azurerm_synapse_managed_private_endpoint","azurerm_synapse_private_link_hub","azurerm_synapse_role_assignment","azurerm_synapse_spark_pool","azurerm_synapse_sql_pool","azurerm_synapse_sql_pool_extended_auditing_policy","azurerm_synapse_sql_pool_security_alert_policy","azurerm_synapse_sql_pool_workload_classifier","azurerm_synapse_sql_pool_workload_group","azurerm_synapse_workspace","azurerm_synapse_workspace_aad_admin","azurerm_synapse_workspace_extended_auditing_policy","azurerm_synapse_workspace_security_alert_policy","azurerm_synapse_workspace_sql_aad_admin","azurerm_synapse_workspace_vulnerability_assessment","azurerm_traffic_manager_azure_endpoint","azurerm_traffic_manager_external_endpoint","azurerm_traffic_manager_nested_endpoint","azurerm_traffic_manager_profile","azurerm_user_assigned_identity","azurerm_virtual_hub","azurerm_virtual_hub_connection","azurerm_virtual_hub_ip","azurerm_virtual_hub_route_table","azurerm_virtual_hub_route_table_route","azurerm_virtual_hub_security_partner_provider","azurerm_virtual_machine_data_disk_attachment","azurerm_virtual_machine_extension","azurerm_virtual_machine_run_command","azurerm_virtual_network","azurerm_virtual_network_gateway","azurerm_virtual_network_gateway_connection","azurerm_virtual_network_peering","azurerm_virtual_wan","azurerm_vpn_gateway","azurerm_vpn_gateway_connection","azurerm_vpn_server_configuration","azurerm_vpn_server_configuration_policy_group","azurerm_vpn_site","azurerm_web_app_active_slot","azurerm_web_app_hybrid_connection","azurerm_web_application_firewall_policy","azurerm_web_pubsub","azurerm_web_pubsub_hub","azurerm_web_pubsub_network_acl","azurerm_windows_function_app","azurerm_windows_function_app_slot","azurerm_windows_virtual_machine","azurerm_windows_virtual_machine_scale_set","azurerm_windows_web_app","azurerm_windows_web_app_slot"] \ No newline at end of file diff --git a/examples-generated/authorization/v1beta1/trustedaccessrolebinding.yaml b/examples-generated/authorization/v1beta1/trustedaccessrolebinding.yaml new file mode 100644 index 000000000..bf2e29b7b --- /dev/null +++ b/examples-generated/authorization/v1beta1/trustedaccessrolebinding.yaml @@ -0,0 +1,161 @@ +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: TrustedAccessRoleBinding +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + kubernetesClusterIdSelector: + matchLabels: + testing.upbound.io/example-name: example + roles: example-value + sourceResourceIdSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: insights.azure.upbound.io/v1beta1 +kind: ApplicationInsights +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + applicationType: example-value + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: keyvault.azure.upbound.io/v1beta2 +kind: Vault +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example + skuName: example-value + softDeleteRetentionDays: example-value + tenantId: ${data.azurerm_client_config.example.tenant_id} + +--- + +apiVersion: keyvault.azure.upbound.io/v1beta1 +kind: AccessPolicy +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + keyPermissions: example-value + keyVaultIdSelector: + matchLabels: + testing.upbound.io/example-name: example + objectId: ${data.azurerm_client_config.example.object_id} + tenantId: ${data.azurerm_client_config.example.tenant_id} + +--- + +apiVersion: containerservice.azure.upbound.io/v1beta2 +kind: KubernetesCluster +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + defaultNodePool: + - name: example-value + nodeCount: example-value + upgradeSettings: + - maxSurge: example-value + vmSize: example-value + dnsPrefix: acctestaksexample + identity: + - type: example-value + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: machinelearningservices.azure.upbound.io/v1beta2 +kind: Workspace +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + applicationInsightsIdSelector: + matchLabels: + testing.upbound.io/example-name: example + identity: + - type: example-value + keyVaultIdSelector: + matchLabels: + testing.upbound.io/example-name: example + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example + storageAccountIdSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: azure.upbound.io/v1beta1 +kind: ResourceGroup +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + location: West Europe + +--- + +apiVersion: storage.azure.upbound.io/v1beta2 +kind: Account +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + accountReplicationType: example-value + accountTier: example-value + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example diff --git a/examples-generated/dataprotection/v1beta1/backupinstancekubernetescluster.yaml b/examples-generated/dataprotection/v1beta1/backupinstancekubernetescluster.yaml index e530fe28e..6f49da039 100644 --- a/examples-generated/dataprotection/v1beta1/backupinstancekubernetescluster.yaml +++ b/examples-generated/dataprotection/v1beta1/backupinstancekubernetescluster.yaml @@ -148,6 +148,27 @@ spec: --- +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: TrustedAccessRoleBinding +metadata: + annotations: + meta.upbound.io/example-id: dataprotection/v1beta1/backupinstancekubernetescluster + labels: + testing.upbound.io/example-name: aks_cluster_trusted_access + name: aks-cluster-trusted-access +spec: + forProvider: + kubernetesClusterIdSelector: + matchLabels: + testing.upbound.io/example-name: example + roles: + - Microsoft.DataProtection/backupVaults/backup-operator + sourceResourceIdSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + apiVersion: azure.upbound.io/v1beta1 kind: ResourceGroup metadata: diff --git a/examples/authorization/v1beta1/trustedaccessrolebinding.yaml b/examples/authorization/v1beta1/trustedaccessrolebinding.yaml new file mode 100644 index 000000000..167d83874 --- /dev/null +++ b/examples/authorization/v1beta1/trustedaccessrolebinding.yaml @@ -0,0 +1,186 @@ +apiVersion: authorization.azure.upbound.io/v1beta1 +kind: TrustedAccessRoleBinding +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ta-rb +spec: + forProvider: + kubernetesClusterIdSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + roles: + - "Microsoft.MachineLearningServices/workspaces/mlworkload" + sourceResourceIdSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + +--- + +apiVersion: insights.azure.upbound.io/v1beta1 +kind: ApplicationInsights +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ai-tarb +spec: + forProvider: + applicationType: web + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + +--- + +apiVersion: insights.azure.upbound.io/v1beta1 +kind: MonitorActionGroup +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ta-rb-ai-mag +spec: + forProvider: + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + shortName: examplegroup + +--- + +apiVersion: alertsmanagement.azure.upbound.io/v1beta1 +kind: MonitorSmartDetectorAlertRule +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ta-rb-ai-msdar +spec: + forProvider: + name: myrule + actionGroup: + - idsRefs: + - name: example-ta-rb-ai-mag + detectorType: FailureAnomaliesDetector + frequency: PT1M + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + scopeResourceIdsRefs: + - name: example-ai-tarb + severity: Sev0 + +--- + +apiVersion: keyvault.azure.upbound.io/v1beta1 +kind: Vault +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ai-v +spec: + forProvider: + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + skuName: premium + softDeleteRetentionDays: 8 + tenantId: ${data.azurerm_client_config.current.tenant_id} + +--- + + +apiVersion: containerservice.azure.upbound.io/v1beta1 +kind: KubernetesCluster +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ta-rb-kc +spec: + forProvider: + defaultNodePool: + - name: default + nodeCount: 1 + vmSize: Standard_D2_v2 + upgradeSettings: + - maxSurge: '10%' + dnsPrefix: exampleaks1 + identity: + - type: SystemAssigned + location: North Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + +--- + +apiVersion: machinelearningservices.azure.upbound.io/v1beta2 +kind: Workspace +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-${Rand.RFC1123Subdomain} +spec: + forProvider: + applicationInsightsIdSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + identity: + type: SystemAssigned + keyVaultIdSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + storageAccountIdSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb + +--- + +apiVersion: azure.upbound.io/v1beta1 +kind: ResourceGroup +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: example-ta-rb-rg +spec: + forProvider: + location: West Europe + +--- + +apiVersion: storage.azure.upbound.io/v1beta2 +kind: Account +metadata: + annotations: + meta.upbound.io/example-id: authorization/v1beta1/trustedaccessrolebinding + labels: + testing.upbound.io/example-name: example-ta-rb + name: exampletarbac +spec: + forProvider: + accountReplicationType: LRS + accountTier: Standard + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example-ta-rb diff --git a/internal/controller/authorization/trustedaccessrolebinding/zz_controller.go b/internal/controller/authorization/trustedaccessrolebinding/zz_controller.go new file mode 100755 index 000000000..79c28136e --- /dev/null +++ b/internal/controller/authorization/trustedaccessrolebinding/zz_controller.go @@ -0,0 +1,92 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package trustedaccessrolebinding + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-azure/apis/authorization/v1beta1" + features "github.com/upbound/provider-azure/internal/features" +) + +// Setup adds a controller that reconciles TrustedAccessRoleBinding managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.TrustedAccessRoleBinding_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.TrustedAccessRoleBinding_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.TrustedAccessRoleBinding_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["azurerm_kubernetes_cluster_trusted_access_role_binding"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.TrustedAccessRoleBinding_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.TrustedAccessRoleBinding + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.TrustedAccessRoleBinding{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.TrustedAccessRoleBinding") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.TrustedAccessRoleBindingList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.TrustedAccessRoleBindingList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.TrustedAccessRoleBinding_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.TrustedAccessRoleBinding{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_authorization_setup.go b/internal/controller/zz_authorization_setup.go index 557c4b07c..1d926e2c6 100755 --- a/internal/controller/zz_authorization_setup.go +++ b/internal/controller/zz_authorization_setup.go @@ -20,6 +20,7 @@ import ( roledefinition "github.com/upbound/provider-azure/internal/controller/authorization/roledefinition" subscriptionpolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/subscriptionpolicyassignment" subscriptionpolicyexemption "github.com/upbound/provider-azure/internal/controller/authorization/subscriptionpolicyexemption" + trustedaccessrolebinding "github.com/upbound/provider-azure/internal/controller/authorization/trustedaccessrolebinding" ) // Setup_authorization creates all controllers with the supplied logger and adds them to @@ -37,6 +38,7 @@ func Setup_authorization(mgr ctrl.Manager, o controller.Options) error { roledefinition.Setup, subscriptionpolicyassignment.Setup, subscriptionpolicyexemption.Setup, + trustedaccessrolebinding.Setup, } { if err := setup(mgr, o); err != nil { return err diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 38c400438..4907ef44b 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -89,6 +89,7 @@ import ( roledefinition "github.com/upbound/provider-azure/internal/controller/authorization/roledefinition" subscriptionpolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/subscriptionpolicyassignment" subscriptionpolicyexemption "github.com/upbound/provider-azure/internal/controller/authorization/subscriptionpolicyexemption" + trustedaccessrolebinding "github.com/upbound/provider-azure/internal/controller/authorization/trustedaccessrolebinding" account "github.com/upbound/provider-azure/internal/controller/automation/account" connection "github.com/upbound/provider-azure/internal/controller/automation/connection" connectionclassiccertificate "github.com/upbound/provider-azure/internal/controller/automation/connectionclassiccertificate" @@ -834,6 +835,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { roledefinition.Setup, subscriptionpolicyassignment.Setup, subscriptionpolicyexemption.Setup, + trustedaccessrolebinding.Setup, account.Setup, connection.Setup, connectionclassiccertificate.Setup, diff --git a/package/crds/authorization.azure.upbound.io_trustedaccessrolebindings.yaml b/package/crds/authorization.azure.upbound.io_trustedaccessrolebindings.yaml new file mode 100644 index 000000000..57240fa46 --- /dev/null +++ b/package/crds/authorization.azure.upbound.io_trustedaccessrolebindings.yaml @@ -0,0 +1,608 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: trustedaccessrolebindings.authorization.azure.upbound.io +spec: + group: authorization.azure.upbound.io + names: + categories: + - crossplane + - managed + - azure + kind: TrustedAccessRoleBinding + listKind: TrustedAccessRoleBindingList + plural: trustedaccessrolebindings + singular: trustedaccessrolebinding + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TrustedAccessRoleBinding is the Schema for the TrustedAccessRoleBindings + API. Manages a Kubernetes Cluster Trusted Access Role Binding. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TrustedAccessRoleBindingSpec defines the desired state of + TrustedAccessRoleBinding + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + kubernetesClusterId: + description: Specifies the Kubernetes Cluster Id within which + this Kubernetes Cluster Trusted Access Role Binding should exist. + Changing this forces a new Kubernetes Cluster Trusted Access + Role Binding to be created. + type: string + kubernetesClusterIdRef: + description: Reference to a KubernetesCluster in containerservice + to populate kubernetesClusterId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kubernetesClusterIdSelector: + description: Selector for a KubernetesCluster in containerservice + to populate kubernetesClusterId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + roles: + description: A list of roles to bind, each item is a resource + type qualified role name. + items: + type: string + type: array + sourceResourceId: + description: The ARM resource ID of source resource that trusted + access is configured for. Changing this forces a new Kubernetes + Cluster Trusted Access Role Binding to be created. + type: string + sourceResourceIdRef: + description: Reference to a Workspace in machinelearningservices + to populate sourceResourceId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + sourceResourceIdSelector: + description: Selector for a Workspace in machinelearningservices + to populate sourceResourceId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + roles: + description: A list of roles to bind, each item is a resource + type qualified role name. + items: + type: string + type: array + sourceResourceId: + description: The ARM resource ID of source resource that trusted + access is configured for. Changing this forces a new Kubernetes + Cluster Trusted Access Role Binding to be created. + type: string + sourceResourceIdRef: + description: Reference to a Workspace in machinelearningservices + to populate sourceResourceId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + sourceResourceIdSelector: + description: Selector for a Workspace in machinelearningservices + to populate sourceResourceId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.roles is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.roles) + || (has(self.initProvider) && has(self.initProvider.roles))' + status: + description: TrustedAccessRoleBindingStatus defines the observed state + of TrustedAccessRoleBinding. + properties: + atProvider: + properties: + id: + description: The ID of the Kubernetes Cluster Trusted Access Role + Binding. + type: string + kubernetesClusterId: + description: Specifies the Kubernetes Cluster Id within which + this Kubernetes Cluster Trusted Access Role Binding should exist. + Changing this forces a new Kubernetes Cluster Trusted Access + Role Binding to be created. + type: string + roles: + description: A list of roles to bind, each item is a resource + type qualified role name. + items: + type: string + type: array + sourceResourceId: + description: The ARM resource ID of source resource that trusted + access is configured for. Changing this forces a new Kubernetes + Cluster Trusted Access Role Binding to be created. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}