diff --git a/apis/identitystore/v1beta1/zz_generated.deepcopy.go b/apis/identitystore/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..2447fe0fdf --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,1389 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "github.com/crossplane/crossplane-runtime/apis/common/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddressesInitParameters) DeepCopyInto(out *AddressesInitParameters) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.Locality != nil { + in, out := &in.Locality, &out.Locality + *out = new(string) + **out = **in + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressesInitParameters. +func (in *AddressesInitParameters) DeepCopy() *AddressesInitParameters { + if in == nil { + return nil + } + out := new(AddressesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddressesObservation) DeepCopyInto(out *AddressesObservation) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.Locality != nil { + in, out := &in.Locality, &out.Locality + *out = new(string) + **out = **in + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressesObservation. +func (in *AddressesObservation) DeepCopy() *AddressesObservation { + if in == nil { + return nil + } + out := new(AddressesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddressesParameters) DeepCopyInto(out *AddressesParameters) { + *out = *in + if in.Country != nil { + in, out := &in.Country, &out.Country + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.Locality != nil { + in, out := &in.Locality, &out.Locality + *out = new(string) + **out = **in + } + if in.PostalCode != nil { + in, out := &in.PostalCode, &out.PostalCode + *out = new(string) + **out = **in + } + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.StreetAddress != nil { + in, out := &in.StreetAddress, &out.StreetAddress + *out = new(string) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressesParameters. +func (in *AddressesParameters) DeepCopy() *AddressesParameters { + if in == nil { + return nil + } + out := new(AddressesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailsInitParameters) DeepCopyInto(out *EmailsInitParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailsInitParameters. +func (in *EmailsInitParameters) DeepCopy() *EmailsInitParameters { + if in == nil { + return nil + } + out := new(EmailsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailsObservation) DeepCopyInto(out *EmailsObservation) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailsObservation. +func (in *EmailsObservation) DeepCopy() *EmailsObservation { + if in == nil { + return nil + } + out := new(EmailsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailsParameters) DeepCopyInto(out *EmailsParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailsParameters. +func (in *EmailsParameters) DeepCopy() *EmailsParameters { + if in == nil { + return nil + } + out := new(EmailsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIdsInitParameters) DeepCopyInto(out *ExternalIdsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIdsInitParameters. +func (in *ExternalIdsInitParameters) DeepCopy() *ExternalIdsInitParameters { + if in == nil { + return nil + } + out := new(ExternalIdsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIdsObservation) DeepCopyInto(out *ExternalIdsObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Issuer != nil { + in, out := &in.Issuer, &out.Issuer + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIdsObservation. +func (in *ExternalIdsObservation) DeepCopy() *ExternalIdsObservation { + if in == nil { + return nil + } + out := new(ExternalIdsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIdsParameters) DeepCopyInto(out *ExternalIdsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIdsParameters. +func (in *ExternalIdsParameters) DeepCopy() *ExternalIdsParameters { + if in == nil { + return nil + } + out := new(ExternalIdsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Group) DeepCopyInto(out *Group) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Group. +func (in *Group) DeepCopy() *Group { + if in == nil { + return nil + } + out := new(Group) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Group) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupInitParameters) DeepCopyInto(out *GroupInitParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupInitParameters. +func (in *GroupInitParameters) DeepCopy() *GroupInitParameters { + if in == nil { + return nil + } + out := new(GroupInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupList) DeepCopyInto(out *GroupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Group, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupList. +func (in *GroupList) DeepCopy() *GroupList { + if in == nil { + return nil + } + out := new(GroupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembership) DeepCopyInto(out *GroupMembership) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembership. +func (in *GroupMembership) DeepCopy() *GroupMembership { + if in == nil { + return nil + } + out := new(GroupMembership) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupMembership) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipInitParameters) DeepCopyInto(out *GroupMembershipInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipInitParameters. +func (in *GroupMembershipInitParameters) DeepCopy() *GroupMembershipInitParameters { + if in == nil { + return nil + } + out := new(GroupMembershipInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipList) DeepCopyInto(out *GroupMembershipList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GroupMembership, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipList. +func (in *GroupMembershipList) DeepCopy() *GroupMembershipList { + if in == nil { + return nil + } + out := new(GroupMembershipList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GroupMembershipList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipObservation) DeepCopyInto(out *GroupMembershipObservation) { + *out = *in + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.MemberID != nil { + in, out := &in.MemberID, &out.MemberID + *out = new(string) + **out = **in + } + if in.MembershipID != nil { + in, out := &in.MembershipID, &out.MembershipID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipObservation. +func (in *GroupMembershipObservation) DeepCopy() *GroupMembershipObservation { + if in == nil { + return nil + } + out := new(GroupMembershipObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipParameters) DeepCopyInto(out *GroupMembershipParameters) { + *out = *in + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.GroupIDRef != nil { + in, out := &in.GroupIDRef, &out.GroupIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.GroupIDSelector != nil { + in, out := &in.GroupIDSelector, &out.GroupIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.MemberID != nil { + in, out := &in.MemberID, &out.MemberID + *out = new(string) + **out = **in + } + if in.MemberIDRef != nil { + in, out := &in.MemberIDRef, &out.MemberIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.MemberIDSelector != nil { + in, out := &in.MemberIDSelector, &out.MemberIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipParameters. +func (in *GroupMembershipParameters) DeepCopy() *GroupMembershipParameters { + if in == nil { + return nil + } + out := new(GroupMembershipParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipSpec) DeepCopyInto(out *GroupMembershipSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + out.InitProvider = in.InitProvider +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipSpec. +func (in *GroupMembershipSpec) DeepCopy() *GroupMembershipSpec { + if in == nil { + return nil + } + out := new(GroupMembershipSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupMembershipStatus) DeepCopyInto(out *GroupMembershipStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupMembershipStatus. +func (in *GroupMembershipStatus) DeepCopy() *GroupMembershipStatus { + if in == nil { + return nil + } + out := new(GroupMembershipStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.ExternalIds != nil { + in, out := &in.ExternalIds, &out.ExternalIds + *out = make([]ExternalIdsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.GroupID != nil { + in, out := &in.GroupID, &out.GroupID + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupObservation. +func (in *GroupObservation) DeepCopy() *GroupObservation { + if in == nil { + return nil + } + out := new(GroupObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupParameters) DeepCopyInto(out *GroupParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupParameters. +func (in *GroupParameters) DeepCopy() *GroupParameters { + if in == nil { + return nil + } + out := new(GroupParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupSpec) DeepCopyInto(out *GroupSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec. +func (in *GroupSpec) DeepCopy() *GroupSpec { + if in == nil { + return nil + } + out := new(GroupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupStatus) DeepCopyInto(out *GroupStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus. +func (in *GroupStatus) DeepCopy() *GroupStatus { + if in == nil { + return nil + } + out := new(GroupStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NameInitParameters) DeepCopyInto(out *NameInitParameters) { + *out = *in + if in.FamilyName != nil { + in, out := &in.FamilyName, &out.FamilyName + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } + if in.HonorificPrefix != nil { + in, out := &in.HonorificPrefix, &out.HonorificPrefix + *out = new(string) + **out = **in + } + if in.HonorificSuffix != nil { + in, out := &in.HonorificSuffix, &out.HonorificSuffix + *out = new(string) + **out = **in + } + if in.MiddleName != nil { + in, out := &in.MiddleName, &out.MiddleName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameInitParameters. +func (in *NameInitParameters) DeepCopy() *NameInitParameters { + if in == nil { + return nil + } + out := new(NameInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NameObservation) DeepCopyInto(out *NameObservation) { + *out = *in + if in.FamilyName != nil { + in, out := &in.FamilyName, &out.FamilyName + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } + if in.HonorificPrefix != nil { + in, out := &in.HonorificPrefix, &out.HonorificPrefix + *out = new(string) + **out = **in + } + if in.HonorificSuffix != nil { + in, out := &in.HonorificSuffix, &out.HonorificSuffix + *out = new(string) + **out = **in + } + if in.MiddleName != nil { + in, out := &in.MiddleName, &out.MiddleName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameObservation. +func (in *NameObservation) DeepCopy() *NameObservation { + if in == nil { + return nil + } + out := new(NameObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NameParameters) DeepCopyInto(out *NameParameters) { + *out = *in + if in.FamilyName != nil { + in, out := &in.FamilyName, &out.FamilyName + *out = new(string) + **out = **in + } + if in.Formatted != nil { + in, out := &in.Formatted, &out.Formatted + *out = new(string) + **out = **in + } + if in.GivenName != nil { + in, out := &in.GivenName, &out.GivenName + *out = new(string) + **out = **in + } + if in.HonorificPrefix != nil { + in, out := &in.HonorificPrefix, &out.HonorificPrefix + *out = new(string) + **out = **in + } + if in.HonorificSuffix != nil { + in, out := &in.HonorificSuffix, &out.HonorificSuffix + *out = new(string) + **out = **in + } + if in.MiddleName != nil { + in, out := &in.MiddleName, &out.MiddleName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameParameters. +func (in *NameParameters) DeepCopy() *NameParameters { + if in == nil { + return nil + } + out := new(NameParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PhoneNumbersInitParameters) DeepCopyInto(out *PhoneNumbersInitParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumbersInitParameters. +func (in *PhoneNumbersInitParameters) DeepCopy() *PhoneNumbersInitParameters { + if in == nil { + return nil + } + out := new(PhoneNumbersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PhoneNumbersObservation) DeepCopyInto(out *PhoneNumbersObservation) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumbersObservation. +func (in *PhoneNumbersObservation) DeepCopy() *PhoneNumbersObservation { + if in == nil { + return nil + } + out := new(PhoneNumbersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PhoneNumbersParameters) DeepCopyInto(out *PhoneNumbersParameters) { + *out = *in + if in.Primary != nil { + in, out := &in.Primary, &out.Primary + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumbersParameters. +func (in *PhoneNumbersParameters) DeepCopy() *PhoneNumbersParameters { + if in == nil { + return nil + } + out := new(PhoneNumbersParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *User) DeepCopyInto(out *User) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new User. +func (in *User) DeepCopy() *User { + if in == nil { + return nil + } + out := new(User) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *User) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserExternalIdsInitParameters) DeepCopyInto(out *UserExternalIdsInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserExternalIdsInitParameters. +func (in *UserExternalIdsInitParameters) DeepCopy() *UserExternalIdsInitParameters { + if in == nil { + return nil + } + out := new(UserExternalIdsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserExternalIdsObservation) DeepCopyInto(out *UserExternalIdsObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Issuer != nil { + in, out := &in.Issuer, &out.Issuer + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserExternalIdsObservation. +func (in *UserExternalIdsObservation) DeepCopy() *UserExternalIdsObservation { + if in == nil { + return nil + } + out := new(UserExternalIdsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserExternalIdsParameters) DeepCopyInto(out *UserExternalIdsParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserExternalIdsParameters. +func (in *UserExternalIdsParameters) DeepCopy() *UserExternalIdsParameters { + if in == nil { + return nil + } + out := new(UserExternalIdsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInitParameters) DeepCopyInto(out *UserInitParameters) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]AddressesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Emails != nil { + in, out := &in.Emails, &out.Emails + *out = make([]EmailsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Locale != nil { + in, out := &in.Locale, &out.Locale + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]NameInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Nickname != nil { + in, out := &in.Nickname, &out.Nickname + *out = new(string) + **out = **in + } + if in.PhoneNumbers != nil { + in, out := &in.PhoneNumbers, &out.PhoneNumbers + *out = make([]PhoneNumbersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.ProfileURL != nil { + in, out := &in.ProfileURL, &out.ProfileURL + *out = new(string) + **out = **in + } + if in.Timezone != nil { + in, out := &in.Timezone, &out.Timezone + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInitParameters. +func (in *UserInitParameters) DeepCopy() *UserInitParameters { + if in == nil { + return nil + } + out := new(UserInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserList) DeepCopyInto(out *UserList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]User, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserList. +func (in *UserList) DeepCopy() *UserList { + if in == nil { + return nil + } + out := new(UserList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UserList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserObservation) DeepCopyInto(out *UserObservation) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]AddressesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Emails != nil { + in, out := &in.Emails, &out.Emails + *out = make([]EmailsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalIds != nil { + in, out := &in.ExternalIds, &out.ExternalIds + *out = make([]UserExternalIdsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.Locale != nil { + in, out := &in.Locale, &out.Locale + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]NameObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Nickname != nil { + in, out := &in.Nickname, &out.Nickname + *out = new(string) + **out = **in + } + if in.PhoneNumbers != nil { + in, out := &in.PhoneNumbers, &out.PhoneNumbers + *out = make([]PhoneNumbersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.ProfileURL != nil { + in, out := &in.ProfileURL, &out.ProfileURL + *out = new(string) + **out = **in + } + if in.Timezone != nil { + in, out := &in.Timezone, &out.Timezone + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } + if in.UserID != nil { + in, out := &in.UserID, &out.UserID + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserObservation. +func (in *UserObservation) DeepCopy() *UserObservation { + if in == nil { + return nil + } + out := new(UserObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserParameters) DeepCopyInto(out *UserParameters) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]AddressesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Emails != nil { + in, out := &in.Emails, &out.Emails + *out = make([]EmailsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.IdentityStoreID != nil { + in, out := &in.IdentityStoreID, &out.IdentityStoreID + *out = new(string) + **out = **in + } + if in.Locale != nil { + in, out := &in.Locale, &out.Locale + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]NameParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Nickname != nil { + in, out := &in.Nickname, &out.Nickname + *out = new(string) + **out = **in + } + if in.PhoneNumbers != nil { + in, out := &in.PhoneNumbers, &out.PhoneNumbers + *out = make([]PhoneNumbersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PreferredLanguage != nil { + in, out := &in.PreferredLanguage, &out.PreferredLanguage + *out = new(string) + **out = **in + } + if in.ProfileURL != nil { + in, out := &in.ProfileURL, &out.ProfileURL + *out = new(string) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.Timezone != nil { + in, out := &in.Timezone, &out.Timezone + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } + if in.UserName != nil { + in, out := &in.UserName, &out.UserName + *out = new(string) + **out = **in + } + if in.UserType != nil { + in, out := &in.UserType, &out.UserType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserParameters. +func (in *UserParameters) DeepCopy() *UserParameters { + if in == nil { + return nil + } + out := new(UserParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserSpec) DeepCopyInto(out *UserSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserSpec. +func (in *UserSpec) DeepCopy() *UserSpec { + if in == nil { + return nil + } + out := new(UserSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserStatus) DeepCopyInto(out *UserStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserStatus. +func (in *UserStatus) DeepCopy() *UserStatus { + if in == nil { + return nil + } + out := new(UserStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/identitystore/v1beta1/zz_generated.managed.go b/apis/identitystore/v1beta1/zz_generated.managed.go new file mode 100644 index 0000000000..fb0b93818b --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.managed.go @@ -0,0 +1,188 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Group. +func (mg *Group) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Group. +func (mg *Group) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Group. +func (mg *Group) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Group. +func (mg *Group) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Group. +func (mg *Group) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Group. +func (mg *Group) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Group. +func (mg *Group) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Group. +func (mg *Group) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Group. +func (mg *Group) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Group. +func (mg *Group) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Group. +func (mg *Group) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Group. +func (mg *Group) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this GroupMembership. +func (mg *GroupMembership) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this GroupMembership. +func (mg *GroupMembership) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this GroupMembership. +func (mg *GroupMembership) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this GroupMembership. +func (mg *GroupMembership) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this GroupMembership. +func (mg *GroupMembership) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this GroupMembership. +func (mg *GroupMembership) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this GroupMembership. +func (mg *GroupMembership) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this GroupMembership. +func (mg *GroupMembership) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this GroupMembership. +func (mg *GroupMembership) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this GroupMembership. +func (mg *GroupMembership) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this GroupMembership. +func (mg *GroupMembership) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this GroupMembership. +func (mg *GroupMembership) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this User. +func (mg *User) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this User. +func (mg *User) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this User. +func (mg *User) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this User. +func (mg *User) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this User. +func (mg *User) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this User. +func (mg *User) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this User. +func (mg *User) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this User. +func (mg *User) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this User. +func (mg *User) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this User. +func (mg *User) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this User. +func (mg *User) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this User. +func (mg *User) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/identitystore/v1beta1/zz_generated.managedlist.go b/apis/identitystore/v1beta1/zz_generated.managedlist.go new file mode 100644 index 0000000000..851a75bb5b --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.managedlist.go @@ -0,0 +1,35 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this GroupList. +func (l *GroupList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this GroupMembershipList. +func (l *GroupMembershipList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this UserList. +func (l *UserList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/identitystore/v1beta1/zz_generated.resolvers.go b/apis/identitystore/v1beta1/zz_generated.resolvers.go new file mode 100644 index 0000000000..ed51da4424 --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated.resolvers.go @@ -0,0 +1,56 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" + resource "github.com/crossplane/upjet/pkg/resource" + errors "github.com/pkg/errors" + client "sigs.k8s.io/controller-runtime/pkg/client" +) + +// ResolveReferences of this GroupMembership. +func (mg *GroupMembership) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.GroupID), + Extract: resource.ExtractParamPath("group_id", true), + Reference: mg.Spec.ForProvider.GroupIDRef, + Selector: mg.Spec.ForProvider.GroupIDSelector, + To: reference.To{ + List: &GroupList{}, + Managed: &Group{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.GroupID") + } + mg.Spec.ForProvider.GroupID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.GroupIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.MemberID), + Extract: resource.ExtractParamPath("user_id", true), + Reference: mg.Spec.ForProvider.MemberIDRef, + Selector: mg.Spec.ForProvider.MemberIDSelector, + To: reference.To{ + List: &UserList{}, + Managed: &User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.MemberID") + } + mg.Spec.ForProvider.MemberID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.MemberIDRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/identitystore/v1beta1/zz_generated_terraformed.go b/apis/identitystore/v1beta1/zz_generated_terraformed.go new file mode 100755 index 0000000000..630478c34a --- /dev/null +++ b/apis/identitystore/v1beta1/zz_generated_terraformed.go @@ -0,0 +1,361 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Group +func (mg *Group) GetTerraformResourceType() string { + return "aws_identitystore_group" +} + +// GetConnectionDetailsMapping for this Group +func (tr *Group) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Group +func (tr *Group) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Group +func (tr *Group) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Group +func (tr *Group) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Group +func (tr *Group) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Group +func (tr *Group) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Group +func (tr *Group) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Group +func (tr *Group) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Group using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Group) LateInitialize(attrs []byte) (bool, error) { + params := &GroupParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Group) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this GroupMembership +func (mg *GroupMembership) GetTerraformResourceType() string { + return "aws_identitystore_group_membership" +} + +// GetConnectionDetailsMapping for this GroupMembership +func (tr *GroupMembership) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this GroupMembership +func (tr *GroupMembership) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this GroupMembership +func (tr *GroupMembership) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this GroupMembership +func (tr *GroupMembership) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this GroupMembership +func (tr *GroupMembership) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this GroupMembership +func (tr *GroupMembership) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this GroupMembership +func (tr *GroupMembership) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this GroupMembership +func (tr *GroupMembership) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this GroupMembership using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *GroupMembership) LateInitialize(attrs []byte) (bool, error) { + params := &GroupMembershipParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *GroupMembership) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this User +func (mg *User) GetTerraformResourceType() string { + return "aws_identitystore_user" +} + +// GetConnectionDetailsMapping for this User +func (tr *User) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this User +func (tr *User) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this User +func (tr *User) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this User +func (tr *User) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this User +func (tr *User) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this User +func (tr *User) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this User +func (tr *User) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this User +func (tr *User) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this User using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *User) LateInitialize(attrs []byte) (bool, error) { + params := &UserParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *User) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/identitystore/v1beta1/zz_group_types.go b/apis/identitystore/v1beta1/zz_group_types.go new file mode 100755 index 0000000000..258ea8ab4d --- /dev/null +++ b/apis/identitystore/v1beta1/zz_group_types.go @@ -0,0 +1,140 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type ExternalIdsInitParameters struct { +} + +type ExternalIdsObservation struct { + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The issuer for an external identifier. + Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` +} + +type ExternalIdsParameters struct { +} + +type GroupInitParameters struct { + + // A string containing the description of the group. + Description *string `json:"description,omitempty" tf:"description,omitempty"` +} + +type GroupObservation struct { + + // A string containing the description of the group. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A string containing the name of the group. This value is commonly displayed when the group is referenced. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // A list of external IDs that contains the identifiers issued to this resource by an external identity provider. See External IDs below. + ExternalIds []ExternalIdsObservation `json:"externalIds,omitempty" tf:"external_ids,omitempty"` + + // The identifier of the newly created group in the identity store. + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The globally unique identifier for the identity store. + IdentityStoreID *string `json:"identityStoreId,omitempty" tf:"identity_store_id,omitempty"` +} + +type GroupParameters struct { + + // A string containing the description of the group. + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // A string containing the name of the group. This value is commonly displayed when the group is referenced. + // +kubebuilder:validation:Required + DisplayName *string `json:"displayName" tf:"display_name,omitempty"` + + // The globally unique identifier for the identity store. + // +kubebuilder:validation:Required + IdentityStoreID *string `json:"identityStoreId" tf:"identity_store_id,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +// GroupSpec defines the desired state of Group +type GroupSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider GroupParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider GroupInitParameters `json:"initProvider,omitempty"` +} + +// GroupStatus defines the observed state of Group. +type GroupStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider GroupObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// Group is the Schema for the Groups API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type Group struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec GroupSpec `json:"spec"` + Status GroupStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupList contains a list of Groups +type GroupList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Group `json:"items"` +} + +// Repository type metadata. +var ( + Group_Kind = "Group" + Group_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Group_Kind}.String() + Group_KindAPIVersion = Group_Kind + "." + CRDGroupVersion.String() + Group_GroupVersionKind = CRDGroupVersion.WithKind(Group_Kind) +) + +func init() { + SchemeBuilder.Register(&Group{}, &GroupList{}) +} diff --git a/apis/identitystore/v1beta1/zz_groupmembership_types.go b/apis/identitystore/v1beta1/zz_groupmembership_types.go new file mode 100755 index 0000000000..7ee8dea58c --- /dev/null +++ b/apis/identitystore/v1beta1/zz_groupmembership_types.go @@ -0,0 +1,138 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type GroupMembershipInitParameters struct { +} + +type GroupMembershipObservation struct { + + // The identifier for a group in the Identity Store. + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Identity Store ID associated with the Single Sign-On Instance. + IdentityStoreID *string `json:"identityStoreId,omitempty" tf:"identity_store_id,omitempty"` + + // The identifier for a user in the Identity Store. + MemberID *string `json:"memberId,omitempty" tf:"member_id,omitempty"` + + // The identifier of the newly created group membership in the Identity Store. + MembershipID *string `json:"membershipId,omitempty" tf:"membership_id,omitempty"` +} + +type GroupMembershipParameters struct { + + // The identifier for a group in the Identity Store. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/identitystore/v1beta1.Group + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("group_id",true) + // +kubebuilder:validation:Optional + GroupID *string `json:"groupId,omitempty" tf:"group_id,omitempty"` + + // Reference to a Group in identitystore to populate groupId. + // +kubebuilder:validation:Optional + GroupIDRef *v1.Reference `json:"groupIdRef,omitempty" tf:"-"` + + // Selector for a Group in identitystore to populate groupId. + // +kubebuilder:validation:Optional + GroupIDSelector *v1.Selector `json:"groupIdSelector,omitempty" tf:"-"` + + // Identity Store ID associated with the Single Sign-On Instance. + // +kubebuilder:validation:Required + IdentityStoreID *string `json:"identityStoreId" tf:"identity_store_id,omitempty"` + + // The identifier for a user in the Identity Store. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/identitystore/v1beta1.User + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("user_id",true) + // +kubebuilder:validation:Optional + MemberID *string `json:"memberId,omitempty" tf:"member_id,omitempty"` + + // Reference to a User in identitystore to populate memberId. + // +kubebuilder:validation:Optional + MemberIDRef *v1.Reference `json:"memberIdRef,omitempty" tf:"-"` + + // Selector for a User in identitystore to populate memberId. + // +kubebuilder:validation:Optional + MemberIDSelector *v1.Selector `json:"memberIdSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +// GroupMembershipSpec defines the desired state of GroupMembership +type GroupMembershipSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider GroupMembershipParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider GroupMembershipInitParameters `json:"initProvider,omitempty"` +} + +// GroupMembershipStatus defines the observed state of GroupMembership. +type GroupMembershipStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider GroupMembershipObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupMembership is the Schema for the GroupMemberships API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type GroupMembership struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec GroupMembershipSpec `json:"spec"` + Status GroupMembershipStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// GroupMembershipList contains a list of GroupMemberships +type GroupMembershipList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []GroupMembership `json:"items"` +} + +// Repository type metadata. +var ( + GroupMembership_Kind = "GroupMembership" + GroupMembership_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: GroupMembership_Kind}.String() + GroupMembership_KindAPIVersion = GroupMembership_Kind + "." + CRDGroupVersion.String() + GroupMembership_GroupVersionKind = CRDGroupVersion.WithKind(GroupMembership_Kind) +) + +func init() { + SchemeBuilder.Register(&GroupMembership{}, &GroupMembershipList{}) +} diff --git a/apis/identitystore/v1beta1/zz_groupversion_info.go b/apis/identitystore/v1beta1/zz_groupversion_info.go new file mode 100755 index 0000000000..f1bef3ea89 --- /dev/null +++ b/apis/identitystore/v1beta1/zz_groupversion_info.go @@ -0,0 +1,36 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=identitystore.aws.upbound.io +// +versionName=v1beta1 +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "identitystore.aws.upbound.io" + CRDVersion = "v1beta1" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/identitystore/v1beta1/zz_user_types.go b/apis/identitystore/v1beta1/zz_user_types.go new file mode 100755 index 0000000000..4b80107a7c --- /dev/null +++ b/apis/identitystore/v1beta1/zz_user_types.go @@ -0,0 +1,490 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AddressesInitParameters struct { + + // The country that this address is in. + Country *string `json:"country,omitempty" tf:"country,omitempty"` + + // The name that is typically displayed when the address is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The address locality. + Locality *string `json:"locality,omitempty" tf:"locality,omitempty"` + + // The postal code of the address. + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // When true, this is the primary address associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The street of the address. + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The type of address. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AddressesObservation struct { + + // The country that this address is in. + Country *string `json:"country,omitempty" tf:"country,omitempty"` + + // The name that is typically displayed when the address is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The address locality. + Locality *string `json:"locality,omitempty" tf:"locality,omitempty"` + + // The postal code of the address. + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // When true, this is the primary address associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The region of the address. + Region *string `json:"region,omitempty" tf:"region,omitempty"` + + // The street of the address. + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The type of address. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type AddressesParameters struct { + + // The country that this address is in. + // +kubebuilder:validation:Optional + Country *string `json:"country,omitempty" tf:"country,omitempty"` + + // The name that is typically displayed when the address is shown for display. + // +kubebuilder:validation:Optional + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The address locality. + // +kubebuilder:validation:Optional + Locality *string `json:"locality,omitempty" tf:"locality,omitempty"` + + // The postal code of the address. + // +kubebuilder:validation:Optional + PostalCode *string `json:"postalCode,omitempty" tf:"postal_code,omitempty"` + + // When true, this is the primary address associated with the user. + // +kubebuilder:validation:Optional + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The region of the address. + // +kubebuilder:validation:Optional + Region *string `json:"region,omitempty" tf:"region,omitempty"` + + // The street of the address. + // +kubebuilder:validation:Optional + StreetAddress *string `json:"streetAddress,omitempty" tf:"street_address,omitempty"` + + // The type of address. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type EmailsInitParameters struct { + + // When true, this is the primary email associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of email. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The email address. This value must be unique across the identity store. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EmailsObservation struct { + + // When true, this is the primary email associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of email. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The email address. This value must be unique across the identity store. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type EmailsParameters struct { + + // When true, this is the primary email associated with the user. + // +kubebuilder:validation:Optional + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of email. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The email address. This value must be unique across the identity store. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type NameInitParameters struct { + + // The family name of the user. + FamilyName *string `json:"familyName,omitempty" tf:"family_name,omitempty"` + + // The name that is typically displayed when the name is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The given name of the user. + GivenName *string `json:"givenName,omitempty" tf:"given_name,omitempty"` + + // The honorific prefix of the user. + HonorificPrefix *string `json:"honorificPrefix,omitempty" tf:"honorific_prefix,omitempty"` + + // The honorific suffix of the user. + HonorificSuffix *string `json:"honorificSuffix,omitempty" tf:"honorific_suffix,omitempty"` + + // The middle name of the user. + MiddleName *string `json:"middleName,omitempty" tf:"middle_name,omitempty"` +} + +type NameObservation struct { + + // The family name of the user. + FamilyName *string `json:"familyName,omitempty" tf:"family_name,omitempty"` + + // The name that is typically displayed when the name is shown for display. + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The given name of the user. + GivenName *string `json:"givenName,omitempty" tf:"given_name,omitempty"` + + // The honorific prefix of the user. + HonorificPrefix *string `json:"honorificPrefix,omitempty" tf:"honorific_prefix,omitempty"` + + // The honorific suffix of the user. + HonorificSuffix *string `json:"honorificSuffix,omitempty" tf:"honorific_suffix,omitempty"` + + // The middle name of the user. + MiddleName *string `json:"middleName,omitempty" tf:"middle_name,omitempty"` +} + +type NameParameters struct { + + // The family name of the user. + // +kubebuilder:validation:Optional + FamilyName *string `json:"familyName" tf:"family_name,omitempty"` + + // The name that is typically displayed when the name is shown for display. + // +kubebuilder:validation:Optional + Formatted *string `json:"formatted,omitempty" tf:"formatted,omitempty"` + + // The given name of the user. + // +kubebuilder:validation:Optional + GivenName *string `json:"givenName" tf:"given_name,omitempty"` + + // The honorific prefix of the user. + // +kubebuilder:validation:Optional + HonorificPrefix *string `json:"honorificPrefix,omitempty" tf:"honorific_prefix,omitempty"` + + // The honorific suffix of the user. + // +kubebuilder:validation:Optional + HonorificSuffix *string `json:"honorificSuffix,omitempty" tf:"honorific_suffix,omitempty"` + + // The middle name of the user. + // +kubebuilder:validation:Optional + MiddleName *string `json:"middleName,omitempty" tf:"middle_name,omitempty"` +} + +type PhoneNumbersInitParameters struct { + + // When true, this is the primary phone number associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of phone number. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The user's phone number. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type PhoneNumbersObservation struct { + + // When true, this is the primary phone number associated with the user. + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of phone number. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The user's phone number. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type PhoneNumbersParameters struct { + + // When true, this is the primary phone number associated with the user. + // +kubebuilder:validation:Optional + Primary *bool `json:"primary,omitempty" tf:"primary,omitempty"` + + // The type of phone number. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // The user's phone number. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type UserExternalIdsInitParameters struct { +} + +type UserExternalIdsObservation struct { + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The issuer for an external identifier. + Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` +} + +type UserExternalIdsParameters struct { +} + +type UserInitParameters struct { + + // Details about the user's address. At most 1 address is allowed. Detailed below. + Addresses []AddressesInitParameters `json:"addresses,omitempty" tf:"addresses,omitempty"` + + // The name that is typically displayed when the user is referenced. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Details about the user's email. At most 1 email is allowed. Detailed below. + Emails []EmailsInitParameters `json:"emails,omitempty" tf:"emails,omitempty"` + + // The user's geographical region or location. + Locale *string `json:"locale,omitempty" tf:"locale,omitempty"` + + // Details about the user's full name. Detailed below. + Name []NameInitParameters `json:"name,omitempty" tf:"name,omitempty"` + + // An alternate name for the user. + Nickname *string `json:"nickname,omitempty" tf:"nickname,omitempty"` + + // Details about the user's phone number. At most 1 phone number is allowed. Detailed below. + PhoneNumbers []PhoneNumbersInitParameters `json:"phoneNumbers,omitempty" tf:"phone_numbers,omitempty"` + + // The preferred language of the user. + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // An URL that may be associated with the user. + ProfileURL *string `json:"profileUrl,omitempty" tf:"profile_url,omitempty"` + + // The user's time zone. + Timezone *string `json:"timezone,omitempty" tf:"timezone,omitempty"` + + // The user's title. + Title *string `json:"title,omitempty" tf:"title,omitempty"` + + // A unique string used to identify the user. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. The limit is 128 characters. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` + + // The user type. + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type UserObservation struct { + + // Details about the user's address. At most 1 address is allowed. Detailed below. + Addresses []AddressesObservation `json:"addresses,omitempty" tf:"addresses,omitempty"` + + // The name that is typically displayed when the user is referenced. + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Details about the user's email. At most 1 email is allowed. Detailed below. + Emails []EmailsObservation `json:"emails,omitempty" tf:"emails,omitempty"` + + // A list of identifiers issued to this resource by an external identity provider. + ExternalIds []UserExternalIdsObservation `json:"externalIds,omitempty" tf:"external_ids,omitempty"` + + // The identifier issued to this resource by an external identity provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The globally unique identifier for the identity store that this user is in. + IdentityStoreID *string `json:"identityStoreId,omitempty" tf:"identity_store_id,omitempty"` + + // The user's geographical region or location. + Locale *string `json:"locale,omitempty" tf:"locale,omitempty"` + + // Details about the user's full name. Detailed below. + Name []NameObservation `json:"name,omitempty" tf:"name,omitempty"` + + // An alternate name for the user. + Nickname *string `json:"nickname,omitempty" tf:"nickname,omitempty"` + + // Details about the user's phone number. At most 1 phone number is allowed. Detailed below. + PhoneNumbers []PhoneNumbersObservation `json:"phoneNumbers,omitempty" tf:"phone_numbers,omitempty"` + + // The preferred language of the user. + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // An URL that may be associated with the user. + ProfileURL *string `json:"profileUrl,omitempty" tf:"profile_url,omitempty"` + + // The user's time zone. + Timezone *string `json:"timezone,omitempty" tf:"timezone,omitempty"` + + // The user's title. + Title *string `json:"title,omitempty" tf:"title,omitempty"` + + // The identifier for this user in the identity store. + UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` + + // A unique string used to identify the user. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. The limit is 128 characters. + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` + + // The user type. + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +type UserParameters struct { + + // Details about the user's address. At most 1 address is allowed. Detailed below. + // +kubebuilder:validation:Optional + Addresses []AddressesParameters `json:"addresses,omitempty" tf:"addresses,omitempty"` + + // The name that is typically displayed when the user is referenced. + // +kubebuilder:validation:Optional + DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + + // Details about the user's email. At most 1 email is allowed. Detailed below. + // +kubebuilder:validation:Optional + Emails []EmailsParameters `json:"emails,omitempty" tf:"emails,omitempty"` + + // The globally unique identifier for the identity store that this user is in. + // +kubebuilder:validation:Required + IdentityStoreID *string `json:"identityStoreId" tf:"identity_store_id,omitempty"` + + // The user's geographical region or location. + // +kubebuilder:validation:Optional + Locale *string `json:"locale,omitempty" tf:"locale,omitempty"` + + // Details about the user's full name. Detailed below. + // +kubebuilder:validation:Optional + Name []NameParameters `json:"name,omitempty" tf:"name,omitempty"` + + // An alternate name for the user. + // +kubebuilder:validation:Optional + Nickname *string `json:"nickname,omitempty" tf:"nickname,omitempty"` + + // Details about the user's phone number. At most 1 phone number is allowed. Detailed below. + // +kubebuilder:validation:Optional + PhoneNumbers []PhoneNumbersParameters `json:"phoneNumbers,omitempty" tf:"phone_numbers,omitempty"` + + // The preferred language of the user. + // +kubebuilder:validation:Optional + PreferredLanguage *string `json:"preferredLanguage,omitempty" tf:"preferred_language,omitempty"` + + // An URL that may be associated with the user. + // +kubebuilder:validation:Optional + ProfileURL *string `json:"profileUrl,omitempty" tf:"profile_url,omitempty"` + + // The region of the address. + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` + + // The user's time zone. + // +kubebuilder:validation:Optional + Timezone *string `json:"timezone,omitempty" tf:"timezone,omitempty"` + + // The user's title. + // +kubebuilder:validation:Optional + Title *string `json:"title,omitempty" tf:"title,omitempty"` + + // A unique string used to identify the user. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. The limit is 128 characters. + // +kubebuilder:validation:Optional + UserName *string `json:"userName,omitempty" tf:"user_name,omitempty"` + + // The user type. + // +kubebuilder:validation:Optional + UserType *string `json:"userType,omitempty" tf:"user_type,omitempty"` +} + +// UserSpec defines the desired state of User +type UserSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider UserParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider UserInitParameters `json:"initProvider,omitempty"` +} + +// UserStatus defines the observed state of User. +type UserStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider UserObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// User is the Schema for the Users API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type User struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.displayName) || (has(self.initProvider) && has(self.initProvider.displayName))",message="spec.forProvider.displayName is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.userName) || (has(self.initProvider) && has(self.initProvider.userName))",message="spec.forProvider.userName is a required parameter" + Spec UserSpec `json:"spec"` + Status UserStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// UserList contains a list of Users +type UserList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []User `json:"items"` +} + +// Repository type metadata. +var ( + User_Kind = "User" + User_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: User_Kind}.String() + User_KindAPIVersion = User_Kind + "." + CRDGroupVersion.String() + User_GroupVersionKind = CRDGroupVersion.WithKind(User_Kind) +) + +func init() { + SchemeBuilder.Register(&User{}, &UserList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_accountassignment_types.go b/apis/ssoadmin/v1beta1/zz_accountassignment_types.go index f4511d3b2c..fce2e59db7 100755 --- a/apis/ssoadmin/v1beta1/zz_accountassignment_types.go +++ b/apis/ssoadmin/v1beta1/zz_accountassignment_types.go @@ -31,7 +31,7 @@ type AccountAssignmentObservation struct { // The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to. PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` - // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). + // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). This can be set to the crossplane external-name of either a Group or User in the identitystore api group, but the Ref and Selector fields will only work with a Group. PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` // The entity type for which the assignment will be created. Valid values: USER, GROUP. @@ -51,12 +51,33 @@ type AccountAssignmentParameters struct { InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` // The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to. - // +kubebuilder:validation:Required - PermissionSetArn *string `json:"permissionSetArn" tf:"permission_set_arn,omitempty"` + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/upbound/provider-aws/config/common.ARNExtractor() + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` - // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - // +kubebuilder:validation:Required - PrincipalID *string `json:"principalId" tf:"principal_id,omitempty"` + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). This can be set to the crossplane external-name of either a Group or User in the identitystore api group, but the Ref and Selector fields will only work with a Group. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/identitystore/v1beta1.Group + // +crossplane:generate:reference:refFieldName=PrincipalIDFromGroupRef + // +crossplane:generate:reference:selectorFieldName=PrincipalIDFromGroupSelector + // +kubebuilder:validation:Optional + PrincipalID *string `json:"principalId,omitempty" tf:"principal_id,omitempty"` + + // Reference to a Group in identitystore to populate principalId. + // +kubebuilder:validation:Optional + PrincipalIDFromGroupRef *v1.Reference `json:"principalIdFromGroupRef,omitempty" tf:"-"` + + // Selector for a Group in identitystore to populate principalId. + // +kubebuilder:validation:Optional + PrincipalIDFromGroupSelector *v1.Selector `json:"principalIdFromGroupSelector,omitempty" tf:"-"` // The entity type for which the assignment will be created. Valid values: USER, GROUP. // +kubebuilder:validation:Required diff --git a/apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go b/apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go new file mode 100755 index 0000000000..3385fe48dc --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_customermanagedpolicyattachment_types.go @@ -0,0 +1,167 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type CustomerManagedPolicyAttachmentInitParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []CustomerManagedPolicyReferenceInitParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` +} + +type CustomerManagedPolicyAttachmentObservation struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []CustomerManagedPolicyReferenceObservation `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // Policy Name, Policy Path, Permission Set Amazon Resource Name (ARN), and SSO Instance ARN, each separated by a comma (,). + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` +} + +type CustomerManagedPolicyAttachmentParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + // +kubebuilder:validation:Optional + CustomerManagedPolicyReference []CustomerManagedPolicyReferenceParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("arn",true) + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type CustomerManagedPolicyReferenceInitParameters struct { + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type CustomerManagedPolicyReferenceObservation struct { + + // Name of the customer managed IAM Policy to be attached. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type CustomerManagedPolicyReferenceParameters struct { + + // Name of the customer managed IAM Policy to be attached. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Policy + // +crossplane:generate:reference:refFieldName=PolicyNameRef + // +crossplane:generate:reference:selectorFieldName=PolicyNameSelector + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Reference to a Policy in iam to populate name. + // +kubebuilder:validation:Optional + PolicyNameRef *v1.Reference `json:"policyNameRef,omitempty" tf:"-"` + + // Selector for a Policy in iam to populate name. + // +kubebuilder:validation:Optional + PolicyNameSelector *v1.Selector `json:"policyNameSelector,omitempty" tf:"-"` +} + +// CustomerManagedPolicyAttachmentSpec defines the desired state of CustomerManagedPolicyAttachment +type CustomerManagedPolicyAttachmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider CustomerManagedPolicyAttachmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider CustomerManagedPolicyAttachmentInitParameters `json:"initProvider,omitempty"` +} + +// CustomerManagedPolicyAttachmentStatus defines the observed state of CustomerManagedPolicyAttachment. +type CustomerManagedPolicyAttachmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider CustomerManagedPolicyAttachmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// CustomerManagedPolicyAttachment is the Schema for the CustomerManagedPolicyAttachments API. Manages a customer managed policy for a Single Sign-On (SSO) Permission Set +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type CustomerManagedPolicyAttachment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.customerManagedPolicyReference) || (has(self.initProvider) && has(self.initProvider.customerManagedPolicyReference))",message="spec.forProvider.customerManagedPolicyReference is a required parameter" + Spec CustomerManagedPolicyAttachmentSpec `json:"spec"` + Status CustomerManagedPolicyAttachmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// CustomerManagedPolicyAttachmentList contains a list of CustomerManagedPolicyAttachments +type CustomerManagedPolicyAttachmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CustomerManagedPolicyAttachment `json:"items"` +} + +// Repository type metadata. +var ( + CustomerManagedPolicyAttachment_Kind = "CustomerManagedPolicyAttachment" + CustomerManagedPolicyAttachment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: CustomerManagedPolicyAttachment_Kind}.String() + CustomerManagedPolicyAttachment_KindAPIVersion = CustomerManagedPolicyAttachment_Kind + "." + CRDGroupVersion.String() + CustomerManagedPolicyAttachment_GroupVersionKind = CRDGroupVersion.WithKind(CustomerManagedPolicyAttachment_Kind) +) + +func init() { + SchemeBuilder.Register(&CustomerManagedPolicyAttachment{}, &CustomerManagedPolicyAttachmentList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go b/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go index ab2cd70603..412317d592 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go +++ b/apis/ssoadmin/v1beta1/zz_generated.deepcopy.go @@ -150,11 +150,31 @@ func (in *AccountAssignmentParameters) DeepCopyInto(out *AccountAssignmentParame *out = new(string) **out = **in } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PrincipalID != nil { in, out := &in.PrincipalID, &out.PrincipalID *out = new(string) **out = **in } + if in.PrincipalIDFromGroupRef != nil { + in, out := &in.PrincipalIDFromGroupRef, &out.PrincipalIDFromGroupRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrincipalIDFromGroupSelector != nil { + in, out := &in.PrincipalIDFromGroupSelector, &out.PrincipalIDFromGroupSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PrincipalType != nil { in, out := &in.PrincipalType, &out.PrincipalType *out = new(string) @@ -223,7 +243,88 @@ func (in *AccountAssignmentStatus) DeepCopy() *AccountAssignmentStatus { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachment) DeepCopyInto(out *ManagedPolicyAttachment) { +func (in *AttributeInitParameters) DeepCopyInto(out *AttributeInitParameters) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]ValueInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributeInitParameters. +func (in *AttributeInitParameters) DeepCopy() *AttributeInitParameters { + if in == nil { + return nil + } + out := new(AttributeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttributeObservation) DeepCopyInto(out *AttributeObservation) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]ValueObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributeObservation. +func (in *AttributeObservation) DeepCopy() *AttributeObservation { + if in == nil { + return nil + } + out := new(AttributeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttributeParameters) DeepCopyInto(out *AttributeParameters) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = make([]ValueParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributeParameters. +func (in *AttributeParameters) DeepCopy() *AttributeParameters { + if in == nil { + return nil + } + out := new(AttributeParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomerManagedPolicyAttachment) DeepCopyInto(out *CustomerManagedPolicyAttachment) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -231,18 +332,18 @@ func (in *ManagedPolicyAttachment) DeepCopyInto(out *ManagedPolicyAttachment) { in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachment. -func (in *ManagedPolicyAttachment) DeepCopy() *ManagedPolicyAttachment { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachment. +func (in *CustomerManagedPolicyAttachment) DeepCopy() *CustomerManagedPolicyAttachment { if in == nil { return nil } - out := new(ManagedPolicyAttachment) + out := new(CustomerManagedPolicyAttachment) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ManagedPolicyAttachment) DeepCopyObject() runtime.Object { +func (in *CustomerManagedPolicyAttachment) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -250,46 +351,53 @@ func (in *ManagedPolicyAttachment) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentInitParameters) DeepCopyInto(out *ManagedPolicyAttachmentInitParameters) { +func (in *CustomerManagedPolicyAttachmentInitParameters) DeepCopyInto(out *CustomerManagedPolicyAttachmentInitParameters) { *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]CustomerManagedPolicyReferenceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentInitParameters. -func (in *ManagedPolicyAttachmentInitParameters) DeepCopy() *ManagedPolicyAttachmentInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentInitParameters. +func (in *CustomerManagedPolicyAttachmentInitParameters) DeepCopy() *CustomerManagedPolicyAttachmentInitParameters { if in == nil { return nil } - out := new(ManagedPolicyAttachmentInitParameters) + out := new(CustomerManagedPolicyAttachmentInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentList) DeepCopyInto(out *ManagedPolicyAttachmentList) { +func (in *CustomerManagedPolicyAttachmentList) DeepCopyInto(out *CustomerManagedPolicyAttachmentList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ManagedPolicyAttachment, len(*in)) + *out = make([]CustomerManagedPolicyAttachment, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentList. -func (in *ManagedPolicyAttachmentList) DeepCopy() *ManagedPolicyAttachmentList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentList. +func (in *CustomerManagedPolicyAttachmentList) DeepCopy() *CustomerManagedPolicyAttachmentList { if in == nil { return nil } - out := new(ManagedPolicyAttachmentList) + out := new(CustomerManagedPolicyAttachmentList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { +func (in *CustomerManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -297,8 +405,15 @@ func (in *ManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAttachmentObservation) { +func (in *CustomerManagedPolicyAttachmentObservation) DeepCopyInto(out *CustomerManagedPolicyAttachmentObservation) { *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]CustomerManagedPolicyReferenceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -309,16 +424,6 @@ func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAtt *out = new(string) **out = **in } - if in.ManagedPolicyArn != nil { - in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn - *out = new(string) - **out = **in - } - if in.ManagedPolicyName != nil { - in, out := &in.ManagedPolicyName, &out.ManagedPolicyName - *out = new(string) - **out = **in - } if in.PermissionSetArn != nil { in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) @@ -326,29 +431,31 @@ func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAtt } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentObservation. -func (in *ManagedPolicyAttachmentObservation) DeepCopy() *ManagedPolicyAttachmentObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentObservation. +func (in *CustomerManagedPolicyAttachmentObservation) DeepCopy() *CustomerManagedPolicyAttachmentObservation { if in == nil { return nil } - out := new(ManagedPolicyAttachmentObservation) + out := new(CustomerManagedPolicyAttachmentObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentParameters) DeepCopyInto(out *ManagedPolicyAttachmentParameters) { +func (in *CustomerManagedPolicyAttachmentParameters) DeepCopyInto(out *CustomerManagedPolicyAttachmentParameters) { *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]CustomerManagedPolicyReferenceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.InstanceArn != nil { in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.ManagedPolicyArn != nil { - in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn - *out = new(string) - **out = **in - } if in.PermissionSetArn != nil { in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) @@ -371,136 +478,133 @@ func (in *ManagedPolicyAttachmentParameters) DeepCopyInto(out *ManagedPolicyAtta } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentParameters. -func (in *ManagedPolicyAttachmentParameters) DeepCopy() *ManagedPolicyAttachmentParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentParameters. +func (in *CustomerManagedPolicyAttachmentParameters) DeepCopy() *CustomerManagedPolicyAttachmentParameters { if in == nil { return nil } - out := new(ManagedPolicyAttachmentParameters) + out := new(CustomerManagedPolicyAttachmentParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentSpec) DeepCopyInto(out *ManagedPolicyAttachmentSpec) { +func (in *CustomerManagedPolicyAttachmentSpec) DeepCopyInto(out *CustomerManagedPolicyAttachmentSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) - out.InitProvider = in.InitProvider + in.InitProvider.DeepCopyInto(&out.InitProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentSpec. -func (in *ManagedPolicyAttachmentSpec) DeepCopy() *ManagedPolicyAttachmentSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentSpec. +func (in *CustomerManagedPolicyAttachmentSpec) DeepCopy() *CustomerManagedPolicyAttachmentSpec { if in == nil { return nil } - out := new(ManagedPolicyAttachmentSpec) + out := new(CustomerManagedPolicyAttachmentSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedPolicyAttachmentStatus) DeepCopyInto(out *ManagedPolicyAttachmentStatus) { +func (in *CustomerManagedPolicyAttachmentStatus) DeepCopyInto(out *CustomerManagedPolicyAttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) in.AtProvider.DeepCopyInto(&out.AtProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentStatus. -func (in *ManagedPolicyAttachmentStatus) DeepCopy() *ManagedPolicyAttachmentStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyAttachmentStatus. +func (in *CustomerManagedPolicyAttachmentStatus) DeepCopy() *CustomerManagedPolicyAttachmentStatus { if in == nil { return nil } - out := new(ManagedPolicyAttachmentStatus) + out := new(CustomerManagedPolicyAttachmentStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSet) DeepCopyInto(out *PermissionSet) { +func (in *CustomerManagedPolicyReferenceInitParameters) DeepCopyInto(out *CustomerManagedPolicyReferenceInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet. -func (in *PermissionSet) DeepCopy() *PermissionSet { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyReferenceInitParameters. +func (in *CustomerManagedPolicyReferenceInitParameters) DeepCopy() *CustomerManagedPolicyReferenceInitParameters { if in == nil { return nil } - out := new(PermissionSet) + out := new(CustomerManagedPolicyReferenceInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSet) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInitParameters) DeepCopyInto(out *PermissionSetInitParameters) { +func (in *CustomerManagedPolicyReferenceObservation) DeepCopyInto(out *CustomerManagedPolicyReferenceObservation) { *out = *in - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.Name != nil { + in, out := &in.Name, &out.Name *out = new(string) **out = **in } - if in.InstanceArn != nil { - in, out := &in.InstanceArn, &out.InstanceArn + if in.Path != nil { + in, out := &in.Path, &out.Path *out = new(string) **out = **in } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyReferenceObservation. +func (in *CustomerManagedPolicyReferenceObservation) DeepCopy() *CustomerManagedPolicyReferenceObservation { + if in == nil { + return nil + } + out := new(CustomerManagedPolicyReferenceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomerManagedPolicyReferenceParameters) DeepCopyInto(out *CustomerManagedPolicyReferenceParameters) { + *out = *in if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) **out = **in } - if in.RelayState != nil { - in, out := &in.RelayState, &out.RelayState + if in.Path != nil { + in, out := &in.Path, &out.Path *out = new(string) **out = **in } - if in.SessionDuration != nil { - in, out := &in.SessionDuration, &out.SessionDuration - *out = new(string) - **out = **in + if in.PolicyNameRef != nil { + in, out := &in.PolicyNameRef, &out.PolicyNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) } - if in.Tags != nil { - in, out := &in.Tags, &out.Tags - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } + if in.PolicyNameSelector != nil { + in, out := &in.PolicyNameSelector, &out.PolicyNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInitParameters. -func (in *PermissionSetInitParameters) DeepCopy() *PermissionSetInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedPolicyReferenceParameters. +func (in *CustomerManagedPolicyReferenceParameters) DeepCopy() *CustomerManagedPolicyReferenceParameters { if in == nil { return nil } - out := new(PermissionSetInitParameters) + out := new(CustomerManagedPolicyReferenceParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicy) DeepCopyInto(out *PermissionSetInlinePolicy) { +func (in *InstanceAccessControlAttributes) DeepCopyInto(out *InstanceAccessControlAttributes) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -508,18 +612,18 @@ func (in *PermissionSetInlinePolicy) DeepCopyInto(out *PermissionSetInlinePolicy in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicy. -func (in *PermissionSetInlinePolicy) DeepCopy() *PermissionSetInlinePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributes. +func (in *InstanceAccessControlAttributes) DeepCopy() *InstanceAccessControlAttributes { if in == nil { return nil } - out := new(PermissionSetInlinePolicy) + out := new(InstanceAccessControlAttributes) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSetInlinePolicy) DeepCopyObject() runtime.Object { +func (in *InstanceAccessControlAttributes) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -527,51 +631,53 @@ func (in *PermissionSetInlinePolicy) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyInitParameters) DeepCopyInto(out *PermissionSetInlinePolicyInitParameters) { +func (in *InstanceAccessControlAttributesInitParameters) DeepCopyInto(out *InstanceAccessControlAttributesInitParameters) { *out = *in - if in.InlinePolicy != nil { - in, out := &in.InlinePolicy, &out.InlinePolicy - *out = new(string) - **out = **in + if in.Attribute != nil { + in, out := &in.Attribute, &out.Attribute + *out = make([]AttributeInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyInitParameters. -func (in *PermissionSetInlinePolicyInitParameters) DeepCopy() *PermissionSetInlinePolicyInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesInitParameters. +func (in *InstanceAccessControlAttributesInitParameters) DeepCopy() *InstanceAccessControlAttributesInitParameters { if in == nil { return nil } - out := new(PermissionSetInlinePolicyInitParameters) + out := new(InstanceAccessControlAttributesInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyList) DeepCopyInto(out *PermissionSetInlinePolicyList) { +func (in *InstanceAccessControlAttributesList) DeepCopyInto(out *InstanceAccessControlAttributesList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]PermissionSetInlinePolicy, len(*in)) + *out = make([]InstanceAccessControlAttributes, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyList. -func (in *PermissionSetInlinePolicyList) DeepCopy() *PermissionSetInlinePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesList. +func (in *InstanceAccessControlAttributesList) DeepCopy() *InstanceAccessControlAttributesList { if in == nil { return nil } - out := new(PermissionSetInlinePolicyList) + out := new(InstanceAccessControlAttributesList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSetInlinePolicyList) DeepCopyObject() runtime.Object { +func (in *InstanceAccessControlAttributesList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -579,68 +685,62 @@ func (in *PermissionSetInlinePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyObservation) DeepCopyInto(out *PermissionSetInlinePolicyObservation) { +func (in *InstanceAccessControlAttributesObservation) DeepCopyInto(out *InstanceAccessControlAttributesObservation) { *out = *in + if in.Attribute != nil { + in, out := &in.Attribute, &out.Attribute + *out = make([]AttributeObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) **out = **in } - if in.InlinePolicy != nil { - in, out := &in.InlinePolicy, &out.InlinePolicy + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.InstanceArn != nil { - in, out := &in.InstanceArn, &out.InstanceArn + if in.Status != nil { + in, out := &in.Status, &out.Status *out = new(string) **out = **in } - if in.PermissionSetArn != nil { - in, out := &in.PermissionSetArn, &out.PermissionSetArn + if in.StatusReason != nil { + in, out := &in.StatusReason, &out.StatusReason *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyObservation. -func (in *PermissionSetInlinePolicyObservation) DeepCopy() *PermissionSetInlinePolicyObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesObservation. +func (in *InstanceAccessControlAttributesObservation) DeepCopy() *InstanceAccessControlAttributesObservation { if in == nil { return nil } - out := new(PermissionSetInlinePolicyObservation) + out := new(InstanceAccessControlAttributesObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyParameters) DeepCopyInto(out *PermissionSetInlinePolicyParameters) { +func (in *InstanceAccessControlAttributesParameters) DeepCopyInto(out *InstanceAccessControlAttributesParameters) { *out = *in - if in.InlinePolicy != nil { - in, out := &in.InlinePolicy, &out.InlinePolicy - *out = new(string) - **out = **in + if in.Attribute != nil { + in, out := &in.Attribute, &out.Attribute + *out = make([]AttributeParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.InstanceArn != nil { in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.PermissionSetArn != nil { - in, out := &in.PermissionSetArn, &out.PermissionSetArn - *out = new(string) - **out = **in - } - if in.PermissionSetArnRef != nil { - in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.PermissionSetArnSelector != nil { - in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.Region != nil { in, out := &in.Region, &out.Region *out = new(string) @@ -648,77 +748,119 @@ func (in *PermissionSetInlinePolicyParameters) DeepCopyInto(out *PermissionSetIn } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyParameters. -func (in *PermissionSetInlinePolicyParameters) DeepCopy() *PermissionSetInlinePolicyParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesParameters. +func (in *InstanceAccessControlAttributesParameters) DeepCopy() *InstanceAccessControlAttributesParameters { if in == nil { return nil } - out := new(PermissionSetInlinePolicyParameters) + out := new(InstanceAccessControlAttributesParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicySpec) DeepCopyInto(out *PermissionSetInlinePolicySpec) { +func (in *InstanceAccessControlAttributesSpec) DeepCopyInto(out *InstanceAccessControlAttributesSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) in.InitProvider.DeepCopyInto(&out.InitProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicySpec. -func (in *PermissionSetInlinePolicySpec) DeepCopy() *PermissionSetInlinePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesSpec. +func (in *InstanceAccessControlAttributesSpec) DeepCopy() *InstanceAccessControlAttributesSpec { if in == nil { return nil } - out := new(PermissionSetInlinePolicySpec) + out := new(InstanceAccessControlAttributesSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetInlinePolicyStatus) DeepCopyInto(out *PermissionSetInlinePolicyStatus) { +func (in *InstanceAccessControlAttributesStatus) DeepCopyInto(out *InstanceAccessControlAttributesStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) in.AtProvider.DeepCopyInto(&out.AtProvider) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyStatus. -func (in *PermissionSetInlinePolicyStatus) DeepCopy() *PermissionSetInlinePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceAccessControlAttributesStatus. +func (in *InstanceAccessControlAttributesStatus) DeepCopy() *InstanceAccessControlAttributesStatus { if in == nil { return nil } - out := new(PermissionSetInlinePolicyStatus) + out := new(InstanceAccessControlAttributesStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetList) DeepCopyInto(out *PermissionSetList) { +func (in *ManagedPolicyAttachment) DeepCopyInto(out *ManagedPolicyAttachment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachment. +func (in *ManagedPolicyAttachment) DeepCopy() *ManagedPolicyAttachment { + if in == nil { + return nil + } + out := new(ManagedPolicyAttachment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ManagedPolicyAttachment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentInitParameters) DeepCopyInto(out *ManagedPolicyAttachmentInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentInitParameters. +func (in *ManagedPolicyAttachmentInitParameters) DeepCopy() *ManagedPolicyAttachmentInitParameters { + if in == nil { + return nil + } + out := new(ManagedPolicyAttachmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentList) DeepCopyInto(out *ManagedPolicyAttachmentList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]PermissionSet, len(*in)) + *out = make([]ManagedPolicyAttachment, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetList. -func (in *PermissionSetList) DeepCopy() *PermissionSetList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentList. +func (in *ManagedPolicyAttachmentList) DeepCopy() *ManagedPolicyAttachmentList { if in == nil { return nil } - out := new(PermissionSetList) + out := new(ManagedPolicyAttachmentList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *PermissionSetList) DeepCopyObject() runtime.Object { +func (in *ManagedPolicyAttachmentList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -726,94 +868,154 @@ func (in *PermissionSetList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetObservation) DeepCopyInto(out *PermissionSetObservation) { +func (in *ManagedPolicyAttachmentObservation) DeepCopyInto(out *ManagedPolicyAttachmentObservation) { *out = *in - if in.Arn != nil { - in, out := &in.Arn, &out.Arn + if in.ID != nil { + in, out := &in.ID, &out.ID *out = new(string) **out = **in } - if in.CreatedDate != nil { - in, out := &in.CreatedDate, &out.CreatedDate + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.Description != nil { - in, out := &in.Description, &out.Description + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn *out = new(string) **out = **in } - if in.ID != nil { - in, out := &in.ID, &out.ID + if in.ManagedPolicyName != nil { + in, out := &in.ManagedPolicyName, &out.ManagedPolicyName + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) **out = **in } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentObservation. +func (in *ManagedPolicyAttachmentObservation) DeepCopy() *ManagedPolicyAttachmentObservation { + if in == nil { + return nil + } + out := new(ManagedPolicyAttachmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentParameters) DeepCopyInto(out *ManagedPolicyAttachmentParameters) { + *out = *in if in.InstanceArn != nil { in, out := &in.InstanceArn, &out.InstanceArn *out = new(string) **out = **in } - if in.Name != nil { - in, out := &in.Name, &out.Name + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn *out = new(string) **out = **in } - if in.RelayState != nil { - in, out := &in.RelayState, &out.RelayState + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn *out = new(string) **out = **in } - if in.SessionDuration != nil { - in, out := &in.SessionDuration, &out.SessionDuration + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region *out = new(string) **out = **in } - if in.Tags != nil { - in, out := &in.Tags, &out.Tags - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentParameters. +func (in *ManagedPolicyAttachmentParameters) DeepCopy() *ManagedPolicyAttachmentParameters { + if in == nil { + return nil } - if in.TagsAll != nil { - in, out := &in.TagsAll, &out.TagsAll - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } + out := new(ManagedPolicyAttachmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentSpec) DeepCopyInto(out *ManagedPolicyAttachmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + out.InitProvider = in.InitProvider +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentSpec. +func (in *ManagedPolicyAttachmentSpec) DeepCopy() *ManagedPolicyAttachmentSpec { + if in == nil { + return nil } + out := new(ManagedPolicyAttachmentSpec) + in.DeepCopyInto(out) + return out } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetObservation. -func (in *PermissionSetObservation) DeepCopy() *PermissionSetObservation { +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedPolicyAttachmentStatus) DeepCopyInto(out *ManagedPolicyAttachmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedPolicyAttachmentStatus. +func (in *ManagedPolicyAttachmentStatus) DeepCopy() *ManagedPolicyAttachmentStatus { if in == nil { return nil } - out := new(PermissionSetObservation) + out := new(ManagedPolicyAttachmentStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { +func (in *PermissionSet) DeepCopyInto(out *PermissionSet) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet. +func (in *PermissionSet) DeepCopy() *PermissionSet { + if in == nil { + return nil + } + out := new(PermissionSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInitParameters) DeepCopyInto(out *PermissionSetInitParameters) { *out = *in if in.Description != nil { in, out := &in.Description, &out.Description @@ -830,11 +1032,6 @@ func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { *out = new(string) **out = **in } - if in.Region != nil { - in, out := &in.Region, &out.Region - *out = new(string) - **out = **in - } if in.RelayState != nil { in, out := &in.RelayState, &out.RelayState *out = new(string) @@ -863,47 +1060,860 @@ func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetParameters. -func (in *PermissionSetParameters) DeepCopy() *PermissionSetParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInitParameters. +func (in *PermissionSetInitParameters) DeepCopy() *PermissionSetInitParameters { if in == nil { return nil } - out := new(PermissionSetParameters) + out := new(PermissionSetInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetSpec) DeepCopyInto(out *PermissionSetSpec) { +func (in *PermissionSetInlinePolicy) DeepCopyInto(out *PermissionSetInlinePolicy) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetSpec. -func (in *PermissionSetSpec) DeepCopy() *PermissionSetSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicy. +func (in *PermissionSetInlinePolicy) DeepCopy() *PermissionSetInlinePolicy { if in == nil { return nil } - out := new(PermissionSetSpec) + out := new(PermissionSetInlinePolicy) in.DeepCopyInto(out) return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PermissionSetStatus) DeepCopyInto(out *PermissionSetStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSetInlinePolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyInitParameters) DeepCopyInto(out *PermissionSetInlinePolicyInitParameters) { + *out = *in + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyInitParameters. +func (in *PermissionSetInlinePolicyInitParameters) DeepCopy() *PermissionSetInlinePolicyInitParameters { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyList) DeepCopyInto(out *PermissionSetInlinePolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionSetInlinePolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyList. +func (in *PermissionSetInlinePolicyList) DeepCopy() *PermissionSetInlinePolicyList { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSetInlinePolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyObservation) DeepCopyInto(out *PermissionSetInlinePolicyObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyObservation. +func (in *PermissionSetInlinePolicyObservation) DeepCopy() *PermissionSetInlinePolicyObservation { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyParameters) DeepCopyInto(out *PermissionSetInlinePolicyParameters) { + *out = *in + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyParameters. +func (in *PermissionSetInlinePolicyParameters) DeepCopy() *PermissionSetInlinePolicyParameters { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicySpec) DeepCopyInto(out *PermissionSetInlinePolicySpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicySpec. +func (in *PermissionSetInlinePolicySpec) DeepCopy() *PermissionSetInlinePolicySpec { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetInlinePolicyStatus) DeepCopyInto(out *PermissionSetInlinePolicyStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetInlinePolicyStatus. +func (in *PermissionSetInlinePolicyStatus) DeepCopy() *PermissionSetInlinePolicyStatus { + if in == nil { + return nil + } + out := new(PermissionSetInlinePolicyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetList) DeepCopyInto(out *PermissionSetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetList. +func (in *PermissionSetList) DeepCopy() *PermissionSetList { + if in == nil { + return nil + } + out := new(PermissionSetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetObservation) DeepCopyInto(out *PermissionSetObservation) { + *out = *in + if in.Arn != nil { + in, out := &in.Arn, &out.Arn + *out = new(string) + **out = **in + } + if in.CreatedDate != nil { + in, out := &in.CreatedDate, &out.CreatedDate + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } + if in.SessionDuration != nil { + in, out := &in.SessionDuration, &out.SessionDuration + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.TagsAll != nil { + in, out := &in.TagsAll, &out.TagsAll + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetObservation. +func (in *PermissionSetObservation) DeepCopy() *PermissionSetObservation { + if in == nil { + return nil + } + out := new(PermissionSetObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetParameters) DeepCopyInto(out *PermissionSetParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.RelayState != nil { + in, out := &in.RelayState, &out.RelayState + *out = new(string) + **out = **in + } + if in.SessionDuration != nil { + in, out := &in.SessionDuration, &out.SessionDuration + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetParameters. +func (in *PermissionSetParameters) DeepCopy() *PermissionSetParameters { + if in == nil { + return nil + } + out := new(PermissionSetParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetSpec) DeepCopyInto(out *PermissionSetSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetSpec. +func (in *PermissionSetSpec) DeepCopy() *PermissionSetSpec { + if in == nil { + return nil + } + out := new(PermissionSetSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionSetStatus) DeepCopyInto(out *PermissionSetStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSetStatus. func (in *PermissionSetStatus) DeepCopy() *PermissionSetStatus { if in == nil { return nil } - out := new(PermissionSetStatus) + out := new(PermissionSetStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachment) DeepCopyInto(out *PermissionsBoundaryAttachment) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachment. +func (in *PermissionsBoundaryAttachment) DeepCopy() *PermissionsBoundaryAttachment { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionsBoundaryAttachment) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentInitParameters) DeepCopyInto(out *PermissionsBoundaryAttachmentInitParameters) { + *out = *in + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentInitParameters. +func (in *PermissionsBoundaryAttachmentInitParameters) DeepCopy() *PermissionsBoundaryAttachmentInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentList) DeepCopyInto(out *PermissionsBoundaryAttachmentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PermissionsBoundaryAttachment, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentList. +func (in *PermissionsBoundaryAttachmentList) DeepCopy() *PermissionsBoundaryAttachmentList { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PermissionsBoundaryAttachmentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentObservation) DeepCopyInto(out *PermissionsBoundaryAttachmentObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentObservation. +func (in *PermissionsBoundaryAttachmentObservation) DeepCopy() *PermissionsBoundaryAttachmentObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentParameters) DeepCopyInto(out *PermissionsBoundaryAttachmentParameters) { + *out = *in + if in.InstanceArn != nil { + in, out := &in.InstanceArn, &out.InstanceArn + *out = new(string) + **out = **in + } + if in.PermissionSetArn != nil { + in, out := &in.PermissionSetArn, &out.PermissionSetArn + *out = new(string) + **out = **in + } + if in.PermissionSetArnRef != nil { + in, out := &in.PermissionSetArnRef, &out.PermissionSetArnRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PermissionSetArnSelector != nil { + in, out := &in.PermissionSetArnSelector, &out.PermissionSetArnSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.PermissionsBoundary != nil { + in, out := &in.PermissionsBoundary, &out.PermissionsBoundary + *out = make([]PermissionsBoundaryParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentParameters. +func (in *PermissionsBoundaryAttachmentParameters) DeepCopy() *PermissionsBoundaryAttachmentParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentSpec) DeepCopyInto(out *PermissionsBoundaryAttachmentSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentSpec. +func (in *PermissionsBoundaryAttachmentSpec) DeepCopy() *PermissionsBoundaryAttachmentSpec { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryAttachmentStatus) DeepCopyInto(out *PermissionsBoundaryAttachmentStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryAttachmentStatus. +func (in *PermissionsBoundaryAttachmentStatus) DeepCopy() *PermissionsBoundaryAttachmentStatus { + if in == nil { + return nil + } + out := new(PermissionsBoundaryAttachmentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceObservation. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceObservation) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) DeepCopyInto(out *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.NameRef != nil { + in, out := &in.NameRef, &out.NameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NameSelector != nil { + in, out := &in.NameSelector, &out.NameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryCustomerManagedPolicyReferenceParameters. +func (in *PermissionsBoundaryCustomerManagedPolicyReferenceParameters) DeepCopy() *PermissionsBoundaryCustomerManagedPolicyReferenceParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryCustomerManagedPolicyReferenceParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryInitParameters) DeepCopyInto(out *PermissionsBoundaryInitParameters) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryInitParameters. +func (in *PermissionsBoundaryInitParameters) DeepCopy() *PermissionsBoundaryInitParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryObservation) DeepCopyInto(out *PermissionsBoundaryObservation) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryObservation. +func (in *PermissionsBoundaryObservation) DeepCopy() *PermissionsBoundaryObservation { + if in == nil { + return nil + } + out := new(PermissionsBoundaryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsBoundaryParameters) DeepCopyInto(out *PermissionsBoundaryParameters) { + *out = *in + if in.CustomerManagedPolicyReference != nil { + in, out := &in.CustomerManagedPolicyReference, &out.CustomerManagedPolicyReference + *out = make([]PermissionsBoundaryCustomerManagedPolicyReferenceParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ManagedPolicyArn != nil { + in, out := &in.ManagedPolicyArn, &out.ManagedPolicyArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsBoundaryParameters. +func (in *PermissionsBoundaryParameters) DeepCopy() *PermissionsBoundaryParameters { + if in == nil { + return nil + } + out := new(PermissionsBoundaryParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValueInitParameters) DeepCopyInto(out *ValueInitParameters) { + *out = *in + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueInitParameters. +func (in *ValueInitParameters) DeepCopy() *ValueInitParameters { + if in == nil { + return nil + } + out := new(ValueInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValueObservation) DeepCopyInto(out *ValueObservation) { + *out = *in + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueObservation. +func (in *ValueObservation) DeepCopy() *ValueObservation { + if in == nil { + return nil + } + out := new(ValueObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValueParameters) DeepCopyInto(out *ValueParameters) { + *out = *in + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueParameters. +func (in *ValueParameters) DeepCopy() *ValueParameters { + if in == nil { + return nil + } + out := new(ValueParameters) in.DeepCopyInto(out) return out } diff --git a/apis/ssoadmin/v1beta1/zz_generated.managed.go b/apis/ssoadmin/v1beta1/zz_generated.managed.go index c0dd6c2b70..d468a8a60c 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.managed.go +++ b/apis/ssoadmin/v1beta1/zz_generated.managed.go @@ -67,6 +67,126 @@ func (mg *AccountAssignment) SetWriteConnectionSecretToReference(r *xpv1.SecretR mg.Spec.WriteConnectionSecretToReference = r } +// GetCondition of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this InstanceAccessControlAttributes. +func (mg *InstanceAccessControlAttributes) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this ManagedPolicyAttachment. func (mg *ManagedPolicyAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) @@ -246,3 +366,63 @@ func (mg *PermissionSetInlinePolicy) SetPublishConnectionDetailsTo(r *xpv1.Publi func (mg *PermissionSetInlinePolicy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.managedlist.go b/apis/ssoadmin/v1beta1/zz_generated.managedlist.go index a36bfcf74c..a59fae04fa 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.managedlist.go +++ b/apis/ssoadmin/v1beta1/zz_generated.managedlist.go @@ -16,6 +16,24 @@ func (l *AccountAssignmentList) GetItems() []resource.Managed { return items } +// GetItems of this CustomerManagedPolicyAttachmentList. +func (l *CustomerManagedPolicyAttachmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this InstanceAccessControlAttributesList. +func (l *InstanceAccessControlAttributesList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this ManagedPolicyAttachmentList. func (l *ManagedPolicyAttachmentList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) @@ -42,3 +60,12 @@ func (l *PermissionSetList) GetItems() []resource.Managed { } return items } + +// GetItems of this PermissionsBoundaryAttachmentList. +func (l *PermissionsBoundaryAttachmentList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/ssoadmin/v1beta1/zz_generated.resolvers.go b/apis/ssoadmin/v1beta1/zz_generated.resolvers.go index 1a15ab0f31..28bc094cd1 100644 --- a/apis/ssoadmin/v1beta1/zz_generated.resolvers.go +++ b/apis/ssoadmin/v1beta1/zz_generated.resolvers.go @@ -10,9 +10,98 @@ import ( reference "github.com/crossplane/crossplane-runtime/pkg/reference" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" + v1beta11 "github.com/upbound/provider-aws/apis/iam/v1beta1" + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + common "github.com/upbound/provider-aws/config/common" client "sigs.k8s.io/controller-runtime/pkg/client" ) +// ResolveReferences of this AccountAssignment. +func (mg *AccountAssignment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: common.ARNExtractor(), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrincipalID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PrincipalIDFromGroupRef, + Selector: mg.Spec.ForProvider.PrincipalIDFromGroupSelector, + To: reference.To{ + List: &v1beta1.GroupList{}, + Managed: &v1beta1.Group{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrincipalID") + } + mg.Spec.ForProvider.PrincipalID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrincipalIDFromGroupRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this CustomerManagedPolicyAttachment. +func (mg *CustomerManagedPolicyAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + for i3 := 0; i3 < len(mg.Spec.ForProvider.CustomerManagedPolicyReference); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].Name), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].PolicyNameRef, + Selector: mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].PolicyNameSelector, + To: reference.To{ + List: &v1beta11.PolicyList{}, + Managed: &v1beta11.Policy{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].Name") + } + mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.CustomerManagedPolicyReference[i3].PolicyNameRef = rsp.ResolvedReference + + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: resource.ExtractParamPath("arn", true), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + return nil +} + // ResolveReferences of this ManagedPolicyAttachment. func (mg *ManagedPolicyAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { r := reference.NewAPIResolver(c, mg) @@ -64,3 +153,50 @@ func (mg *PermissionSetInlinePolicy) ResolveReferences(ctx context.Context, c cl return nil } + +// ResolveReferences of this PermissionsBoundaryAttachment. +func (mg *PermissionsBoundaryAttachment) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionSetArn), + Extract: resource.ExtractParamPath("arn", true), + Reference: mg.Spec.ForProvider.PermissionSetArnRef, + Selector: mg.Spec.ForProvider.PermissionSetArnSelector, + To: reference.To{ + List: &PermissionSetList{}, + Managed: &PermissionSet{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionSetArn") + } + mg.Spec.ForProvider.PermissionSetArn = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionSetArnRef = rsp.ResolvedReference + + for i3 := 0; i3 < len(mg.Spec.ForProvider.PermissionsBoundary); i3++ { + for i4 := 0; i4 < len(mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference); i4++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameRef, + Selector: mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameSelector, + To: reference.To{ + List: &v1beta11.PolicyList{}, + Managed: &v1beta11.Policy{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name") + } + mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PermissionsBoundary[i3].CustomerManagedPolicyReference[i4].NameRef = rsp.ResolvedReference + + } + } + + return nil +} diff --git a/apis/ssoadmin/v1beta1/zz_generated_terraformed.go b/apis/ssoadmin/v1beta1/zz_generated_terraformed.go index 3f8020e877..635f279e92 100755 --- a/apis/ssoadmin/v1beta1/zz_generated_terraformed.go +++ b/apis/ssoadmin/v1beta1/zz_generated_terraformed.go @@ -132,6 +132,234 @@ func (tr *AccountAssignment) GetTerraformSchemaVersion() int { return 0 } +// GetTerraformResourceType returns Terraform resource type for this CustomerManagedPolicyAttachment +func (mg *CustomerManagedPolicyAttachment) GetTerraformResourceType() string { + return "aws_ssoadmin_customer_managed_policy_attachment" +} + +// GetConnectionDetailsMapping for this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this CustomerManagedPolicyAttachment +func (tr *CustomerManagedPolicyAttachment) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this CustomerManagedPolicyAttachment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *CustomerManagedPolicyAttachment) LateInitialize(attrs []byte) (bool, error) { + params := &CustomerManagedPolicyAttachmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *CustomerManagedPolicyAttachment) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this InstanceAccessControlAttributes +func (mg *InstanceAccessControlAttributes) GetTerraformResourceType() string { + return "aws_ssoadmin_instance_access_control_attributes" +} + +// GetConnectionDetailsMapping for this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this InstanceAccessControlAttributes +func (tr *InstanceAccessControlAttributes) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this InstanceAccessControlAttributes using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *InstanceAccessControlAttributes) LateInitialize(attrs []byte) (bool, error) { + params := &InstanceAccessControlAttributesParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *InstanceAccessControlAttributes) GetTerraformSchemaVersion() int { + return 0 +} + // GetTerraformResourceType returns Terraform resource type for this ManagedPolicyAttachment func (mg *ManagedPolicyAttachment) GetTerraformResourceType() string { return "aws_ssoadmin_managed_policy_attachment" @@ -473,3 +701,117 @@ func (tr *PermissionSetInlinePolicy) LateInitialize(attrs []byte) (bool, error) func (tr *PermissionSetInlinePolicy) GetTerraformSchemaVersion() int { return 0 } + +// GetTerraformResourceType returns Terraform resource type for this PermissionsBoundaryAttachment +func (mg *PermissionsBoundaryAttachment) GetTerraformResourceType() string { + return "aws_ssoadmin_permissions_boundary_attachment" +} + +// GetConnectionDetailsMapping for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this PermissionsBoundaryAttachment +func (tr *PermissionsBoundaryAttachment) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this PermissionsBoundaryAttachment using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *PermissionsBoundaryAttachment) LateInitialize(attrs []byte) (bool, error) { + params := &PermissionsBoundaryAttachmentParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *PermissionsBoundaryAttachment) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go b/apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go new file mode 100755 index 0000000000..0bb9925669 --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_instanceaccesscontrolattributes_types.go @@ -0,0 +1,165 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AttributeInitParameters struct { + + // The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue + Value []ValueInitParameters `json:"value,omitempty" tf:"value,omitempty"` +} + +type AttributeObservation struct { + + // The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue + Value []ValueObservation `json:"value,omitempty" tf:"value,omitempty"` +} + +type AttributeParameters struct { + + // The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. + // +kubebuilder:validation:Optional + Key *string `json:"key" tf:"key,omitempty"` + + // The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue + // +kubebuilder:validation:Optional + Value []ValueParameters `json:"value" tf:"value,omitempty"` +} + +type InstanceAccessControlAttributesInitParameters struct { + + // See AccessControlAttribute for more details. + Attribute []AttributeInitParameters `json:"attribute,omitempty" tf:"attribute,omitempty"` +} + +type InstanceAccessControlAttributesObservation struct { + + // See AccessControlAttribute for more details. + Attribute []AttributeObservation `json:"attribute,omitempty" tf:"attribute,omitempty"` + + // The identifier of the Instance Access Control Attribute instance_arn. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + Status *string `json:"status,omitempty" tf:"status,omitempty"` + + StatusReason *string `json:"statusReason,omitempty" tf:"status_reason,omitempty"` +} + +type InstanceAccessControlAttributesParameters struct { + + // See AccessControlAttribute for more details. + // +kubebuilder:validation:Optional + Attribute []AttributeParameters `json:"attribute,omitempty" tf:"attribute,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance. + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type ValueInitParameters struct { + + // The identity source to use when mapping a specified attribute to AWS SSO. + Source []*string `json:"source,omitempty" tf:"source,omitempty"` +} + +type ValueObservation struct { + + // The identity source to use when mapping a specified attribute to AWS SSO. + Source []*string `json:"source,omitempty" tf:"source,omitempty"` +} + +type ValueParameters struct { + + // The identity source to use when mapping a specified attribute to AWS SSO. + // +kubebuilder:validation:Optional + Source []*string `json:"source" tf:"source,omitempty"` +} + +// InstanceAccessControlAttributesSpec defines the desired state of InstanceAccessControlAttributes +type InstanceAccessControlAttributesSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider InstanceAccessControlAttributesParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider InstanceAccessControlAttributesInitParameters `json:"initProvider,omitempty"` +} + +// InstanceAccessControlAttributesStatus defines the observed state of InstanceAccessControlAttributes. +type InstanceAccessControlAttributesStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider InstanceAccessControlAttributesObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// InstanceAccessControlAttributes is the Schema for the InstanceAccessControlAttributess API. Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type InstanceAccessControlAttributes struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.attribute) || (has(self.initProvider) && has(self.initProvider.attribute))",message="spec.forProvider.attribute is a required parameter" + Spec InstanceAccessControlAttributesSpec `json:"spec"` + Status InstanceAccessControlAttributesStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// InstanceAccessControlAttributesList contains a list of InstanceAccessControlAttributess +type InstanceAccessControlAttributesList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []InstanceAccessControlAttributes `json:"items"` +} + +// Repository type metadata. +var ( + InstanceAccessControlAttributes_Kind = "InstanceAccessControlAttributes" + InstanceAccessControlAttributes_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: InstanceAccessControlAttributes_Kind}.String() + InstanceAccessControlAttributes_KindAPIVersion = InstanceAccessControlAttributes_Kind + "." + CRDGroupVersion.String() + InstanceAccessControlAttributes_GroupVersionKind = CRDGroupVersion.WithKind(InstanceAccessControlAttributes_Kind) +) + +func init() { + SchemeBuilder.Register(&InstanceAccessControlAttributes{}, &InstanceAccessControlAttributesList{}) +} diff --git a/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go b/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go new file mode 100755 index 0000000000..98e0d90765 --- /dev/null +++ b/apis/ssoadmin/v1beta1/zz_permissionsboundaryattachment_types.go @@ -0,0 +1,194 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type PermissionsBoundaryAttachmentInitParameters struct { + + // The permissions boundary policy. See below. + PermissionsBoundary []PermissionsBoundaryInitParameters `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` +} + +type PermissionsBoundaryAttachmentObservation struct { + + // Permission Set Amazon Resource Name (ARN) and SSO Instance ARN, separated by a comma (,). + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + InstanceArn *string `json:"instanceArn,omitempty" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // The permissions boundary policy. See below. + PermissionsBoundary []PermissionsBoundaryObservation `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` +} + +type PermissionsBoundaryAttachmentParameters struct { + + // The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. + // +kubebuilder:validation:Required + InstanceArn *string `json:"instanceArn" tf:"instance_arn,omitempty"` + + // The Amazon Resource Name (ARN) of the Permission Set. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/ssoadmin/v1beta1.PermissionSet + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("arn",true) + // +kubebuilder:validation:Optional + PermissionSetArn *string `json:"permissionSetArn,omitempty" tf:"permission_set_arn,omitempty"` + + // Reference to a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnRef *v1.Reference `json:"permissionSetArnRef,omitempty" tf:"-"` + + // Selector for a PermissionSet in ssoadmin to populate permissionSetArn. + // +kubebuilder:validation:Optional + PermissionSetArnSelector *v1.Selector `json:"permissionSetArnSelector,omitempty" tf:"-"` + + // The permissions boundary policy. See below. + // +kubebuilder:validation:Optional + PermissionsBoundary []PermissionsBoundaryParameters `json:"permissionsBoundary,omitempty" tf:"permissions_boundary,omitempty"` + + // Region is the region you'd like your resource to be created in. + // +upjet:crd:field:TFTag=- + // +kubebuilder:validation:Required + Region *string `json:"region" tf:"-"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters struct { + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceObservation struct { + + // Name of the customer managed IAM Policy to be attached. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryCustomerManagedPolicyReferenceParameters struct { + + // Name of the customer managed IAM Policy to be attached. + // +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/iam/v1beta1.Policy + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Reference to a Policy in iam to populate name. + // +kubebuilder:validation:Optional + NameRef *v1.Reference `json:"nameRef,omitempty" tf:"-"` + + // Selector for a Policy in iam to populate name. + // +kubebuilder:validation:Optional + NameSelector *v1.Selector `json:"nameSelector,omitempty" tf:"-"` + + // The path to the IAM policy to be attached. The default is /. See IAM Identifiers for more information. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PermissionsBoundaryInitParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceInitParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +type PermissionsBoundaryObservation struct { + + // Specifies the name and path of a customer managed policy. See below. + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceObservation `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +type PermissionsBoundaryParameters struct { + + // Specifies the name and path of a customer managed policy. See below. + // +kubebuilder:validation:Optional + CustomerManagedPolicyReference []PermissionsBoundaryCustomerManagedPolicyReferenceParameters `json:"customerManagedPolicyReference,omitempty" tf:"customer_managed_policy_reference,omitempty"` + + // AWS-managed IAM policy ARN to use as the permissions boundary. + // +kubebuilder:validation:Optional + ManagedPolicyArn *string `json:"managedPolicyArn,omitempty" tf:"managed_policy_arn,omitempty"` +} + +// PermissionsBoundaryAttachmentSpec defines the desired state of PermissionsBoundaryAttachment +type PermissionsBoundaryAttachmentSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider PermissionsBoundaryAttachmentParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider PermissionsBoundaryAttachmentInitParameters `json:"initProvider,omitempty"` +} + +// PermissionsBoundaryAttachmentStatus defines the observed state of PermissionsBoundaryAttachment. +type PermissionsBoundaryAttachmentStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider PermissionsBoundaryAttachmentObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// PermissionsBoundaryAttachment is the Schema for the PermissionsBoundaryAttachments API. Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission Set resource. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws} +type PermissionsBoundaryAttachment struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permissionsBoundary) || (has(self.initProvider) && has(self.initProvider.permissionsBoundary))",message="spec.forProvider.permissionsBoundary is a required parameter" + Spec PermissionsBoundaryAttachmentSpec `json:"spec"` + Status PermissionsBoundaryAttachmentStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// PermissionsBoundaryAttachmentList contains a list of PermissionsBoundaryAttachments +type PermissionsBoundaryAttachmentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PermissionsBoundaryAttachment `json:"items"` +} + +// Repository type metadata. +var ( + PermissionsBoundaryAttachment_Kind = "PermissionsBoundaryAttachment" + PermissionsBoundaryAttachment_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: PermissionsBoundaryAttachment_Kind}.String() + PermissionsBoundaryAttachment_KindAPIVersion = PermissionsBoundaryAttachment_Kind + "." + CRDGroupVersion.String() + PermissionsBoundaryAttachment_GroupVersionKind = CRDGroupVersion.WithKind(PermissionsBoundaryAttachment_Kind) +) + +func init() { + SchemeBuilder.Register(&PermissionsBoundaryAttachment{}, &PermissionsBoundaryAttachmentList{}) +} diff --git a/apis/zz_register.go b/apis/zz_register.go index 9033364a06..f4faa82d0b 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -95,6 +95,7 @@ import ( v1beta1grafana "github.com/upbound/provider-aws/apis/grafana/v1beta1" v1beta1guardduty "github.com/upbound/provider-aws/apis/guardduty/v1beta1" v1beta1iam "github.com/upbound/provider-aws/apis/iam/v1beta1" + v1beta1identitystore "github.com/upbound/provider-aws/apis/identitystore/v1beta1" v1beta1imagebuilder "github.com/upbound/provider-aws/apis/imagebuilder/v1beta1" v1beta1inspector "github.com/upbound/provider-aws/apis/inspector/v1beta1" v1beta1inspector2 "github.com/upbound/provider-aws/apis/inspector2/v1beta1" @@ -259,6 +260,7 @@ func init() { v1beta1grafana.SchemeBuilder.AddToScheme, v1beta1guardduty.SchemeBuilder.AddToScheme, v1beta1iam.SchemeBuilder.AddToScheme, + v1beta1identitystore.SchemeBuilder.AddToScheme, v1beta1imagebuilder.SchemeBuilder.AddToScheme, v1beta1inspector.SchemeBuilder.AddToScheme, v1beta1inspector2.SchemeBuilder.AddToScheme, diff --git a/cmd/provider/identitystore/zz_main.go b/cmd/provider/identitystore/zz_main.go new file mode 100644 index 0000000000..274a06b3da --- /dev/null +++ b/cmd/provider/identitystore/zz_main.go @@ -0,0 +1,162 @@ +/* +Copyright 2021 Upbound Inc. +*/ + +package main + +import ( + "context" + "math/rand" + "os" + "path/filepath" + "time" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" + xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" + "github.com/crossplane/crossplane-runtime/pkg/feature" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/terraform" + "gopkg.in/alecthomas/kingpin.v2" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/leaderelection/resourcelock" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + "github.com/upbound/provider-aws/apis" + "github.com/upbound/provider-aws/apis/v1alpha1" + "github.com/upbound/provider-aws/config" + "github.com/upbound/provider-aws/internal/clients" + "github.com/upbound/provider-aws/internal/controller" + "github.com/upbound/provider-aws/internal/features" +) + +func main() { + var ( + app = kingpin.New(filepath.Base(os.Args[0]), "AWS support for Crossplane.").DefaultEnvars() + debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() + syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() + pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() + leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() + maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may be checked for drift from the desired state.").Default("100").Int() + pluginProcessTTL = app.Flag("provider-ttl", "TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Default("100").Int() + + namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() + enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() + enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() + ) + setupConfig := &clients.SetupConfig{} + setupConfig.TerraformVersion = app.Flag("terraform-version", "Terraform version.").Required().Envar("TERRAFORM_VERSION").String() + setupConfig.NativeProviderSource = app.Flag("terraform-provider-source", "Terraform provider source.").Required().Envar("TERRAFORM_PROVIDER_SOURCE").String() + setupConfig.NativeProviderVersion = app.Flag("terraform-provider-version", "Terraform provider version.").Required().Envar("TERRAFORM_PROVIDER_VERSION").String() + setupConfig.NativeProviderPath = app.Flag("terraform-native-provider-path", "Terraform native provider path for shared execution.").Default("").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").String() + + kingpin.MustParse(app.Parse(os.Args[1:])) + + zl := zap.New(zap.UseDevMode(*debug)) + log := logging.NewLogrLogger(zl.WithName("provider-aws")) + if *debug { + // The controller-runtime runs with a no-op logger by default. It is + // *very* verbose even at info level, so we only provide it a real + // logger when we're running in debug mode. + ctrl.SetLogger(zl) + } + + // currently, we configure the jitter to be the 5% of the poll interval + pollJitter := time.Duration(float64(*pollInterval) * 0.05) + log.Debug("Starting", "sync-interval", syncInterval.String(), + "poll-interval", pollInterval.String(), "poll-jitter", pollJitter, "max-reconcile-rate", *maxReconcileRate) + + cfg, err := ctrl.GetConfig() + kingpin.FatalIfError(err, "Cannot get API server rest config") + + mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ + LeaderElection: *leaderElection, + LeaderElectionID: "crossplane-leader-election-provider-aws-identitystore", + Cache: cache.Options{ + SyncPeriod: syncInterval, + }, + LeaderElectionResourceLock: resourcelock.LeasesResourceLock, + LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), + RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), + }) + kingpin.FatalIfError(err, "Cannot create controller manager") + kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add AWS APIs to scheme") + + // if the native Terraform provider plugin's path is not configured via + // the env. variable TERRAFORM_NATIVE_PROVIDER_PATH or + // the `--terraform-native-provider-path` command-line option, + // we do not use the shared gRPC server and default to the regular + // Terraform CLI behaviour (of forking a plugin process per invocation). + // This removes some complexity for setting up development environments. + setupConfig.DefaultScheduler = terraform.NewNoOpProviderScheduler() + if len(*setupConfig.NativeProviderPath) != 0 { + setupConfig.DefaultScheduler = terraform.NewSharedProviderScheduler(log, *pluginProcessTTL, + terraform.WithSharedProviderOptions(terraform.WithNativeProviderPath(*setupConfig.NativeProviderPath), terraform.WithNativeProviderName("registry.terraform.io/"+*setupConfig.NativeProviderSource))) + } + + ctx := context.Background() + provider, err := config.GetProvider(ctx, false) + kingpin.FatalIfError(err, "Cannot initialize the provider configuration") + setupConfig.TerraformProvider = provider.TerraformProvider + o := tjcontroller.Options{ + Options: xpcontroller.Options{ + Logger: log, + GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), + PollInterval: *pollInterval, + MaxConcurrentReconciles: *maxReconcileRate, + Features: &feature.Flags{}, + }, + Provider: provider, + SetupFn: clients.SelectTerraformSetup(log, setupConfig), + PollJitter: pollJitter, + OperationTrackerStore: tjcontroller.NewOperationStore(log), + } + + if *enableManagementPolicies { + o.Features.Enable(features.EnableBetaManagementPolicies) + log.Info("Beta feature enabled", "flag", features.EnableBetaManagementPolicies) + } + + o.WorkspaceStore = terraform.NewWorkspaceStore(log, terraform.WithDisableInit(len(*setupConfig.NativeProviderPath) != 0), terraform.WithProcessReportInterval(*pollInterval), terraform.WithFeatures(o.Features)) + + if *enableExternalSecretStores { + o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind + log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + + o.ESSOptions = &tjcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + + // Ensure default store config exists. + kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(ctx, &v1alpha1.StoreConfig{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "default", + }, + Spec: v1alpha1.StoreConfigSpec{ + // NOTE(turkenh): We only set required spec and expect optional + // ones to properly be initialized with CRD level default values. + SecretStoreConfig: xpv1.SecretStoreConfig{ + DefaultScope: *namespace, + }, + }, + Status: v1alpha1.StoreConfigStatus{}, + })), "cannot create default store config") + } + + rand.Seed(time.Now().UnixNano()) + kingpin.FatalIfError(controller.Setup_identitystore(mgr, o), "Cannot setup AWS controllers") + kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") +} diff --git a/config/generated.lst b/config/generated.lst index a000532901..94a2cf624f 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_certificate","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_mq_broker","aws_mq_configuration","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file +["aws_accessanalyzer_analyzer","aws_accessanalyzer_archive_rule","aws_account_alternate_contact","aws_acm_certificate","aws_acm_certificate_validation","aws_acmpca_certificate","aws_acmpca_certificate_authority","aws_acmpca_certificate_authority_certificate","aws_acmpca_permission","aws_acmpca_policy","aws_ami","aws_ami_copy","aws_ami_launch_permission","aws_amplify_app","aws_amplify_backend_environment","aws_amplify_branch","aws_amplify_webhook","aws_api_gateway_account","aws_api_gateway_api_key","aws_api_gateway_authorizer","aws_api_gateway_base_path_mapping","aws_api_gateway_client_certificate","aws_api_gateway_deployment","aws_api_gateway_documentation_part","aws_api_gateway_documentation_version","aws_api_gateway_domain_name","aws_api_gateway_gateway_response","aws_api_gateway_integration","aws_api_gateway_integration_response","aws_api_gateway_method","aws_api_gateway_method_response","aws_api_gateway_method_settings","aws_api_gateway_model","aws_api_gateway_request_validator","aws_api_gateway_resource","aws_api_gateway_rest_api","aws_api_gateway_rest_api_policy","aws_api_gateway_stage","aws_api_gateway_usage_plan","aws_api_gateway_usage_plan_key","aws_api_gateway_vpc_link","aws_apigatewayv2_api","aws_apigatewayv2_api_mapping","aws_apigatewayv2_authorizer","aws_apigatewayv2_deployment","aws_apigatewayv2_domain_name","aws_apigatewayv2_integration","aws_apigatewayv2_integration_response","aws_apigatewayv2_model","aws_apigatewayv2_route","aws_apigatewayv2_route_response","aws_apigatewayv2_stage","aws_apigatewayv2_vpc_link","aws_app_cookie_stickiness_policy","aws_appautoscaling_policy","aws_appautoscaling_scheduled_action","aws_appautoscaling_target","aws_appconfig_application","aws_appconfig_configuration_profile","aws_appconfig_deployment","aws_appconfig_deployment_strategy","aws_appconfig_environment","aws_appconfig_extension","aws_appconfig_extension_association","aws_appconfig_hosted_configuration_version","aws_appflow_flow","aws_appintegrations_event_integration","aws_applicationinsights_application","aws_appmesh_gateway_route","aws_appmesh_mesh","aws_appmesh_route","aws_appmesh_virtual_gateway","aws_appmesh_virtual_node","aws_appmesh_virtual_router","aws_appmesh_virtual_service","aws_apprunner_auto_scaling_configuration_version","aws_apprunner_connection","aws_apprunner_observability_configuration","aws_apprunner_service","aws_apprunner_vpc_connector","aws_appstream_directory_config","aws_appstream_fleet","aws_appstream_fleet_stack_association","aws_appstream_image_builder","aws_appstream_stack","aws_appstream_user","aws_appstream_user_stack_association","aws_appsync_api_cache","aws_appsync_api_key","aws_appsync_datasource","aws_appsync_function","aws_appsync_graphql_api","aws_appsync_resolver","aws_athena_data_catalog","aws_athena_database","aws_athena_named_query","aws_athena_workgroup","aws_autoscaling_attachment","aws_autoscaling_group","aws_autoscaling_group_tag","aws_autoscaling_lifecycle_hook","aws_autoscaling_notification","aws_autoscaling_policy","aws_autoscaling_schedule","aws_autoscalingplans_scaling_plan","aws_backup_framework","aws_backup_global_settings","aws_backup_plan","aws_backup_region_settings","aws_backup_report_plan","aws_backup_selection","aws_backup_vault","aws_backup_vault_lock_configuration","aws_backup_vault_notifications","aws_backup_vault_policy","aws_batch_job_definition","aws_batch_scheduling_policy","aws_budgets_budget","aws_budgets_budget_action","aws_ce_anomaly_monitor","aws_chime_voice_connector","aws_chime_voice_connector_group","aws_chime_voice_connector_logging","aws_chime_voice_connector_origination","aws_chime_voice_connector_streaming","aws_chime_voice_connector_termination","aws_chime_voice_connector_termination_credentials","aws_cloud9_environment_ec2","aws_cloud9_environment_membership","aws_cloudcontrolapi_resource","aws_cloudformation_stack","aws_cloudformation_stack_set","aws_cloudfront_cache_policy","aws_cloudfront_distribution","aws_cloudfront_field_level_encryption_config","aws_cloudfront_field_level_encryption_profile","aws_cloudfront_function","aws_cloudfront_key_group","aws_cloudfront_monitoring_subscription","aws_cloudfront_origin_access_control","aws_cloudfront_origin_access_identity","aws_cloudfront_origin_request_policy","aws_cloudfront_public_key","aws_cloudfront_realtime_log_config","aws_cloudfront_response_headers_policy","aws_cloudsearch_domain","aws_cloudsearch_domain_service_access_policy","aws_cloudtrail","aws_cloudtrail_event_data_store","aws_cloudwatch_composite_alarm","aws_cloudwatch_dashboard","aws_cloudwatch_event_api_destination","aws_cloudwatch_event_archive","aws_cloudwatch_event_bus","aws_cloudwatch_event_bus_policy","aws_cloudwatch_event_connection","aws_cloudwatch_event_permission","aws_cloudwatch_event_rule","aws_cloudwatch_event_target","aws_cloudwatch_log_destination","aws_cloudwatch_log_destination_policy","aws_cloudwatch_log_group","aws_cloudwatch_log_metric_filter","aws_cloudwatch_log_resource_policy","aws_cloudwatch_log_stream","aws_cloudwatch_log_subscription_filter","aws_cloudwatch_metric_alarm","aws_cloudwatch_metric_stream","aws_cloudwatch_query_definition","aws_codecommit_approval_rule_template","aws_codecommit_approval_rule_template_association","aws_codecommit_repository","aws_codecommit_trigger","aws_codedeploy_app","aws_codedeploy_deployment_config","aws_codedeploy_deployment_group","aws_codepipeline","aws_codepipeline_custom_action_type","aws_codepipeline_webhook","aws_codestarconnections_connection","aws_codestarconnections_host","aws_codestarnotifications_notification_rule","aws_cognito_identity_pool","aws_cognito_identity_pool_provider_principal_tag","aws_cognito_identity_pool_roles_attachment","aws_cognito_identity_provider","aws_cognito_resource_server","aws_cognito_risk_configuration","aws_cognito_user","aws_cognito_user_group","aws_cognito_user_in_group","aws_cognito_user_pool","aws_cognito_user_pool_client","aws_cognito_user_pool_domain","aws_cognito_user_pool_ui_customization","aws_config_config_rule","aws_config_configuration_aggregator","aws_config_configuration_recorder","aws_config_configuration_recorder_status","aws_config_conformance_pack","aws_config_delivery_channel","aws_config_remediation_configuration","aws_connect_bot_association","aws_connect_contact_flow","aws_connect_contact_flow_module","aws_connect_hours_of_operation","aws_connect_instance","aws_connect_instance_storage_config","aws_connect_lambda_function_association","aws_connect_phone_number","aws_connect_queue","aws_connect_quick_connect","aws_connect_routing_profile","aws_connect_security_profile","aws_connect_user","aws_connect_user_hierarchy_structure","aws_connect_vocabulary","aws_cur_report_definition","aws_customer_gateway","aws_dataexchange_data_set","aws_dataexchange_revision","aws_datapipeline_pipeline","aws_datasync_location_s3","aws_datasync_task","aws_dax_cluster","aws_dax_parameter_group","aws_dax_subnet_group","aws_db_cluster_snapshot","aws_db_event_subscription","aws_db_instance","aws_db_instance_automated_backups_replication","aws_db_instance_role_association","aws_db_option_group","aws_db_parameter_group","aws_db_proxy","aws_db_proxy_default_target_group","aws_db_proxy_endpoint","aws_db_proxy_target","aws_db_snapshot","aws_db_snapshot_copy","aws_db_subnet_group","aws_default_network_acl","aws_default_route_table","aws_default_security_group","aws_default_subnet","aws_default_vpc","aws_default_vpc_dhcp_options","aws_detective_graph","aws_detective_invitation_accepter","aws_detective_member","aws_devicefarm_device_pool","aws_devicefarm_instance_profile","aws_devicefarm_network_profile","aws_devicefarm_project","aws_devicefarm_test_grid_project","aws_devicefarm_upload","aws_directory_service_conditional_forwarder","aws_directory_service_directory","aws_directory_service_shared_directory","aws_dlm_lifecycle_policy","aws_dms_certificate","aws_dms_endpoint","aws_dms_event_subscription","aws_dms_replication_instance","aws_dms_replication_subnet_group","aws_dms_replication_task","aws_dms_s3_endpoint","aws_docdb_cluster","aws_docdb_cluster_instance","aws_docdb_cluster_parameter_group","aws_docdb_cluster_snapshot","aws_docdb_event_subscription","aws_docdb_global_cluster","aws_docdb_subnet_group","aws_dx_bgp_peer","aws_dx_connection","aws_dx_connection_association","aws_dx_gateway","aws_dx_gateway_association","aws_dx_gateway_association_proposal","aws_dx_hosted_private_virtual_interface","aws_dx_hosted_private_virtual_interface_accepter","aws_dx_hosted_public_virtual_interface","aws_dx_hosted_public_virtual_interface_accepter","aws_dx_hosted_transit_virtual_interface","aws_dx_hosted_transit_virtual_interface_accepter","aws_dx_lag","aws_dx_private_virtual_interface","aws_dx_public_virtual_interface","aws_dx_transit_virtual_interface","aws_dynamodb_contributor_insights","aws_dynamodb_global_table","aws_dynamodb_kinesis_streaming_destination","aws_dynamodb_table","aws_dynamodb_table_item","aws_dynamodb_table_replica","aws_dynamodb_tag","aws_ebs_default_kms_key","aws_ebs_encryption_by_default","aws_ebs_snapshot","aws_ebs_snapshot_copy","aws_ebs_snapshot_import","aws_ebs_volume","aws_ec2_availability_zone_group","aws_ec2_capacity_reservation","aws_ec2_carrier_gateway","aws_ec2_host","aws_ec2_instance_state","aws_ec2_managed_prefix_list","aws_ec2_managed_prefix_list_entry","aws_ec2_network_insights_analysis","aws_ec2_network_insights_path","aws_ec2_serial_console_access","aws_ec2_subnet_cidr_reservation","aws_ec2_tag","aws_ec2_traffic_mirror_filter","aws_ec2_traffic_mirror_filter_rule","aws_ec2_transit_gateway","aws_ec2_transit_gateway_connect","aws_ec2_transit_gateway_connect_peer","aws_ec2_transit_gateway_multicast_domain","aws_ec2_transit_gateway_multicast_domain_association","aws_ec2_transit_gateway_multicast_group_member","aws_ec2_transit_gateway_multicast_group_source","aws_ec2_transit_gateway_peering_attachment","aws_ec2_transit_gateway_peering_attachment_accepter","aws_ec2_transit_gateway_policy_table","aws_ec2_transit_gateway_prefix_list_reference","aws_ec2_transit_gateway_route","aws_ec2_transit_gateway_route_table","aws_ec2_transit_gateway_route_table_association","aws_ec2_transit_gateway_route_table_propagation","aws_ec2_transit_gateway_vpc_attachment","aws_ec2_transit_gateway_vpc_attachment_accepter","aws_ecr_lifecycle_policy","aws_ecr_pull_through_cache_rule","aws_ecr_registry_policy","aws_ecr_registry_scanning_configuration","aws_ecr_replication_configuration","aws_ecr_repository","aws_ecr_repository_policy","aws_ecrpublic_repository","aws_ecrpublic_repository_policy","aws_ecs_account_setting_default","aws_ecs_capacity_provider","aws_ecs_cluster","aws_ecs_cluster_capacity_providers","aws_ecs_service","aws_ecs_task_definition","aws_efs_access_point","aws_efs_backup_policy","aws_efs_file_system","aws_efs_file_system_policy","aws_efs_mount_target","aws_efs_replication_configuration","aws_egress_only_internet_gateway","aws_eip","aws_eip_association","aws_eks_addon","aws_eks_cluster","aws_eks_fargate_profile","aws_eks_identity_provider_config","aws_eks_node_group","aws_elastic_beanstalk_application","aws_elastic_beanstalk_application_version","aws_elastic_beanstalk_configuration_template","aws_elasticache_cluster","aws_elasticache_parameter_group","aws_elasticache_replication_group","aws_elasticache_subnet_group","aws_elasticache_user","aws_elasticache_user_group","aws_elasticsearch_domain","aws_elasticsearch_domain_policy","aws_elasticsearch_domain_saml_options","aws_elastictranscoder_pipeline","aws_elastictranscoder_preset","aws_elb","aws_elb_attachment","aws_emr_security_configuration","aws_emrserverless_application","aws_evidently_feature","aws_evidently_project","aws_evidently_segment","aws_fis_experiment_template","aws_flow_log","aws_fsx_backup","aws_fsx_data_repository_association","aws_fsx_lustre_file_system","aws_fsx_ontap_file_system","aws_fsx_ontap_storage_virtual_machine","aws_fsx_windows_file_system","aws_gamelift_alias","aws_gamelift_build","aws_gamelift_fleet","aws_gamelift_game_session_queue","aws_gamelift_script","aws_glacier_vault","aws_glacier_vault_lock","aws_globalaccelerator_accelerator","aws_globalaccelerator_endpoint_group","aws_globalaccelerator_listener","aws_glue_catalog_database","aws_glue_catalog_table","aws_glue_classifier","aws_glue_connection","aws_glue_crawler","aws_glue_data_catalog_encryption_settings","aws_glue_job","aws_glue_registry","aws_glue_resource_policy","aws_glue_schema","aws_glue_security_configuration","aws_glue_trigger","aws_glue_user_defined_function","aws_glue_workflow","aws_grafana_license_association","aws_grafana_role_association","aws_grafana_workspace","aws_grafana_workspace_api_key","aws_grafana_workspace_saml_configuration","aws_guardduty_detector","aws_guardduty_filter","aws_guardduty_member","aws_iam_access_key","aws_iam_account_alias","aws_iam_account_password_policy","aws_iam_group","aws_iam_group_membership","aws_iam_group_policy_attachment","aws_iam_instance_profile","aws_iam_openid_connect_provider","aws_iam_policy","aws_iam_role","aws_iam_role_policy","aws_iam_role_policy_attachment","aws_iam_saml_provider","aws_iam_server_certificate","aws_iam_service_linked_role","aws_iam_service_specific_credential","aws_iam_signing_certificate","aws_iam_user","aws_iam_user_group_membership","aws_iam_user_login_profile","aws_iam_user_policy_attachment","aws_iam_user_ssh_key","aws_iam_virtual_mfa_device","aws_identitystore_group","aws_identitystore_group_membership","aws_identitystore_user","aws_imagebuilder_component","aws_imagebuilder_container_recipe","aws_imagebuilder_distribution_configuration","aws_imagebuilder_image","aws_imagebuilder_image_pipeline","aws_imagebuilder_image_recipe","aws_imagebuilder_infrastructure_configuration","aws_inspector2_enabler","aws_inspector_assessment_target","aws_inspector_assessment_template","aws_inspector_resource_group","aws_instance","aws_internet_gateway","aws_iot_certificate","aws_iot_indexing_configuration","aws_iot_logging_options","aws_iot_policy","aws_iot_policy_attachment","aws_iot_provisioning_template","aws_iot_role_alias","aws_iot_thing","aws_iot_thing_group","aws_iot_thing_group_membership","aws_iot_thing_principal_attachment","aws_iot_thing_type","aws_iot_topic_rule","aws_ivs_channel","aws_ivs_recording_configuration","aws_kendra_data_source","aws_kendra_experience","aws_kendra_index","aws_kendra_query_suggestions_block_list","aws_kendra_thesaurus","aws_key_pair","aws_keyspaces_keyspace","aws_keyspaces_table","aws_kinesis_analytics_application","aws_kinesis_firehose_delivery_stream","aws_kinesis_stream","aws_kinesis_stream_consumer","aws_kinesis_video_stream","aws_kinesisanalyticsv2_application","aws_kinesisanalyticsv2_application_snapshot","aws_kms_alias","aws_kms_ciphertext","aws_kms_external_key","aws_kms_grant","aws_kms_key","aws_kms_replica_external_key","aws_kms_replica_key","aws_lakeformation_data_lake_settings","aws_lakeformation_permissions","aws_lakeformation_resource","aws_lambda_alias","aws_lambda_code_signing_config","aws_lambda_event_source_mapping","aws_lambda_function","aws_lambda_function_event_invoke_config","aws_lambda_function_url","aws_lambda_invocation","aws_lambda_layer_version","aws_lambda_layer_version_permission","aws_lambda_permission","aws_lambda_provisioned_concurrency_config","aws_launch_configuration","aws_launch_template","aws_lb","aws_lb_cookie_stickiness_policy","aws_lb_listener","aws_lb_listener_certificate","aws_lb_listener_rule","aws_lb_ssl_negotiation_policy","aws_lb_target_group","aws_lb_target_group_attachment","aws_lex_bot","aws_lex_bot_alias","aws_lex_intent","aws_lex_slot_type","aws_licensemanager_association","aws_licensemanager_license_configuration","aws_lightsail_bucket","aws_lightsail_certificate","aws_lightsail_container_service","aws_lightsail_disk","aws_lightsail_disk_attachment","aws_lightsail_domain","aws_lightsail_domain_entry","aws_lightsail_instance","aws_lightsail_instance_public_ports","aws_lightsail_key_pair","aws_lightsail_lb","aws_lightsail_lb_attachment","aws_lightsail_lb_certificate","aws_lightsail_lb_stickiness_policy","aws_lightsail_static_ip","aws_lightsail_static_ip_attachment","aws_load_balancer_backend_server_policy","aws_load_balancer_listener_policy","aws_load_balancer_policy","aws_location_geofence_collection","aws_location_place_index","aws_location_route_calculator","aws_location_tracker","aws_location_tracker_association","aws_macie2_account","aws_macie2_classification_job","aws_macie2_custom_data_identifier","aws_macie2_findings_filter","aws_macie2_invitation_accepter","aws_macie2_member","aws_main_route_table_association","aws_media_convert_queue","aws_media_package_channel","aws_media_store_container","aws_media_store_container_policy","aws_medialive_channel","aws_medialive_input","aws_medialive_input_security_group","aws_medialive_multiplex","aws_memorydb_acl","aws_memorydb_cluster","aws_memorydb_parameter_group","aws_memorydb_snapshot","aws_memorydb_subnet_group","aws_mq_broker","aws_mq_configuration","aws_msk_cluster","aws_msk_configuration","aws_msk_scram_secret_association","aws_msk_serverless_cluster","aws_nat_gateway","aws_neptune_cluster","aws_neptune_cluster_endpoint","aws_neptune_cluster_instance","aws_neptune_cluster_parameter_group","aws_neptune_cluster_snapshot","aws_neptune_event_subscription","aws_neptune_global_cluster","aws_neptune_parameter_group","aws_neptune_subnet_group","aws_network_acl","aws_network_acl_rule","aws_network_interface","aws_network_interface_attachment","aws_network_interface_sg_attachment","aws_networkfirewall_firewall","aws_networkfirewall_firewall_policy","aws_networkfirewall_logging_configuration","aws_networkfirewall_rule_group","aws_networkmanager_attachment_accepter","aws_networkmanager_connect_attachment","aws_networkmanager_connection","aws_networkmanager_core_network","aws_networkmanager_customer_gateway_association","aws_networkmanager_device","aws_networkmanager_global_network","aws_networkmanager_link","aws_networkmanager_link_association","aws_networkmanager_site","aws_networkmanager_transit_gateway_connect_peer_association","aws_networkmanager_transit_gateway_registration","aws_networkmanager_vpc_attachment","aws_opensearch_domain","aws_opensearch_domain_policy","aws_opensearch_domain_saml_options","aws_opsworks_application","aws_opsworks_custom_layer","aws_opsworks_ecs_cluster_layer","aws_opsworks_ganglia_layer","aws_opsworks_haproxy_layer","aws_opsworks_instance","aws_opsworks_java_app_layer","aws_opsworks_memcached_layer","aws_opsworks_mysql_layer","aws_opsworks_nodejs_app_layer","aws_opsworks_permission","aws_opsworks_php_app_layer","aws_opsworks_rails_app_layer","aws_opsworks_rds_db_instance","aws_opsworks_stack","aws_opsworks_static_web_layer","aws_opsworks_user_profile","aws_organizations_account","aws_organizations_delegated_administrator","aws_organizations_organization","aws_organizations_organizational_unit","aws_organizations_policy","aws_organizations_policy_attachment","aws_pinpoint_app","aws_pinpoint_sms_channel","aws_placement_group","aws_prometheus_alert_manager_definition","aws_prometheus_rule_group_namespace","aws_prometheus_workspace","aws_proxy_protocol_policy","aws_qldb_ledger","aws_qldb_stream","aws_quicksight_group","aws_quicksight_user","aws_ram_principal_association","aws_ram_resource_association","aws_ram_resource_share","aws_ram_resource_share_accepter","aws_rds_cluster","aws_rds_cluster_activity_stream","aws_rds_cluster_endpoint","aws_rds_cluster_instance","aws_rds_cluster_parameter_group","aws_rds_cluster_role_association","aws_rds_global_cluster","aws_redshift_authentication_profile","aws_redshift_cluster","aws_redshift_event_subscription","aws_redshift_hsm_client_certificate","aws_redshift_hsm_configuration","aws_redshift_parameter_group","aws_redshift_scheduled_action","aws_redshift_snapshot_copy_grant","aws_redshift_snapshot_schedule","aws_redshift_snapshot_schedule_association","aws_redshift_subnet_group","aws_redshift_usage_limit","aws_redshiftserverless_endpoint_access","aws_redshiftserverless_namespace","aws_redshiftserverless_resource_policy","aws_redshiftserverless_snapshot","aws_redshiftserverless_usage_limit","aws_redshiftserverless_workgroup","aws_resourcegroups_group","aws_rolesanywhere_profile","aws_route","aws_route53_delegation_set","aws_route53_health_check","aws_route53_hosted_zone_dnssec","aws_route53_record","aws_route53_resolver_config","aws_route53_resolver_endpoint","aws_route53_resolver_rule","aws_route53_resolver_rule_association","aws_route53_traffic_policy","aws_route53_traffic_policy_instance","aws_route53_vpc_association_authorization","aws_route53_zone","aws_route53_zone_association","aws_route53recoverycontrolconfig_cluster","aws_route53recoverycontrolconfig_control_panel","aws_route53recoverycontrolconfig_routing_control","aws_route53recoverycontrolconfig_safety_rule","aws_route53recoveryreadiness_cell","aws_route53recoveryreadiness_readiness_check","aws_route53recoveryreadiness_recovery_group","aws_route53recoveryreadiness_resource_set","aws_route_table","aws_route_table_association","aws_rum_app_monitor","aws_rum_metrics_destination","aws_s3_access_point","aws_s3_account_public_access_block","aws_s3_bucket","aws_s3_bucket_accelerate_configuration","aws_s3_bucket_acl","aws_s3_bucket_analytics_configuration","aws_s3_bucket_cors_configuration","aws_s3_bucket_intelligent_tiering_configuration","aws_s3_bucket_inventory","aws_s3_bucket_lifecycle_configuration","aws_s3_bucket_logging","aws_s3_bucket_metric","aws_s3_bucket_notification","aws_s3_bucket_object","aws_s3_bucket_object_lock_configuration","aws_s3_bucket_ownership_controls","aws_s3_bucket_policy","aws_s3_bucket_public_access_block","aws_s3_bucket_replication_configuration","aws_s3_bucket_request_payment_configuration","aws_s3_bucket_server_side_encryption_configuration","aws_s3_bucket_versioning","aws_s3_bucket_website_configuration","aws_s3_object","aws_s3_object_copy","aws_s3control_access_point_policy","aws_s3control_multi_region_access_point","aws_s3control_multi_region_access_point_policy","aws_s3control_object_lambda_access_point","aws_s3control_object_lambda_access_point_policy","aws_s3control_storage_lens_configuration","aws_sagemaker_app","aws_sagemaker_app_image_config","aws_sagemaker_code_repository","aws_sagemaker_device","aws_sagemaker_device_fleet","aws_sagemaker_domain","aws_sagemaker_endpoint_configuration","aws_sagemaker_feature_group","aws_sagemaker_image","aws_sagemaker_image_version","aws_sagemaker_model","aws_sagemaker_model_package_group","aws_sagemaker_model_package_group_policy","aws_sagemaker_notebook_instance","aws_sagemaker_notebook_instance_lifecycle_configuration","aws_sagemaker_servicecatalog_portfolio_status","aws_sagemaker_space","aws_sagemaker_studio_lifecycle_config","aws_sagemaker_user_profile","aws_sagemaker_workforce","aws_sagemaker_workteam","aws_scheduler_schedule","aws_scheduler_schedule_group","aws_schemas_discoverer","aws_schemas_registry","aws_schemas_schema","aws_secretsmanager_secret","aws_secretsmanager_secret_policy","aws_secretsmanager_secret_rotation","aws_secretsmanager_secret_version","aws_security_group","aws_security_group_rule","aws_securityhub_account","aws_securityhub_action_target","aws_securityhub_finding_aggregator","aws_securityhub_insight","aws_securityhub_invite_accepter","aws_securityhub_member","aws_securityhub_product_subscription","aws_securityhub_standards_subscription","aws_serverlessapplicationrepository_cloudformation_stack","aws_service_discovery_http_namespace","aws_service_discovery_private_dns_namespace","aws_service_discovery_public_dns_namespace","aws_service_discovery_service","aws_servicecatalog_budget_resource_association","aws_servicecatalog_constraint","aws_servicecatalog_portfolio","aws_servicecatalog_portfolio_share","aws_servicecatalog_principal_portfolio_association","aws_servicecatalog_product","aws_servicecatalog_product_portfolio_association","aws_servicecatalog_provisioning_artifact","aws_servicecatalog_service_action","aws_servicecatalog_tag_option","aws_servicecatalog_tag_option_resource_association","aws_servicequotas_service_quota","aws_ses_active_receipt_rule_set","aws_ses_configuration_set","aws_ses_domain_dkim","aws_ses_domain_identity","aws_ses_domain_mail_from","aws_ses_email_identity","aws_ses_event_destination","aws_ses_identity_notification_topic","aws_ses_identity_policy","aws_ses_receipt_filter","aws_ses_receipt_rule","aws_ses_receipt_rule_set","aws_ses_template","aws_sesv2_configuration_set","aws_sesv2_configuration_set_event_destination","aws_sesv2_dedicated_ip_pool","aws_sesv2_email_identity","aws_sesv2_email_identity_feedback_attributes","aws_sesv2_email_identity_mail_from_attributes","aws_sfn_activity","aws_sfn_state_machine","aws_signer_signing_job","aws_signer_signing_profile","aws_signer_signing_profile_permission","aws_simpledb_domain","aws_snapshot_create_volume_permission","aws_sns_platform_application","aws_sns_sms_preferences","aws_sns_topic","aws_sns_topic_policy","aws_sns_topic_subscription","aws_spot_datafeed_subscription","aws_spot_fleet_request","aws_spot_instance_request","aws_sqs_queue","aws_sqs_queue_policy","aws_sqs_queue_redrive_allow_policy","aws_sqs_queue_redrive_policy","aws_ssm_activation","aws_ssm_association","aws_ssm_default_patch_baseline","aws_ssm_document","aws_ssm_maintenance_window","aws_ssm_maintenance_window_target","aws_ssm_maintenance_window_task","aws_ssm_parameter","aws_ssm_patch_baseline","aws_ssm_patch_group","aws_ssm_resource_data_sync","aws_ssm_service_setting","aws_ssoadmin_account_assignment","aws_ssoadmin_customer_managed_policy_attachment","aws_ssoadmin_instance_access_control_attributes","aws_ssoadmin_managed_policy_attachment","aws_ssoadmin_permission_set","aws_ssoadmin_permission_set_inline_policy","aws_ssoadmin_permissions_boundary_attachment","aws_subnet","aws_swf_domain","aws_timestreamwrite_database","aws_timestreamwrite_table","aws_transcribe_language_model","aws_transcribe_vocabulary","aws_transcribe_vocabulary_filter","aws_transfer_server","aws_transfer_ssh_key","aws_transfer_tag","aws_transfer_user","aws_transfer_workflow","aws_volume_attachment","aws_vpc","aws_vpc_dhcp_options","aws_vpc_dhcp_options_association","aws_vpc_endpoint","aws_vpc_endpoint_connection_notification","aws_vpc_endpoint_route_table_association","aws_vpc_endpoint_security_group_association","aws_vpc_endpoint_service","aws_vpc_endpoint_service_allowed_principal","aws_vpc_endpoint_subnet_association","aws_vpc_ipam","aws_vpc_ipam_pool","aws_vpc_ipam_pool_cidr","aws_vpc_ipam_pool_cidr_allocation","aws_vpc_ipam_scope","aws_vpc_ipv4_cidr_block_association","aws_vpc_network_performance_metric_subscription","aws_vpc_peering_connection","aws_vpc_peering_connection_accepter","aws_vpc_peering_connection_options","aws_vpc_security_group_egress_rule","aws_vpc_security_group_ingress_rule","aws_vpn_connection","aws_vpn_connection_route","aws_vpn_gateway","aws_vpn_gateway_attachment","aws_vpn_gateway_route_propagation","aws_waf_byte_match_set","aws_waf_geo_match_set","aws_waf_ipset","aws_waf_rate_based_rule","aws_waf_regex_match_set","aws_waf_regex_pattern_set","aws_waf_rule","aws_waf_size_constraint_set","aws_waf_sql_injection_match_set","aws_waf_web_acl","aws_waf_xss_match_set","aws_wafregional_byte_match_set","aws_wafregional_geo_match_set","aws_wafregional_ipset","aws_wafregional_rate_based_rule","aws_wafregional_regex_match_set","aws_wafregional_regex_pattern_set","aws_wafregional_rule","aws_wafregional_size_constraint_set","aws_wafregional_sql_injection_match_set","aws_wafregional_web_acl","aws_wafregional_xss_match_set","aws_wafv2_ip_set","aws_wafv2_regex_pattern_set","aws_workspaces_directory","aws_workspaces_ip_group","aws_xray_encryption_config","aws_xray_group","aws_xray_sampling_rule"] \ No newline at end of file diff --git a/examples-generated/identitystore/group.yaml b/examples-generated/identitystore/group.yaml new file mode 100644 index 0000000000..49b1dfe760 --- /dev/null +++ b/examples-generated/identitystore/group.yaml @@ -0,0 +1,14 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/group + labels: + testing.upbound.io/example-name: this + name: this +spec: + forProvider: + description: Example description + displayName: Example group + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + region: us-west-1 diff --git a/examples-generated/identitystore/groupmembership.yaml b/examples-generated/identitystore/groupmembership.yaml new file mode 100644 index 0000000000..18779aaf48 --- /dev/null +++ b/examples-generated/identitystore/groupmembership.yaml @@ -0,0 +1,55 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: GroupMembership +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + groupIdSelector: + matchLabels: + testing.upbound.io/example-name: example + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + memberIdSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-west-1 + +--- + +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: Group +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: Some group name + displayName: MyGroup + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + region: us-west-1 + +--- + +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/groupmembership + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: John Doe + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + name: + - familyName: Doe + givenName: John + region: us-west-1 + userName: john.doe@example.com diff --git a/examples-generated/identitystore/user.yaml b/examples-generated/identitystore/user.yaml new file mode 100644 index 0000000000..62c268690f --- /dev/null +++ b/examples-generated/identitystore/user.yaml @@ -0,0 +1,19 @@ +apiVersion: identitystore.aws.upbound.io/v1beta1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: identitystore/v1beta1/user + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + displayName: John Doe + emails: + - value: john@example.com + identityStoreId: ${tolist(data.aws_ssoadmin_instances.example.identity_store_ids)[0]} + name: + - familyName: Doe + givenName: John + region: us-west-1 + userName: johndoe diff --git a/examples-generated/ssoadmin/accountassignment.yaml b/examples-generated/ssoadmin/accountassignment.yaml index 7b9d3e0bb3..3136eb7343 100644 --- a/examples-generated/ssoadmin/accountassignment.yaml +++ b/examples-generated/ssoadmin/accountassignment.yaml @@ -9,8 +9,12 @@ metadata: spec: forProvider: instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} - permissionSetArn: ${data.aws_ssoadmin_permission_set.example.arn} - principalId: ${data.aws_identitystore_group.example.group_id} + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: aws_ssoadmin_permission_set + principalIdFromGroupSelector: + matchLabels: + testing.upbound.io/example-name: aws_identitystore_group principalType: GROUP region: us-west-1 targetId: "012347678910" diff --git a/examples-generated/ssoadmin/customermanagedpolicyattachment.yaml b/examples-generated/ssoadmin/customermanagedpolicyattachment.yaml new file mode 100644 index 0000000000..c1f0fca673 --- /dev/null +++ b/examples-generated/ssoadmin/customermanagedpolicyattachment.yaml @@ -0,0 +1,63 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: CustomerManagedPolicyAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + customerManagedPolicyReference: + - path: / + policyNameSelector: + matchLabels: + testing.upbound.io/example-name: example + instanceArn: ${aws_ssoadmin_permission_set.example.instance_arn} + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: example + region: us-west-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: My test policy + policy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "ec2:Describe*", + ] + Effect = "Allow" + Resource = "*" + }, + ] + })} + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/customermanagedpolicyattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + name: Example + region: us-west-1 diff --git a/examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml b/examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml new file mode 100644 index 0000000000..688ffaa066 --- /dev/null +++ b/examples-generated/ssoadmin/instanceaccesscontrolattributes.yaml @@ -0,0 +1,21 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: InstanceAccessControlAttributes +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/instanceaccesscontrolattributes + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + attribute: + - key: name + value: + - source: + - ${path:name.givenName} + - key: last + value: + - source: + - ${path:name.familyName} + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + region: us-west-1 diff --git a/examples-generated/ssoadmin/permissionsboundaryattachment.yaml b/examples-generated/ssoadmin/permissionsboundaryattachment.yaml new file mode 100644 index 0000000000..dd93ab34d1 --- /dev/null +++ b/examples-generated/ssoadmin/permissionsboundaryattachment.yaml @@ -0,0 +1,64 @@ +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionsBoundaryAttachment +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${aws_ssoadmin_permission_set.example.instance_arn} + permissionSetArnSelector: + matchLabels: + testing.upbound.io/example-name: example + permissionsBoundary: + - customerManagedPolicyReference: + - nameSelector: + matchLabels: + testing.upbound.io/example-name: example + path: / + region: us-west-1 + +--- + +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + description: My test policy + policy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "ec2:Describe*", + ] + Effect = "Allow" + Resource = "*" + }, + ] + })} + +--- + +apiVersion: ssoadmin.aws.upbound.io/v1beta1 +kind: PermissionSet +metadata: + annotations: + meta.upbound.io/example-id: ssoadmin/v1beta1/permissionsboundaryattachment + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + instanceArn: ${tolist(data.aws_ssoadmin_instances.example.arns)[0]} + name: Example + region: us-west-1 diff --git a/internal/controller/identitystore/group/zz_controller.go b/internal/controller/identitystore/group/zz_controller.go new file mode 100755 index 0000000000..35c06502fc --- /dev/null +++ b/internal/controller/identitystore/group/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package group + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles Group managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.Group_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Group_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_identitystore_group"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Group_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Group_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.Group{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/identitystore/groupmembership/zz_controller.go b/internal/controller/identitystore/groupmembership/zz_controller.go new file mode 100755 index 0000000000..51e1fb839a --- /dev/null +++ b/internal/controller/identitystore/groupmembership/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package groupmembership + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles GroupMembership managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.GroupMembership_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.GroupMembership_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.GroupMembership_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_identitystore_group_membership"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.GroupMembership_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.GroupMembership_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.GroupMembership{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/identitystore/user/zz_controller.go b/internal/controller/identitystore/user/zz_controller.go new file mode 100755 index 0000000000..5369de0c06 --- /dev/null +++ b/internal/controller/identitystore/user/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package user + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/identitystore/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles User managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.User_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.User_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.User_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_identitystore_user"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.User_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.User_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.User{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go b/internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go new file mode 100755 index 0000000000..f3ed31a01a --- /dev/null +++ b/internal/controller/ssoadmin/customermanagedpolicyattachment/zz_controller.go @@ -0,0 +1,71 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package customermanagedpolicyattachment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles CustomerManagedPolicyAttachment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_customer_managed_policy_attachment"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.CustomerManagedPolicyAttachment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.CustomerManagedPolicyAttachment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go b/internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go new file mode 100755 index 0000000000..adbdc3f699 --- /dev/null +++ b/internal/controller/ssoadmin/instanceaccesscontrolattributes/zz_controller.go @@ -0,0 +1,71 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package instanceaccesscontrolattributes + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles InstanceAccessControlAttributes managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.InstanceAccessControlAttributes_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.InstanceAccessControlAttributes_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.InstanceAccessControlAttributes_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_instance_access_control_attributes"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.InstanceAccessControlAttributes_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.InstanceAccessControlAttributes_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.InstanceAccessControlAttributes{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go b/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go new file mode 100755 index 0000000000..e5cd2bcf2f --- /dev/null +++ b/internal/controller/ssoadmin/permissionsboundaryattachment/zz_controller.go @@ -0,0 +1,70 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package permissionsboundaryattachment + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-aws/apis/ssoadmin/v1beta1" + features "github.com/upbound/provider-aws/internal/features" +) + +// Setup adds a controller that reconciles PermissionsBoundaryAttachment managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.PermissionsBoundaryAttachment_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewNoForkAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["aws_ssoadmin_permissions_boundary_attachment"], + tjcontroller.WithNoForkAsyncLogger(o.Logger), + tjcontroller.WithNoForkAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithNoForkAsyncCallbackProvider(ac), + tjcontroller.WithNoForkAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithNoForkAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewNoForkFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.PermissionsBoundaryAttachment_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.PermissionsBoundaryAttachment{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go b/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go index 141a5a9c28..f678397959 100755 --- a/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go +++ b/internal/controller/ssoadmin/permissionsetinlinepolicy/zz_controller.go @@ -31,7 +31,6 @@ import ( func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { name := managed.ControllerName(v1beta1.PermissionSetInlinePolicy_GroupVersionKind.String()) var initializers managed.InitializerChain - initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) diff --git a/internal/controller/zz_identitystore_setup.go b/internal/controller/zz_identitystore_setup.go new file mode 100755 index 0000000000..2521372801 --- /dev/null +++ b/internal/controller/zz_identitystore_setup.go @@ -0,0 +1,30 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +package controller + +import ( + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/crossplane/upjet/pkg/controller" + + group "github.com/upbound/provider-aws/internal/controller/identitystore/group" + groupmembership "github.com/upbound/provider-aws/internal/controller/identitystore/groupmembership" + user "github.com/upbound/provider-aws/internal/controller/identitystore/user" +) + +// Setup_identitystore creates all controllers with the supplied logger and adds them to +// the supplied manager. +func Setup_identitystore(mgr ctrl.Manager, o controller.Options) error { + for _, setup := range []func(ctrl.Manager, controller.Options) error{ + group.Setup, + groupmembership.Setup, + user.Setup, + } { + if err := setup(mgr, o); err != nil { + return err + } + } + return nil +} diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index b17fc40859..6f879fb910 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -509,6 +509,9 @@ import ( userpolicyattachment "github.com/upbound/provider-aws/internal/controller/iam/userpolicyattachment" usersshkey "github.com/upbound/provider-aws/internal/controller/iam/usersshkey" virtualmfadevice "github.com/upbound/provider-aws/internal/controller/iam/virtualmfadevice" + groupidentitystore "github.com/upbound/provider-aws/internal/controller/identitystore/group" + groupmembershipidentitystore "github.com/upbound/provider-aws/internal/controller/identitystore/groupmembership" + useridentitystore "github.com/upbound/provider-aws/internal/controller/identitystore/user" component "github.com/upbound/provider-aws/internal/controller/imagebuilder/component" containerrecipe "github.com/upbound/provider-aws/internal/controller/imagebuilder/containerrecipe" distributionconfiguration "github.com/upbound/provider-aws/internal/controller/imagebuilder/distributionconfiguration" @@ -881,7 +884,10 @@ import ( resourcedatasync "github.com/upbound/provider-aws/internal/controller/ssm/resourcedatasync" servicesetting "github.com/upbound/provider-aws/internal/controller/ssm/servicesetting" accountassignment "github.com/upbound/provider-aws/internal/controller/ssoadmin/accountassignment" + customermanagedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/customermanagedpolicyattachment" + instanceaccesscontrolattributes "github.com/upbound/provider-aws/internal/controller/ssoadmin/instanceaccesscontrolattributes" managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionsboundaryattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsboundaryattachment" permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" domainswf "github.com/upbound/provider-aws/internal/controller/swf/domain" @@ -1431,6 +1437,9 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { userpolicyattachment.Setup, usersshkey.Setup, virtualmfadevice.Setup, + groupidentitystore.Setup, + groupmembershipidentitystore.Setup, + useridentitystore.Setup, component.Setup, containerrecipe.Setup, distributionconfiguration.Setup, @@ -1803,7 +1812,10 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { resourcedatasync.Setup, servicesetting.Setup, accountassignment.Setup, + customermanagedpolicyattachment.Setup, + instanceaccesscontrolattributes.Setup, managedpolicyattachment.Setup, + permissionsboundaryattachment.Setup, permissionset.Setup, permissionsetinlinepolicy.Setup, domainswf.Setup, diff --git a/internal/controller/zz_ssoadmin_setup.go b/internal/controller/zz_ssoadmin_setup.go index 508d582359..b5876d4c22 100755 --- a/internal/controller/zz_ssoadmin_setup.go +++ b/internal/controller/zz_ssoadmin_setup.go @@ -10,7 +10,10 @@ import ( "github.com/crossplane/upjet/pkg/controller" accountassignment "github.com/upbound/provider-aws/internal/controller/ssoadmin/accountassignment" + customermanagedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/customermanagedpolicyattachment" + instanceaccesscontrolattributes "github.com/upbound/provider-aws/internal/controller/ssoadmin/instanceaccesscontrolattributes" managedpolicyattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/managedpolicyattachment" + permissionsboundaryattachment "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsboundaryattachment" permissionset "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionset" permissionsetinlinepolicy "github.com/upbound/provider-aws/internal/controller/ssoadmin/permissionsetinlinepolicy" ) @@ -20,7 +23,10 @@ import ( func Setup_ssoadmin(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ accountassignment.Setup, + customermanagedpolicyattachment.Setup, + instanceaccesscontrolattributes.Setup, managedpolicyattachment.Setup, + permissionsboundaryattachment.Setup, permissionset.Setup, permissionsetinlinepolicy.Setup, } { diff --git a/package/crds/identitystore.aws.upbound.io_groupmemberships.yaml b/package/crds/identitystore.aws.upbound.io_groupmemberships.yaml new file mode 100644 index 0000000000..657a03591a --- /dev/null +++ b/package/crds/identitystore.aws.upbound.io_groupmemberships.yaml @@ -0,0 +1,474 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: groupmemberships.identitystore.aws.upbound.io +spec: + group: identitystore.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: GroupMembership + listKind: GroupMembershipList + plural: groupmemberships + singular: groupmembership + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GroupMembership is the Schema for the GroupMemberships API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GroupMembershipSpec defines the desired state of GroupMembership + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + groupId: + description: The identifier for a group in the Identity Store. + type: string + groupIdRef: + description: Reference to a Group in identitystore to populate + groupId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + groupIdSelector: + description: Selector for a Group in identitystore to populate + groupId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + identityStoreId: + description: Identity Store ID associated with the Single Sign-On + Instance. + type: string + memberId: + description: The identifier for a user in the Identity Store. + type: string + memberIdRef: + description: Reference to a User in identitystore to populate + memberId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + memberIdSelector: + description: Selector for a User in identitystore to populate + memberId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - identityStoreId + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: GroupMembershipStatus defines the observed state of GroupMembership. + properties: + atProvider: + properties: + groupId: + description: The identifier for a group in the Identity Store. + type: string + id: + type: string + identityStoreId: + description: Identity Store ID associated with the Single Sign-On + Instance. + type: string + memberId: + description: The identifier for a user in the Identity Store. + type: string + membershipId: + description: The identifier of the newly created group membership + in the Identity Store. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/identitystore.aws.upbound.io_groups.yaml b/package/crds/identitystore.aws.upbound.io_groups.yaml new file mode 100644 index 0000000000..f9095161ea --- /dev/null +++ b/package/crds/identitystore.aws.upbound.io_groups.yaml @@ -0,0 +1,346 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: groups.identitystore.aws.upbound.io +spec: + group: identitystore.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: Group + listKind: GroupList + plural: groups + singular: group + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Group is the Schema for the Groups API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GroupSpec defines the desired state of Group + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + description: + description: A string containing the description of the group. + type: string + displayName: + description: A string containing the name of the group. This value + is commonly displayed when the group is referenced. + type: string + identityStoreId: + description: The globally unique identifier for the identity store. + type: string + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - displayName + - identityStoreId + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + description: + description: A string containing the description of the group. + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: GroupStatus defines the observed state of Group. + properties: + atProvider: + properties: + description: + description: A string containing the description of the group. + type: string + displayName: + description: A string containing the name of the group. This value + is commonly displayed when the group is referenced. + type: string + externalIds: + description: A list of external IDs that contains the identifiers + issued to this resource by an external identity provider. See + External IDs below. + items: + properties: + id: + description: The identifier issued to this resource by an + external identity provider. + type: string + issuer: + description: The issuer for an external identifier. + type: string + type: object + type: array + groupId: + description: The identifier of the newly created group in the + identity store. + type: string + id: + description: The identifier issued to this resource by an external + identity provider. + type: string + identityStoreId: + description: The globally unique identifier for the identity store. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/identitystore.aws.upbound.io_users.yaml b/package/crds/identitystore.aws.upbound.io_users.yaml new file mode 100644 index 0000000000..64bd48f25b --- /dev/null +++ b/package/crds/identitystore.aws.upbound.io_users.yaml @@ -0,0 +1,713 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: users.identitystore.aws.upbound.io +spec: + group: identitystore.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: User + listKind: UserList + plural: users + singular: user + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: User is the Schema for the Users API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: UserSpec defines the desired state of User + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + addresses: + description: Details about the user's address. At most 1 address + is allowed. Detailed below. + items: + properties: + country: + description: The country that this address is in. + type: string + formatted: + description: The name that is typically displayed when the + address is shown for display. + type: string + locality: + description: The address locality. + type: string + postalCode: + description: The postal code of the address. + type: string + primary: + description: When true, this is the primary address associated + with the user. + type: boolean + region: + description: The region of the address. + type: string + streetAddress: + description: The street of the address. + type: string + type: + description: The type of address. + type: string + type: object + type: array + displayName: + description: The name that is typically displayed when the user + is referenced. + type: string + emails: + description: Details about the user's email. At most 1 email is + allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary email associated + with the user. + type: boolean + type: + description: The type of email. + type: string + value: + description: The email address. This value must be unique + across the identity store. + type: string + type: object + type: array + identityStoreId: + description: The globally unique identifier for the identity store + that this user is in. + type: string + locale: + description: The user's geographical region or location. + type: string + name: + description: Details about the user's full name. Detailed below. + items: + properties: + familyName: + description: The family name of the user. + type: string + formatted: + description: The name that is typically displayed when the + name is shown for display. + type: string + givenName: + description: The given name of the user. + type: string + honorificPrefix: + description: The honorific prefix of the user. + type: string + honorificSuffix: + description: The honorific suffix of the user. + type: string + middleName: + description: The middle name of the user. + type: string + type: object + type: array + nickname: + description: An alternate name for the user. + type: string + phoneNumbers: + description: Details about the user's phone number. At most 1 + phone number is allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary phone number + associated with the user. + type: boolean + type: + description: The type of phone number. + type: string + value: + description: The user's phone number. + type: string + type: object + type: array + preferredLanguage: + description: The preferred language of the user. + type: string + profileUrl: + description: An URL that may be associated with the user. + type: string + region: + description: The region of the address. Region is the region you'd + like your resource to be created in. + type: string + timezone: + description: The user's time zone. + type: string + title: + description: The user's title. + type: string + userName: + description: A unique string used to identify the user. This value + can consist of letters, accented characters, symbols, numbers, + and punctuation. This value is specified at the time the user + is created and stored as an attribute of the user object in + the identity store. The limit is 128 characters. + type: string + userType: + description: The user type. + type: string + required: + - identityStoreId + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + addresses: + description: Details about the user's address. At most 1 address + is allowed. Detailed below. + items: + properties: + country: + description: The country that this address is in. + type: string + formatted: + description: The name that is typically displayed when the + address is shown for display. + type: string + locality: + description: The address locality. + type: string + postalCode: + description: The postal code of the address. + type: string + primary: + description: When true, this is the primary address associated + with the user. + type: boolean + streetAddress: + description: The street of the address. + type: string + type: + description: The type of address. + type: string + type: object + type: array + displayName: + description: The name that is typically displayed when the user + is referenced. + type: string + emails: + description: Details about the user's email. At most 1 email is + allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary email associated + with the user. + type: boolean + type: + description: The type of email. + type: string + value: + description: The email address. This value must be unique + across the identity store. + type: string + type: object + type: array + locale: + description: The user's geographical region or location. + type: string + name: + description: Details about the user's full name. Detailed below. + items: + properties: + familyName: + description: The family name of the user. + type: string + formatted: + description: The name that is typically displayed when the + name is shown for display. + type: string + givenName: + description: The given name of the user. + type: string + honorificPrefix: + description: The honorific prefix of the user. + type: string + honorificSuffix: + description: The honorific suffix of the user. + type: string + middleName: + description: The middle name of the user. + type: string + type: object + type: array + nickname: + description: An alternate name for the user. + type: string + phoneNumbers: + description: Details about the user's phone number. At most 1 + phone number is allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary phone number + associated with the user. + type: boolean + type: + description: The type of phone number. + type: string + value: + description: The user's phone number. + type: string + type: object + type: array + preferredLanguage: + description: The preferred language of the user. + type: string + profileUrl: + description: An URL that may be associated with the user. + type: string + timezone: + description: The user's time zone. + type: string + title: + description: The user's title. + type: string + userName: + description: A unique string used to identify the user. This value + can consist of letters, accented characters, symbols, numbers, + and punctuation. This value is specified at the time the user + is created and stored as an attribute of the user object in + the identity store. The limit is 128 characters. + type: string + userType: + description: The user type. + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.displayName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.displayName) + || (has(self.initProvider) && has(self.initProvider.displayName))' + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' + - message: spec.forProvider.userName is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.userName) + || (has(self.initProvider) && has(self.initProvider.userName))' + status: + description: UserStatus defines the observed state of User. + properties: + atProvider: + properties: + addresses: + description: Details about the user's address. At most 1 address + is allowed. Detailed below. + items: + properties: + country: + description: The country that this address is in. + type: string + formatted: + description: The name that is typically displayed when the + address is shown for display. + type: string + locality: + description: The address locality. + type: string + postalCode: + description: The postal code of the address. + type: string + primary: + description: When true, this is the primary address associated + with the user. + type: boolean + region: + description: The region of the address. + type: string + streetAddress: + description: The street of the address. + type: string + type: + description: The type of address. + type: string + type: object + type: array + displayName: + description: The name that is typically displayed when the user + is referenced. + type: string + emails: + description: Details about the user's email. At most 1 email is + allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary email associated + with the user. + type: boolean + type: + description: The type of email. + type: string + value: + description: The email address. This value must be unique + across the identity store. + type: string + type: object + type: array + externalIds: + description: A list of identifiers issued to this resource by + an external identity provider. + items: + properties: + id: + description: The identifier issued to this resource by an + external identity provider. + type: string + issuer: + description: The issuer for an external identifier. + type: string + type: object + type: array + id: + description: The identifier issued to this resource by an external + identity provider. + type: string + identityStoreId: + description: The globally unique identifier for the identity store + that this user is in. + type: string + locale: + description: The user's geographical region or location. + type: string + name: + description: Details about the user's full name. Detailed below. + items: + properties: + familyName: + description: The family name of the user. + type: string + formatted: + description: The name that is typically displayed when the + name is shown for display. + type: string + givenName: + description: The given name of the user. + type: string + honorificPrefix: + description: The honorific prefix of the user. + type: string + honorificSuffix: + description: The honorific suffix of the user. + type: string + middleName: + description: The middle name of the user. + type: string + type: object + type: array + nickname: + description: An alternate name for the user. + type: string + phoneNumbers: + description: Details about the user's phone number. At most 1 + phone number is allowed. Detailed below. + items: + properties: + primary: + description: When true, this is the primary phone number + associated with the user. + type: boolean + type: + description: The type of phone number. + type: string + value: + description: The user's phone number. + type: string + type: object + type: array + preferredLanguage: + description: The preferred language of the user. + type: string + profileUrl: + description: An URL that may be associated with the user. + type: string + timezone: + description: The user's time zone. + type: string + title: + description: The user's title. + type: string + userId: + description: The identifier for this user in the identity store. + type: string + userName: + description: A unique string used to identify the user. This value + can consist of letters, accented characters, symbols, numbers, + and punctuation. This value is specified at the time the user + is created and stored as an attribute of the user object in + the identity store. The limit is 128 characters. + type: string + userType: + description: The user type. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml b/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml index 83fae35230..7e97f4ae1d 100644 --- a/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml +++ b/package/crds/ssoadmin.aws.upbound.io_accountassignments.yaml @@ -74,10 +74,163 @@ spec: description: The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to. type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object principalId: description: An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). + This can be set to the crossplane external-name of either a + Group or User in the identitystore api group, but the Ref and + Selector fields will only work with a Group. type: string + principalIdFromGroupRef: + description: Reference to a Group in identitystore to populate + principalId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + principalIdFromGroupSelector: + description: Selector for a Group in identitystore to populate + principalId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object principalType: description: 'The entity type for which the assignment will be created. Valid values: USER, GROUP.' @@ -96,8 +249,6 @@ spec: type: string required: - instanceArn - - permissionSetArn - - principalId - principalType - region - targetId @@ -294,6 +445,9 @@ spec: principalId: description: An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). + This can be set to the crossplane external-name of either a + Group or User in the identitystore api group, but the Ref and + Selector fields will only work with a Group. type: string principalType: description: 'The entity type for which the assignment will be diff --git a/package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml b/package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml new file mode 100644 index 0000000000..b388ef2660 --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_customermanagedpolicyattachments.yaml @@ -0,0 +1,522 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: customermanagedpolicyattachments.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: CustomerManagedPolicyAttachment + listKind: CustomerManagedPolicyAttachmentList + plural: customermanagedpolicyattachments + singular: customermanagedpolicyattachment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: CustomerManagedPolicyAttachment is the Schema for the CustomerManagedPolicyAttachments + API. Manages a customer managed policy for a Single Sign-On (SSO) Permission + Set + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CustomerManagedPolicyAttachmentSpec defines the desired state + of CustomerManagedPolicyAttachment + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy to + be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + policyNameRef: + description: Reference to a Policy in iam to populate name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is + 'Required', which means the reconcile will fail + if the reference cannot be resolved. 'Optional' + means this reference will be a no-op if it cannot + be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference only + when the corresponding field is not present. Use + 'Always' to resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + policyNameSelector: + description: Selector for a Policy in iam to populate name. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with + the same controller reference as the selecting object + is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is + 'Required', which means the reconcile will fail + if the reference cannot be resolved. 'Optional' + means this reference will be a no-op if it cannot + be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference only + when the corresponding field is not present. Use + 'Always' to resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - instanceArn + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.customerManagedPolicyReference is a required + parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.customerManagedPolicyReference) + || (has(self.initProvider) && has(self.initProvider.customerManagedPolicyReference))' + status: + description: CustomerManagedPolicyAttachmentStatus defines the observed + state of CustomerManagedPolicyAttachment. + properties: + atProvider: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy to + be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + id: + description: Policy Name, Policy Path, Permission Set Amazon Resource + Name (ARN), and SSO Instance ARN, each separated by a comma + (,). + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml b/package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml new file mode 100644 index 0000000000..5a2ec79c08 --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_instanceaccesscontrolattributes.yaml @@ -0,0 +1,396 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: instanceaccesscontrolattributes.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: InstanceAccessControlAttributes + listKind: InstanceAccessControlAttributesList + plural: instanceaccesscontrolattributes + singular: instanceaccesscontrolattributes + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: 'InstanceAccessControlAttributes is the Schema for the InstanceAccessControlAttributess + API. Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InstanceAccessControlAttributesSpec defines the desired state + of InstanceAccessControlAttributes + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + attribute: + description: See AccessControlAttribute for more details. + items: + properties: + key: + description: The name of the attribute associated with your + identities in your identity source. This is used to map + a specified attribute in your identity source with an + attribute in AWS SSO. + type: string + value: + description: The value used for mapping a specified attribute + to an identity source. See AccessControlAttributeValue + items: + properties: + source: + description: The identity source to use when mapping + a specified attribute to AWS SSO. + items: + type: string + type: array + type: object + type: array + type: object + type: array + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance. + type: string + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - instanceArn + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + attribute: + description: See AccessControlAttribute for more details. + items: + properties: + key: + description: The name of the attribute associated with your + identities in your identity source. This is used to map + a specified attribute in your identity source with an + attribute in AWS SSO. + type: string + value: + description: The value used for mapping a specified attribute + to an identity source. See AccessControlAttributeValue + items: + properties: + source: + description: The identity source to use when mapping + a specified attribute to AWS SSO. + items: + type: string + type: array + type: object + type: array + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.attribute is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.attribute) + || (has(self.initProvider) && has(self.initProvider.attribute))' + status: + description: InstanceAccessControlAttributesStatus defines the observed + state of InstanceAccessControlAttributes. + properties: + atProvider: + properties: + attribute: + description: See AccessControlAttribute for more details. + items: + properties: + key: + description: The name of the attribute associated with your + identities in your identity source. This is used to map + a specified attribute in your identity source with an + attribute in AWS SSO. + type: string + value: + description: The value used for mapping a specified attribute + to an identity source. See AccessControlAttributeValue + items: + properties: + source: + description: The identity source to use when mapping + a specified attribute to AWS SSO. + items: + type: string + type: array + type: object + type: array + type: object + type: array + id: + description: The identifier of the Instance Access Control Attribute + instance_arn. + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance. + type: string + status: + type: string + statusReason: + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml b/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml new file mode 100644 index 0000000000..2f5889d2bc --- /dev/null +++ b/package/crds/ssoadmin.aws.upbound.io_permissionsboundaryattachments.yaml @@ -0,0 +1,554 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: permissionsboundaryattachments.ssoadmin.aws.upbound.io +spec: + group: ssoadmin.aws.upbound.io + names: + categories: + - crossplane + - managed + - aws + kind: PermissionsBoundaryAttachment + listKind: PermissionsBoundaryAttachmentList + plural: permissionsboundaryattachments + singular: permissionsboundaryattachment + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PermissionsBoundaryAttachment is the Schema for the PermissionsBoundaryAttachments + API. Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission + Set resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PermissionsBoundaryAttachmentSpec defines the desired state + of PermissionsBoundaryAttachment + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionSetArnRef: + description: Reference to a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + permissionSetArnSelector: + description: Selector for a PermissionSet in ssoadmin to populate + permissionSetArn. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy + to be attached. + type: string + nameRef: + description: Reference to a Policy in iam to populate + name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether + resolution of this reference is required. + The default is 'Required', which means the + reconcile will fail if the reference cannot + be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference + only when the corresponding field is not + present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + nameSelector: + description: Selector for a Policy in iam to populate + name. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object + with the same controller reference as the selecting + object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether + resolution of this reference is required. + The default is 'Required', which means the + reconcile will fail if the reference cannot + be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference + should be resolved. The default is 'IfNotPresent', + which will attempt to resolve the reference + only when the corresponding field is not + present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + region: + description: Region is the region you'd like your resource to + be created in. + type: string + required: + - instanceArn + - region + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.permissionsBoundary is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.permissionsBoundary) + || (has(self.initProvider) && has(self.initProvider.permissionsBoundary))' + status: + description: PermissionsBoundaryAttachmentStatus defines the observed + state of PermissionsBoundaryAttachment. + properties: + atProvider: + properties: + id: + description: Permission Set Amazon Resource Name (ARN) and SSO + Instance ARN, separated by a comma (,). + type: string + instanceArn: + description: The Amazon Resource Name (ARN) of the SSO Instance + under which the operation will be executed. + type: string + permissionSetArn: + description: The Amazon Resource Name (ARN) of the Permission + Set. + type: string + permissionsBoundary: + description: The permissions boundary policy. See below. + items: + properties: + customerManagedPolicyReference: + description: Specifies the name and path of a customer managed + policy. See below. + items: + properties: + name: + description: Name of the customer managed IAM Policy + to be attached. + type: string + path: + description: The path to the IAM policy to be attached. + The default is /. See IAM Identifiers for more information. + type: string + type: object + type: array + managedPolicyArn: + description: AWS-managed IAM policy ARN to use as the permissions + boundary. + type: string + type: object + type: array + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}