From caf7743f42354d7ddd8375ca92167a5ba740c97c Mon Sep 17 00:00:00 2001 From: AWS Controllers for Kubernetes Bot <82905295+ack-bot@users.noreply.github.com> Date: Tue, 16 Jul 2024 12:54:56 -0700 Subject: [PATCH] operator ack-cloudfront-controller (0.0.12) --- .../0.0.12/bundle.Dockerfile | 21 + ...ront-controller.clusterserviceversion.yaml | 444 +++++++ ...cloudfront-metrics-service_v1_service.yaml | 16 + ...der_rbac.authorization.k8s.io_v1_role.yaml | 19 + ...ter_rbac.authorization.k8s.io_v1_role.yaml | 36 + ...dfront.services.k8s.aws_cachepolicies.yaml | 245 ++++ ...dfront.services.k8s.aws_distributions.yaml | 1121 +++++++++++++++++ ...cloudfront.services.k8s.aws_functions.yaml | 187 +++ ...services.k8s.aws_originaccesscontrols.yaml | 150 +++ ...ervices.k8s.aws_originrequestpolicies.yaml | 223 ++++ ...vices.k8s.aws_responseheaderspolicies.yaml | 411 ++++++ .../0.0.12/metadata/annotations.yaml | 15 + .../0.0.12/tests/scorecard/config.yaml | 50 + 13 files changed, 2938 insertions(+) create mode 100644 operators/ack-cloudfront-controller/0.0.12/bundle.Dockerfile create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-controller.clusterserviceversion.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-metrics-service_v1_service.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-reader_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-writer_rbac.authorization.k8s.io_v1_role.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_cachepolicies.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_distributions.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_functions.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originaccesscontrols.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originrequestpolicies.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_responseheaderspolicies.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/metadata/annotations.yaml create mode 100644 operators/ack-cloudfront-controller/0.0.12/tests/scorecard/config.yaml diff --git a/operators/ack-cloudfront-controller/0.0.12/bundle.Dockerfile b/operators/ack-cloudfront-controller/0.0.12/bundle.Dockerfile new file mode 100644 index 00000000000..50838e1d86f --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-cloudfront-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-controller.clusterserviceversion.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..3d29c342984 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-controller.clusterserviceversion.yaml @@ -0,0 +1,444 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "cloudfront.services.k8s.aws/v1alpha1", + "kind": "CachePolicy", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "cloudfront.services.k8s.aws/v1alpha1", + "kind": "Distribution", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "cloudfront.services.k8s.aws/v1alpha1", + "kind": "Function", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/cloudfront-controller:0.0.12 + createdAt: "2024-07-16T19:44:40Z" + description: AWS CloudFront controller is a service controller for managing CloudFront + resources in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-cloudfront-controller.v0.0.12 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: CachePolicy represents the state of an AWS cloudfront CachePolicy + resource. + displayName: CachePolicy + kind: CachePolicy + name: cachepolicies.cloudfront.services.k8s.aws + version: v1alpha1 + - description: Distribution represents the state of an AWS cloudfront Distribution + resource. + displayName: Distribution + kind: Distribution + name: distributions.cloudfront.services.k8s.aws + version: v1alpha1 + - description: Function represents the state of an AWS cloudfront Function resource. + displayName: Function + kind: Function + name: functions.cloudfront.services.k8s.aws + version: v1alpha1 + - description: OriginAccessControl represents the state of an AWS cloudfront OriginAccessControl + resource. + displayName: OriginAccessControl + kind: OriginAccessControl + name: originaccesscontrols.cloudfront.services.k8s.aws + version: v1alpha1 + - description: OriginRequestPolicy represents the state of an AWS cloudfront OriginRequestPolicy + resource. + displayName: OriginRequestPolicy + kind: OriginRequestPolicy + name: originrequestpolicies.cloudfront.services.k8s.aws + version: v1alpha1 + - description: ResponseHeadersPolicy represents the state of an AWS cloudfront + ResponseHeadersPolicy resource. + displayName: ResponseHeadersPolicy + kind: ResponseHeadersPolicy + name: responseheaderspolicies.cloudfront.services.k8s.aws + version: v1alpha1 + description: |- + Manage Amazon CloudFront resources in AWS from within your Kubernetes cluster. + + **About Amazon CloudFront** + + Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. + displayName: AWS Controllers for Kubernetes - Amazon CloudFront + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - acm.services.k8s.aws + resources: + - certificates + verbs: + - get + - list + - apiGroups: + - acm.services.k8s.aws + resources: + - certificates/status + verbs: + - get + - list + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - cachepolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - cachepolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - distributions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - distributions/status + verbs: + - get + - patch + - update + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - functions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - functions/status + verbs: + - get + - patch + - update + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - originaccesscontrols + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - originaccesscontrols/status + verbs: + - get + - patch + - update + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - originrequestpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - originrequestpolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - responseheaderspolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudfront.services.k8s.aws + resources: + - responseheaderspolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-cloudfront-controller + deployments: + - label: + app.kubernetes.io/name: ack-cloudfront-controller + app.kubernetes.io/part-of: ack-system + name: ack-cloudfront-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-cloudfront-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-cloudfront-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-cloudfront-user-config + optional: false + - secretRef: + name: ack-cloudfront-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/cloudfront-controller:0.0.12 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-cloudfront-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-cloudfront-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - cloudfront + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon CloudFront Developer Resources + url: https://aws.amazon.com/cloudfront/developer-resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: cloudfront maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 0.0.12 diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-metrics-service_v1_service.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..efa636e7f90 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-cloudfront-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-cloudfront-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..5bde9a614a5 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-cloudfront-reader +rules: +- apiGroups: + - cloudfront.services.k8s.aws + resources: + - cachepolicies + - distributions + - functions + - originaccesscontrols + - originrequestpolicies + - responseheaderspolicies + verbs: + - get + - list + - watch diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..3ccb776e3ef --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/ack-cloudfront-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-cloudfront-writer +rules: +- apiGroups: + - cloudfront.services.k8s.aws + resources: + - cachepolicies + - distributions + - functions + - originaccesscontrols + - originrequestpolicies + - responseheaderspolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cloudfront.services.k8s.aws + resources: + - cachepolicies + - distributions + - functions + - originaccesscontrols + - originrequestpolicies + - responseheaderspolicies + verbs: + - get + - patch + - update diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_cachepolicies.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_cachepolicies.yaml new file mode 100644 index 00000000000..bc1bbe4111c --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_cachepolicies.yaml @@ -0,0 +1,245 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: cachepolicies.cloudfront.services.k8s.aws +spec: + group: cloudfront.services.k8s.aws + names: + kind: CachePolicy + listKind: CachePolicyList + plural: cachepolicies + singular: cachepolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CachePolicy is the Schema for the CachePolicies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + CachePolicySpec defines the desired state of CachePolicy. + + + A cache policy. + + + When it's attached to a cache behavior, the cache policy determines the following: + + + * The values that CloudFront includes in the cache key. These values can + include HTTP headers, cookies, and URL query strings. CloudFront uses + the cache key to find an object in its cache that it can return to the + viewer. + + + * The default, minimum, and maximum time to live (TTL) values that you + want objects to stay in the CloudFront cache. + + + The headers, cookies, and query strings that are included in the cache key + are also included in requests that CloudFront sends to the origin. CloudFront + sends a request when it can't find a valid object in its cache that matches + the request's cache key. If you want to send values to the origin but not + include them in the cache key, use OriginRequestPolicy. + properties: + cachePolicyConfig: + description: A cache policy configuration. + properties: + comment: + type: string + defaultTTL: + format: int64 + type: integer + maxTTL: + format: int64 + type: integer + minTTL: + format: int64 + type: integer + name: + type: string + parametersInCacheKeyAndForwardedToOrigin: + description: |- + This object determines the values that CloudFront includes in the cache key. + These values can include HTTP headers, cookies, and URL query strings. CloudFront + uses the cache key to find an object in its cache that it can return to the + viewer. + + + The headers, cookies, and query strings that are included in the cache key + are also included in requests that CloudFront sends to the origin. CloudFront + sends a request when it can't find an object in its cache that matches the + request's cache key. If you want to send values to the origin but not include + them in the cache key, use OriginRequestPolicy. + properties: + cookiesConfig: + description: |- + An object that determines whether any cookies in viewer requests (and if + so, which cookies) are included in the cache key and in requests that CloudFront + sends to the origin. + properties: + cookieBehavior: + type: string + cookies: + description: Contains a list of cookie names. + properties: + items: + items: + type: string + type: array + type: object + type: object + enableAcceptEncodingBrotli: + type: boolean + enableAcceptEncodingGzip: + type: boolean + headersConfig: + description: |- + An object that determines whether any HTTP headers (and if so, which headers) + are included in the cache key and in requests that CloudFront sends to the + origin. + properties: + headerBehavior: + type: string + headers: + description: Contains a list of HTTP header names. + properties: + items: + items: + type: string + type: array + type: object + type: object + queryStringsConfig: + description: |- + An object that determines whether any URL query strings in viewer requests + (and if so, which query strings) are included in the cache key and in requests + that CloudFront sends to the origin. + properties: + queryStringBehavior: + type: string + queryStrings: + description: Contains a list of query string names. + properties: + items: + items: + type: string + type: array + type: object + type: object + type: object + type: object + required: + - cachePolicyConfig + type: object + status: + description: CachePolicyStatus defines the observed state of CachePolicy + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + eTag: + description: The current version of the cache policy. + type: string + id: + description: The unique identifier for the cache policy. + type: string + lastModifiedTime: + description: The date and time when the cache policy was last modified. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_distributions.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_distributions.yaml new file mode 100644 index 00000000000..1178a7f9fd0 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_distributions.yaml @@ -0,0 +1,1121 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: distributions.cloudfront.services.k8s.aws +spec: + group: cloudfront.services.k8s.aws + names: + kind: Distribution + listKind: DistributionList + plural: distributions + singular: distribution + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Distribution is the Schema for the Distributions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DistributionSpec defines the desired state of Distribution. + + + A distribution tells CloudFront where you want content to be delivered from, + and the details about how to track and manage content delivery. + properties: + distributionConfig: + description: The distribution's configuration information. + properties: + aliases: + description: |- + A complex type that contains information about CNAMEs (alternate domain names), + if any, for this distribution. + properties: + items: + items: + type: string + type: array + type: object + cacheBehaviors: + description: A complex type that contains zero or more CacheBehavior + elements. + properties: + items: + items: + description: |- + A complex type that describes how CloudFront processes requests. + + + You must create at least as many cache behaviors (including the default cache + behavior) as you have origins if you want CloudFront to serve objects from + all of the origins. Each cache behavior specifies the one origin from which + you want CloudFront to get objects. If you have two origins and only the + default cache behavior, the default cache behavior will cause CloudFront + to get objects from one of the origins, but the other origin is never used. + + + For the current quota (formerly known as limit) on the number of cache behaviors + that you can add to a distribution, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + in the Amazon CloudFront Developer Guide. + + + If you don't want to specify any cache behaviors, include only an empty CacheBehaviors + element. Don't include an empty CacheBehavior element because this is invalid. + + + To delete all cache behaviors in an existing distribution, update the distribution + configuration and include only an empty CacheBehaviors element. + + + To add, change, or remove one or more cache behaviors, update the distribution + configuration and specify all of the cache behaviors that you want to include + in the updated distribution. + + + For more information about cache behaviors, see Cache Behavior Settings (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior) + in the Amazon CloudFront Developer Guide. + properties: + allowedMethods: + description: |- + A complex type that controls which HTTP methods CloudFront processes and + forwards to your Amazon S3 bucket or your custom origin. There are three + choices: + + + * CloudFront forwards only GET and HEAD requests. + + + * CloudFront forwards only GET, HEAD, and OPTIONS requests. + + + * CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE + requests. + + + If you pick the third choice, you may need to restrict access to your Amazon + S3 bucket or to your custom origin so users can't perform operations that + you don't want them to. For example, you might not want users to have permissions + to delete objects from your origin. + properties: + cachedMethods: + description: |- + A complex type that controls whether CloudFront caches the response to requests + using the specified HTTP methods. There are two choices: + + + * CloudFront caches responses to GET and HEAD requests. + + + * CloudFront caches responses to GET, HEAD, and OPTIONS requests. + + + If you pick the second choice for your Amazon S3 Origin, you may need to + forward Access-Control-Request-Method, Access-Control-Request-Headers, and + Origin headers for the responses to be cached correctly. + properties: + items: + items: + type: string + type: array + type: object + items: + items: + type: string + type: array + type: object + cachePolicyID: + type: string + compress: + type: boolean + defaultTTL: + format: int64 + type: integer + fieldLevelEncryptionID: + type: string + forwardedValues: + description: |- + This field is deprecated. We recommend that you use a cache policy or an + origin request policy instead of this field. + + + If you want to include values in the cache key, use a cache policy. For more + information, see Creating cache policies (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) + in the Amazon CloudFront Developer Guide. + + + If you want to send values to the origin but not include them in the cache + key, use an origin request policy. For more information, see Creating origin + request policies (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) + in the Amazon CloudFront Developer Guide. + + + A complex type that specifies how CloudFront handles query strings, cookies, + and HTTP headers. + properties: + cookies: + description: |- + This field is deprecated. We recommend that you use a cache policy or an + origin request policy instead of this field. + + + If you want to include cookies in the cache key, use CookiesConfig in a cache + policy. See CachePolicy. + + + If you want to send cookies to the origin but not include them in the cache + key, use CookiesConfig in an origin request policy. See OriginRequestPolicy. + + + A complex type that specifies whether you want CloudFront to forward cookies + to the origin and, if so, which ones. For more information about forwarding + cookies to the origin, see Caching Content Based on Cookies (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) + in the Amazon CloudFront Developer Guide. + properties: + forward: + type: string + whitelistedNames: + description: Contains a list of cookie names. + properties: + items: + items: + type: string + type: array + type: object + type: object + headers: + description: Contains a list of HTTP header names. + properties: + items: + items: + type: string + type: array + type: object + queryString: + type: boolean + queryStringCacheKeys: + description: |- + This field is deprecated. We recommend that you use a cache policy or an + origin request policy instead of this field. + + + If you want to include query strings in the cache key, use QueryStringsConfig + in a cache policy. See CachePolicy. + + + If you want to send query strings to the origin but not include them in the + cache key, use QueryStringsConfig in an origin request policy. See OriginRequestPolicy. + + + A complex type that contains information about the query string parameters + that you want CloudFront to use for caching for a cache behavior. + properties: + items: + items: + type: string + type: array + type: object + type: object + functionAssociations: + description: |- + A list of CloudFront functions that are associated with a cache behavior + in a CloudFront distribution. CloudFront functions must be published to the + LIVE stage to associate them with a cache behavior. + properties: + items: + items: + description: |- + A CloudFront function that is associated with a cache behavior in a CloudFront + distribution. + properties: + eventType: + type: string + functionARN: + type: string + type: object + type: array + type: object + lambdaFunctionAssociations: + description: |- + A complex type that specifies a list of Lambda@Edge functions associations + for a cache behavior. + + + If you want to invoke one or more Lambda@Edge functions triggered by requests + that match the PathPattern of the cache behavior, specify the applicable + values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation + items in this list (one for each possible value of EventType) and each EventType + can be associated with only one function. + + + If you don't want to invoke any Lambda@Edge functions for the requests that + match PathPattern, specify 0 for Quantity and omit Items. + properties: + items: + items: + description: A complex type that contains a Lambda@Edge + function association. + properties: + eventType: + type: string + includeBody: + type: boolean + lambdaFunctionARN: + type: string + type: object + type: array + type: object + maxTTL: + format: int64 + type: integer + minTTL: + format: int64 + type: integer + originRequestPolicyID: + type: string + pathPattern: + type: string + realtimeLogConfigARN: + type: string + responseHeadersPolicyID: + type: string + smoothStreaming: + type: boolean + targetOriginID: + type: string + trustedKeyGroups: + description: |- + A list of key groups whose public keys CloudFront can use to verify the signatures + of signed URLs and signed cookies. + properties: + enabled: + type: boolean + items: + items: + type: string + type: array + type: object + trustedSigners: + description: |- + A list of Amazon Web Services accounts whose public keys CloudFront can use + to verify the signatures of signed URLs and signed cookies. + properties: + enabled: + type: boolean + items: + items: + type: string + type: array + type: object + viewerProtocolPolicy: + type: string + type: object + type: array + type: object + comment: + type: string + continuousDeploymentPolicyID: + type: string + customErrorResponses: + description: |- + A complex type that controls: + + + * Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range + with custom error messages before returning the response to the viewer. + + + * How long CloudFront caches HTTP status codes in the 4xx and 5xx range. + + + For more information about custom error pages, see Customizing Error Responses + (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) + in the Amazon CloudFront Developer Guide. + properties: + items: + items: + description: |- + A complex type that controls: + + + * Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range + with custom error messages before returning the response to the viewer. + + + * How long CloudFront caches HTTP status codes in the 4xx and 5xx range. + + + For more information about custom error pages, see Customizing Error Responses + (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) + in the Amazon CloudFront Developer Guide. + properties: + errorCachingMinTTL: + format: int64 + type: integer + errorCode: + format: int64 + type: integer + responseCode: + type: string + responsePagePath: + type: string + type: object + type: array + type: object + defaultCacheBehavior: + description: |- + A complex type that describes the default cache behavior if you don't specify + a CacheBehavior element or if request URLs don't match any of the values + of PathPattern in CacheBehavior elements. You must create exactly one default + cache behavior. + properties: + allowedMethods: + description: |- + A complex type that controls which HTTP methods CloudFront processes and + forwards to your Amazon S3 bucket or your custom origin. There are three + choices: + + + * CloudFront forwards only GET and HEAD requests. + + + * CloudFront forwards only GET, HEAD, and OPTIONS requests. + + + * CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE + requests. + + + If you pick the third choice, you may need to restrict access to your Amazon + S3 bucket or to your custom origin so users can't perform operations that + you don't want them to. For example, you might not want users to have permissions + to delete objects from your origin. + properties: + cachedMethods: + description: |- + A complex type that controls whether CloudFront caches the response to requests + using the specified HTTP methods. There are two choices: + + + * CloudFront caches responses to GET and HEAD requests. + + + * CloudFront caches responses to GET, HEAD, and OPTIONS requests. + + + If you pick the second choice for your Amazon S3 Origin, you may need to + forward Access-Control-Request-Method, Access-Control-Request-Headers, and + Origin headers for the responses to be cached correctly. + properties: + items: + items: + type: string + type: array + type: object + items: + items: + type: string + type: array + type: object + cachePolicyID: + type: string + compress: + type: boolean + defaultTTL: + format: int64 + type: integer + fieldLevelEncryptionID: + type: string + forwardedValues: + description: |- + This field is deprecated. We recommend that you use a cache policy or an + origin request policy instead of this field. + + + If you want to include values in the cache key, use a cache policy. For more + information, see Creating cache policies (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) + in the Amazon CloudFront Developer Guide. + + + If you want to send values to the origin but not include them in the cache + key, use an origin request policy. For more information, see Creating origin + request policies (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) + in the Amazon CloudFront Developer Guide. + + + A complex type that specifies how CloudFront handles query strings, cookies, + and HTTP headers. + properties: + cookies: + description: |- + This field is deprecated. We recommend that you use a cache policy or an + origin request policy instead of this field. + + + If you want to include cookies in the cache key, use CookiesConfig in a cache + policy. See CachePolicy. + + + If you want to send cookies to the origin but not include them in the cache + key, use CookiesConfig in an origin request policy. See OriginRequestPolicy. + + + A complex type that specifies whether you want CloudFront to forward cookies + to the origin and, if so, which ones. For more information about forwarding + cookies to the origin, see Caching Content Based on Cookies (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) + in the Amazon CloudFront Developer Guide. + properties: + forward: + type: string + whitelistedNames: + description: Contains a list of cookie names. + properties: + items: + items: + type: string + type: array + type: object + type: object + headers: + description: Contains a list of HTTP header names. + properties: + items: + items: + type: string + type: array + type: object + queryString: + type: boolean + queryStringCacheKeys: + description: |- + This field is deprecated. We recommend that you use a cache policy or an + origin request policy instead of this field. + + + If you want to include query strings in the cache key, use QueryStringsConfig + in a cache policy. See CachePolicy. + + + If you want to send query strings to the origin but not include them in the + cache key, use QueryStringsConfig in an origin request policy. See OriginRequestPolicy. + + + A complex type that contains information about the query string parameters + that you want CloudFront to use for caching for a cache behavior. + properties: + items: + items: + type: string + type: array + type: object + type: object + functionAssociations: + description: |- + A list of CloudFront functions that are associated with a cache behavior + in a CloudFront distribution. CloudFront functions must be published to the + LIVE stage to associate them with a cache behavior. + properties: + items: + items: + description: |- + A CloudFront function that is associated with a cache behavior in a CloudFront + distribution. + properties: + eventType: + type: string + functionARN: + type: string + type: object + type: array + type: object + lambdaFunctionAssociations: + description: |- + A complex type that specifies a list of Lambda@Edge functions associations + for a cache behavior. + + + If you want to invoke one or more Lambda@Edge functions triggered by requests + that match the PathPattern of the cache behavior, specify the applicable + values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation + items in this list (one for each possible value of EventType) and each EventType + can be associated with only one function. + + + If you don't want to invoke any Lambda@Edge functions for the requests that + match PathPattern, specify 0 for Quantity and omit Items. + properties: + items: + items: + description: A complex type that contains a Lambda@Edge + function association. + properties: + eventType: + type: string + includeBody: + type: boolean + lambdaFunctionARN: + type: string + type: object + type: array + type: object + maxTTL: + format: int64 + type: integer + minTTL: + format: int64 + type: integer + originRequestPolicyID: + type: string + realtimeLogConfigARN: + type: string + responseHeadersPolicyID: + type: string + smoothStreaming: + type: boolean + targetOriginID: + type: string + trustedKeyGroups: + description: |- + A list of key groups whose public keys CloudFront can use to verify the signatures + of signed URLs and signed cookies. + properties: + enabled: + type: boolean + items: + items: + type: string + type: array + type: object + trustedSigners: + description: |- + A list of Amazon Web Services accounts whose public keys CloudFront can use + to verify the signatures of signed URLs and signed cookies. + properties: + enabled: + type: boolean + items: + items: + type: string + type: array + type: object + viewerProtocolPolicy: + type: string + type: object + defaultRootObject: + type: string + enabled: + type: boolean + httpVersion: + type: string + isIPV6Enabled: + type: boolean + logging: + description: A complex type that controls whether access logs + are written for the distribution. + properties: + bucket: + type: string + enabled: + type: boolean + includeCookies: + type: boolean + prefix: + type: string + type: object + originGroups: + description: A complex data type for the origin groups specified + for a distribution. + properties: + items: + description: List of origin groups for a distribution. + items: + description: |- + An origin group includes two origins (a primary origin and a second origin + to failover to) and a failover criteria that you specify. You create an origin + group to support origin failover in CloudFront. When you create or update + a distribution, you can specifiy the origin group instead of a single origin, + and CloudFront will failover from the primary origin to the second origin + under the failover conditions that you've chosen. + properties: + failoverCriteria: + description: |- + A complex data type that includes information about the failover criteria + for an origin group, including the status codes for which CloudFront will + failover from the primary origin to the second origin. + properties: + statusCodes: + description: |- + A complex data type for the status codes that you specify that, when returned + by a primary origin, trigger CloudFront to failover to a second origin. + properties: + items: + description: List of status codes for origin + failover. + items: + format: int64 + type: integer + type: array + type: object + type: object + id: + type: string + members: + description: A complex data type for the origins included + in an origin group. + properties: + items: + description: List of origins in an origin group. + items: + description: An origin in an origin group. + properties: + originID: + type: string + type: object + type: array + type: object + type: object + type: array + type: object + origins: + description: Contains information about the origins for this distribution. + properties: + items: + items: + description: |- + An origin. + + + An origin is the location where content is stored, and from which CloudFront + gets content to serve to viewers. To specify an origin: + + + * Use S3OriginConfig to specify an Amazon S3 bucket that is not configured + with static website hosting. + + + * Use CustomOriginConfig to specify all other kinds of origins, including: + An Amazon S3 bucket that is configured with static website hosting An + Elastic Load Balancing load balancer An AWS Elemental MediaPackage endpoint + An AWS Elemental MediaStore container Any other HTTP server, running on + an Amazon EC2 instance or any other kind of host + + + For the current maximum number of origins that you can specify per distribution, + see General Quotas on Web Distributions (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) + in the Amazon CloudFront Developer Guide (quotas were formerly referred to + as limits). + properties: + connectionAttempts: + format: int64 + type: integer + connectionTimeout: + format: int64 + type: integer + customHeaders: + description: A complex type that contains the list of + Custom Headers for each origin. + properties: + items: + items: + description: |- + A complex type that contains HeaderName and HeaderValue elements, if any, + for this distribution. + properties: + headerName: + type: string + headerValue: + type: string + type: object + type: array + type: object + customOriginConfig: + description: |- + A custom origin. A custom origin is any origin that is not an Amazon S3 bucket, + with one exception. An Amazon S3 bucket that is configured with static website + hosting (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) + is a custom origin. + properties: + httpPort: + format: int64 + type: integer + httpSPort: + format: int64 + type: integer + originKeepaliveTimeout: + format: int64 + type: integer + originProtocolPolicy: + type: string + originReadTimeout: + format: int64 + type: integer + originSSLProtocols: + description: |- + A complex type that contains information about the SSL/TLS protocols that + CloudFront can use when establishing an HTTPS connection with your origin. + properties: + items: + items: + type: string + type: array + type: object + type: object + domainName: + type: string + id: + type: string + originAccessControlID: + type: string + originPath: + type: string + originShield: + description: |- + CloudFront Origin Shield. + + + Using Origin Shield can help reduce the load on your origin. For more information, + see Using Origin Shield (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) + in the Amazon CloudFront Developer Guide. + properties: + enabled: + type: boolean + originShieldRegion: + type: string + type: object + s3OriginConfig: + description: |- + A complex type that contains information about the Amazon S3 origin. If the + origin is a custom origin or an S3 bucket that is configured as a website + endpoint, use the CustomOriginConfig element instead. + properties: + originAccessIdentity: + type: string + type: object + type: object + type: array + type: object + priceClass: + type: string + restrictions: + description: |- + A complex type that identifies ways in which you want to restrict distribution + of your content. + properties: + geoRestriction: + description: |- + A complex type that controls the countries in which your content is distributed. + CloudFront determines the location of your users using MaxMind GeoIP databases. + properties: + items: + items: + type: string + type: array + restrictionType: + type: string + type: object + type: object + staging: + type: boolean + viewerCertificate: + description: |- + A complex type that determines the distribution's SSL/TLS configuration for + communicating with viewers. + + + If the distribution doesn't use Aliases (also known as alternate domain names + or CNAMEs)—that is, if the distribution uses the CloudFront domain name + such as d111111abcdef8.cloudfront.net—set CloudFrontDefaultCertificate + to true and leave all other fields empty. + + + If the distribution uses Aliases (alternate domain names or CNAMEs), use + the fields in this type to specify the following settings: + + + * Which viewers the distribution accepts HTTPS connections from: only + viewers that support server name indication (SNI) (https://en.wikipedia.org/wiki/Server_Name_Indication) + (recommended), or all viewers including those that don't support SNI. + To accept HTTPS connections from only viewers that support SNI, set SSLSupportMethod + to sni-only. This is recommended. Most browsers and clients support SNI. + To accept HTTPS connections from all viewers, including those that don't + support SNI, set SSLSupportMethod to vip. This is not recommended, and + results in additional monthly charges from CloudFront. + + + * The minimum SSL/TLS protocol version that the distribution can use to + communicate with viewers. To specify a minimum version, choose a value + for MinimumProtocolVersion. For more information, see Security Policy + (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) + in the Amazon CloudFront Developer Guide. + + + * The location of the SSL/TLS certificate, Certificate Manager (ACM) (https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) + (recommended) or Identity and Access Management (IAM) (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). + You specify the location by setting a value in one of the following fields + (not both): ACMCertificateArn IAMCertificateId + + + All distributions support HTTPS connections from viewers. To require viewers + to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy + in the CacheBehavior or DefaultCacheBehavior. To specify how CloudFront should + use SSL/TLS to communicate with your custom origin, use CustomOriginConfig. + + + For more information, see Using HTTPS with CloudFront (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) + and Using Alternate Domain Names and HTTPS (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) + in the Amazon CloudFront Developer Guide. + properties: + acmCertificateARN: + type: string + acmCertificateRef: + description: Reference field for ACMCertificateARN + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + certificate: + type: string + certificateSource: + type: string + cloudFrontDefaultCertificate: + type: boolean + iamCertificateID: + type: string + minimumProtocolVersion: + type: string + sslSupportMethod: + type: string + type: object + webACLID: + type: string + type: object + required: + - distributionConfig + type: object + status: + description: DistributionStatus defines the observed state of Distribution + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + activeTrustedKeyGroups: + description: |- + This field contains a list of key groups and the public keys in each key + group that CloudFront can use to verify the signatures of signed URLs or + signed cookies. + properties: + enabled: + type: boolean + items: + items: + description: |- + A list of identifiers for the public keys that CloudFront can use to verify + the signatures of signed URLs and signed cookies. + properties: + keyGroupID: + type: string + keyPairIDs: + description: A list of CloudFront key pair identifiers. + properties: + items: + items: + type: string + type: array + quantity: + format: int64 + type: integer + type: object + type: object + type: array + type: object + activeTrustedSigners: + description: |- + We recommend using TrustedKeyGroups instead of TrustedSigners. + + + This field contains a list of Amazon Web Services account IDs and the active + CloudFront key pairs in each account that CloudFront can use to verify the + signatures of signed URLs or signed cookies. + properties: + enabled: + type: boolean + items: + items: + description: |- + A list of Amazon Web Services accounts and the active CloudFront key pairs + in each account that CloudFront can use to verify the signatures of signed + URLs and signed cookies. + properties: + awsAccountNumber: + type: string + keyPairIDs: + description: A list of CloudFront key pair identifiers. + properties: + items: + items: + type: string + type: array + quantity: + format: int64 + type: integer + type: object + type: object + type: array + type: object + aliasICPRecordals: + description: |- + Amazon Web Services services in China customers must file for an Internet + Content Provider (ICP) recordal if they want to serve content publicly on + an alternate domain name, also known as a CNAME, that they've added to CloudFront. + AliasICPRecordal provides the ICP recordal status for CNAMEs associated with + distributions. + + + For more information about ICP recordals, see Signup, Accounts, and Credentials + (https://docs.amazonaws.cn/en_us/aws/latest/userguide/accounts-and-credentials.html) + in Getting Started with Amazon Web Services services in China. + items: + description: |- + Amazon Web Services services in China customers must file for an Internet + Content Provider (ICP) recordal if they want to serve content publicly on + an alternate domain name, also known as a CNAME, that they've added to CloudFront. + AliasICPRecordal provides the ICP recordal status for CNAMEs associated with + distributions. The status is returned in the CloudFront response; you can't + configure it yourself. + + + For more information about ICP recordals, see Signup, Accounts, and Credentials + (https://docs.amazonaws.cn/en_us/aws/latest/userguide/accounts-and-credentials.html) + in Getting Started with Amazon Web Services services in China. + properties: + cname: + type: string + iCPRecordalStatus: + type: string + type: object + type: array + callerReference: + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + domainName: + description: 'The distribution''s CloudFront domain name. For example: + d111111abcdef8.cloudfront.net.' + type: string + eTag: + description: The current version of the distribution created. + type: string + id: + description: 'The distribution''s identifier. For example: E1U5RQF7T870K0.' + type: string + inProgressInvalidationBatches: + description: The number of invalidation batches currently in progress. + format: int64 + type: integer + lastModifiedTime: + description: The date and time when the distribution was last modified. + format: date-time + type: string + status: + description: |- + The distribution's status. When the status is Deployed, the distribution's + information is fully propagated to all CloudFront edge locations. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_functions.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_functions.yaml new file mode 100644 index 00000000000..4408ccd2649 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_functions.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: functions.cloudfront.services.k8s.aws +spec: + group: cloudfront.services.k8s.aws + names: + kind: Function + listKind: FunctionList + plural: functions + singular: function + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Function is the Schema for the Functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FunctionSpec defines the desired state of Function. + properties: + functionCode: + description: |- + The function code. For more information about writing a CloudFront function, + see Writing function code for CloudFront Functions (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) + in the Amazon CloudFront Developer Guide. + format: byte + type: string + functionConfig: + description: |- + Configuration information about the function, including an optional comment + and the function's runtime. + properties: + comment: + type: string + runtime: + type: string + type: object + name: + description: A name to identify the function. + type: string + required: + - functionCode + - functionConfig + - name + type: object + status: + description: FunctionStatus defines the observed state of Function + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + eTag: + description: The version identifier for the current version of the + CloudFront function. + type: string + functionSummary: + description: Contains configuration information and metadata about + a CloudFront function. + properties: + functionConfig: + description: Contains configuration information about a CloudFront + function. + properties: + comment: + type: string + runtime: + type: string + type: object + functionMetadata: + description: Contains metadata about a CloudFront function. + properties: + createdTime: + format: date-time + type: string + functionARN: + type: string + lastModifiedTime: + format: date-time + type: string + stage: + type: string + type: object + name: + type: string + status: + type: string + type: object + location: + description: |- + The URL of the CloudFront function. Use the URL to manage the function with + the CloudFront API. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originaccesscontrols.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originaccesscontrols.yaml new file mode 100644 index 00000000000..fa5d10f2e0e --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originaccesscontrols.yaml @@ -0,0 +1,150 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: originaccesscontrols.cloudfront.services.k8s.aws +spec: + group: cloudfront.services.k8s.aws + names: + kind: OriginAccessControl + listKind: OriginAccessControlList + plural: originaccesscontrols + singular: originaccesscontrol + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OriginAccessControl is the Schema for the OriginAccessControls + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + OriginAccessControlSpec defines the desired state of OriginAccessControl. + + + A CloudFront origin access control, including its unique identifier. + properties: + originAccessControlConfig: + description: Contains the origin access control. + properties: + description: + type: string + name: + type: string + originAccessControlOriginType: + type: string + signingBehavior: + type: string + signingProtocol: + type: string + type: object + required: + - originAccessControlConfig + type: object + status: + description: OriginAccessControlStatus defines the observed state of OriginAccessControl + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + eTag: + type: string + id: + description: The unique identifier of the origin access control. + type: string + location: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originrequestpolicies.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originrequestpolicies.yaml new file mode 100644 index 00000000000..fa240627948 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_originrequestpolicies.yaml @@ -0,0 +1,223 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: originrequestpolicies.cloudfront.services.k8s.aws +spec: + group: cloudfront.services.k8s.aws + names: + kind: OriginRequestPolicy + listKind: OriginRequestPolicyList + plural: originrequestpolicies + singular: originrequestpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OriginRequestPolicy is the Schema for the OriginRequestPolicies + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + OriginRequestPolicySpec defines the desired state of OriginRequestPolicy. + + + An origin request policy. + + + When it's attached to a cache behavior, the origin request policy determines + the values that CloudFront includes in requests that it sends to the origin. + Each request that CloudFront sends to the origin includes the following: + + + * The request body and the URL path (without the domain name) from the + viewer request. + + + * The headers that CloudFront automatically includes in every origin request, + including Host, User-Agent, and X-Amz-Cf-Id. + + + * All HTTP headers, cookies, and URL query strings that are specified + in the cache policy or the origin request policy. These can include items + from the viewer request and, in the case of headers, additional ones that + are added by CloudFront. + + + CloudFront sends a request when it can't find an object in its cache that + matches the request. If you want to send values to the origin and also include + them in the cache key, use CachePolicy. + properties: + originRequestPolicyConfig: + description: An origin request policy configuration. + properties: + comment: + type: string + cookiesConfig: + description: |- + An object that determines whether any cookies in viewer requests (and if + so, which cookies) are included in requests that CloudFront sends to the + origin. + properties: + cookieBehavior: + type: string + cookies: + description: Contains a list of cookie names. + properties: + items: + items: + type: string + type: array + type: object + type: object + headersConfig: + description: |- + An object that determines whether any HTTP headers (and if so, which headers) + are included in requests that CloudFront sends to the origin. + properties: + headerBehavior: + type: string + headers: + description: Contains a list of HTTP header names. + properties: + items: + items: + type: string + type: array + type: object + type: object + name: + type: string + queryStringsConfig: + description: |- + An object that determines whether any URL query strings in viewer requests + (and if so, which query strings) are included in requests that CloudFront + sends to the origin. + properties: + queryStringBehavior: + type: string + queryStrings: + description: Contains a list of query string names. + properties: + items: + items: + type: string + type: array + type: object + type: object + type: object + required: + - originRequestPolicyConfig + type: object + status: + description: OriginRequestPolicyStatus defines the observed state of OriginRequestPolicy + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + eTag: + type: string + id: + description: The unique identifier for the origin request policy. + type: string + lastModifiedTime: + description: The date and time when the origin request policy was + last modified. + format: date-time + type: string + location: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_responseheaderspolicies.yaml b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_responseheaderspolicies.yaml new file mode 100644 index 00000000000..72f53c1c3c8 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/manifests/cloudfront.services.k8s.aws_responseheaderspolicies.yaml @@ -0,0 +1,411 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: responseheaderspolicies.cloudfront.services.k8s.aws +spec: + group: cloudfront.services.k8s.aws + names: + kind: ResponseHeadersPolicy + listKind: ResponseHeadersPolicyList + plural: responseheaderspolicies + singular: responseheaderspolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ResponseHeadersPolicy is the Schema for the ResponseHeadersPolicies + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ResponseHeadersPolicySpec defines the desired state of ResponseHeadersPolicy. + + + A response headers policy. + + + A response headers policy contains information about a set of HTTP response + headers. + + + After you create a response headers policy, you can use its ID to attach + it to one or more cache behaviors in a CloudFront distribution. When it's + attached to a cache behavior, the response headers policy affects the HTTP + headers that CloudFront includes in HTTP responses to requests that match + the cache behavior. CloudFront adds or removes response headers according + to the configuration of the response headers policy. + + + For more information, see Adding or removing HTTP headers in CloudFront responses + (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html) + in the Amazon CloudFront Developer Guide. + properties: + responseHeadersPolicyConfig: + description: |- + Contains metadata about the response headers policy, and a set of configurations + that specify the HTTP headers. + properties: + comment: + type: string + corsConfig: + description: |- + A configuration for a set of HTTP response headers that are used for cross-origin + resource sharing (CORS). CloudFront adds these headers to HTTP responses + that it sends for CORS requests that match a cache behavior associated with + this response headers policy. + + + For more information about CORS, see Cross-Origin Resource Sharing (CORS) + (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs. + properties: + accessControlAllowCredentials: + type: boolean + accessControlAllowHeaders: + description: |- + A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers + HTTP response header. + + + For more information about the Access-Control-Allow-Headers HTTP response + header, see Access-Control-Allow-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) + in the MDN Web Docs. + properties: + items: + items: + type: string + type: array + type: object + accessControlAllowMethods: + description: |- + A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods + HTTP response header. + + + For more information about the Access-Control-Allow-Methods HTTP response + header, see Access-Control-Allow-Methods (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) + in the MDN Web Docs. + properties: + items: + items: + type: string + type: array + type: object + accessControlAllowOrigins: + description: |- + A list of origins (domain names) that CloudFront can use as the value for + the Access-Control-Allow-Origin HTTP response header. + + + For more information about the Access-Control-Allow-Origin HTTP response + header, see Access-Control-Allow-Origin (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) + in the MDN Web Docs. + properties: + items: + items: + type: string + type: array + type: object + accessControlExposeHeaders: + description: |- + A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers + HTTP response header. + + + For more information about the Access-Control-Expose-Headers HTTP response + header, see Access-Control-Expose-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) + in the MDN Web Docs. + properties: + items: + items: + type: string + type: array + type: object + accessControlMaxAgeSec: + format: int64 + type: integer + originOverride: + type: boolean + type: object + customHeadersConfig: + description: |- + A list of HTTP response header names and their values. CloudFront includes + these headers in HTTP responses that it sends for requests that match a cache + behavior that's associated with this response headers policy. + properties: + items: + items: + description: |- + An HTTP response header name and its value. CloudFront includes this header + in HTTP responses that it sends for requests that match a cache behavior + that's associated with this response headers policy. + properties: + header: + type: string + override: + type: boolean + value: + type: string + type: object + type: array + type: object + name: + type: string + removeHeadersConfig: + description: |- + A list of HTTP header names that CloudFront removes from HTTP responses to + requests that match the cache behavior that this response headers policy + is attached to. + properties: + items: + items: + description: |- + The name of an HTTP header that CloudFront removes from HTTP responses to + requests that match the cache behavior that this response headers policy + is attached to. + properties: + header: + type: string + type: object + type: array + type: object + securityHeadersConfig: + description: |- + A configuration for a set of security-related HTTP response headers. CloudFront + adds these headers to HTTP responses that it sends for requests that match + a cache behavior associated with this response headers policy. + properties: + contentSecurityPolicy: + description: |- + The policy directives and their values that CloudFront includes as values + for the Content-Security-Policy HTTP response header. + + + For more information about the Content-Security-Policy HTTP response header, + see Content-Security-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) + in the MDN Web Docs. + properties: + contentSecurityPolicy: + type: string + override: + type: boolean + type: object + contentTypeOptions: + description: |- + Determines whether CloudFront includes the X-Content-Type-Options HTTP response + header with its value set to nosniff. + + + For more information about the X-Content-Type-Options HTTP response header, + see X-Content-Type-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) + in the MDN Web Docs. + properties: + override: + type: boolean + type: object + frameOptions: + description: |- + Determines whether CloudFront includes the X-Frame-Options HTTP response + header and the header's value. + + + For more information about the X-Frame-Options HTTP response header, see + X-Frame-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) + in the MDN Web Docs. + properties: + frameOption: + type: string + override: + type: boolean + type: object + referrerPolicy: + description: |- + Determines whether CloudFront includes the Referrer-Policy HTTP response + header and the header's value. + + + For more information about the Referrer-Policy HTTP response header, see + Referrer-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) + in the MDN Web Docs. + properties: + override: + type: boolean + referrerPolicy: + type: string + type: object + strictTransportSecurity: + description: |- + Determines whether CloudFront includes the Strict-Transport-Security HTTP + response header and the header's value. + + + For more information about the Strict-Transport-Security HTTP response header, + see Strict-Transport-Security (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) + in the MDN Web Docs. + properties: + accessControlMaxAgeSec: + format: int64 + type: integer + includeSubdomains: + type: boolean + override: + type: boolean + preload: + type: boolean + type: object + xSSProtection: + description: |- + Determines whether CloudFront includes the X-XSS-Protection HTTP response + header and the header's value. + + + For more information about the X-XSS-Protection HTTP response header, see + X-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) + in the MDN Web Docs. + properties: + modeBlock: + type: boolean + override: + type: boolean + protection: + type: boolean + reportURI: + type: string + type: object + type: object + serverTimingHeadersConfig: + description: |- + A configuration for enabling the Server-Timing header in HTTP responses sent + from CloudFront. CloudFront adds this header to HTTP responses that it sends + in response to requests that match a cache behavior that's associated with + this response headers policy. + + + You can use the Server-Timing header to view metrics that can help you gain + insights about the behavior and performance of CloudFront. For example, you + can see which cache layer served a cache hit, or the first byte latency from + the origin when there was a cache miss. You can use the metrics in the Server-Timing + header to troubleshoot issues or test the efficiency of your CloudFront configuration. + For more information, see Server-Timing header (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#server-timing-header) + in the Amazon CloudFront Developer Guide. + properties: + enabled: + type: boolean + samplingRate: + type: number + type: object + type: object + required: + - responseHeadersPolicyConfig + type: object + status: + description: ResponseHeadersPolicyStatus defines the observed state of + ResponseHeadersPolicy + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + eTag: + type: string + id: + description: The identifier for the response headers policy. + type: string + lastModifiedTime: + description: The date and time when the response headers policy was + last modified. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-cloudfront-controller/0.0.12/metadata/annotations.yaml b/operators/ack-cloudfront-controller/0.0.12/metadata/annotations.yaml new file mode 100644 index 00000000000..3185712c58d --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-cloudfront-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-cloudfront-controller/0.0.12/tests/scorecard/config.yaml b/operators/ack-cloudfront-controller/0.0.12/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-cloudfront-controller/0.0.12/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}