From e91b369cffd469891de97dd3cbd2f9e0140aebec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fatih=20T=C3=BCrken?= Date: Tue, 19 Nov 2024 17:44:19 +0300 Subject: [PATCH] Configure certificatemanager TrustConfig resource and add an example MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fatih Türken --- .../v1beta1/zz_generated.conversion_hubs.go | 3 + .../v1beta1/zz_generated.deepcopy.go | 573 +++++++++++++++ .../v1beta1/zz_generated.managed.go | 60 ++ .../v1beta1/zz_generated.managedlist.go | 9 + .../v1beta1/zz_trustconfig_terraformed.go | 129 ++++ .../v1beta1/zz_trustconfig_types.go | 283 ++++++++ config/externalname.go | 2 + config/generated.lst | 2 +- .../v1beta1/trustconfig.yaml | 25 + .../v1beta1/trustconfig.yaml | 40 ++ .../trustconfig/zz_controller.go | 92 +++ .../controller/zz_certificatemanager_setup.go | 2 + internal/controller/zz_monolith_setup.go | 2 + ...temanager.gcp.upbound.io_trustconfigs.yaml | 653 ++++++++++++++++++ 14 files changed, 1874 insertions(+), 1 deletion(-) create mode 100755 apis/certificatemanager/v1beta1/zz_trustconfig_terraformed.go create mode 100755 apis/certificatemanager/v1beta1/zz_trustconfig_types.go create mode 100644 examples-generated/certificatemanager/v1beta1/trustconfig.yaml create mode 100644 examples/certificatemanager/v1beta1/trustconfig.yaml create mode 100755 internal/controller/certificatemanager/trustconfig/zz_controller.go create mode 100644 package/crds/certificatemanager.gcp.upbound.io_trustconfigs.yaml diff --git a/apis/certificatemanager/v1beta1/zz_generated.conversion_hubs.go b/apis/certificatemanager/v1beta1/zz_generated.conversion_hubs.go index 4efd3e110..c7fa8d30e 100755 --- a/apis/certificatemanager/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/certificatemanager/v1beta1/zz_generated.conversion_hubs.go @@ -14,3 +14,6 @@ func (tr *CertificateMapEntry) Hub() {} // Hub marks this type as a conversion hub. func (tr *DNSAuthorization) Hub() {} + +// Hub marks this type as a conversion hub. +func (tr *TrustConfig) Hub() {} diff --git a/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go b/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go index d7636430f..41071b7e9 100644 --- a/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go +++ b/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go @@ -13,6 +13,66 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowlistedCertificatesInitParameters) DeepCopyInto(out *AllowlistedCertificatesInitParameters) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowlistedCertificatesInitParameters. +func (in *AllowlistedCertificatesInitParameters) DeepCopy() *AllowlistedCertificatesInitParameters { + if in == nil { + return nil + } + out := new(AllowlistedCertificatesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowlistedCertificatesObservation) DeepCopyInto(out *AllowlistedCertificatesObservation) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowlistedCertificatesObservation. +func (in *AllowlistedCertificatesObservation) DeepCopy() *AllowlistedCertificatesObservation { + if in == nil { + return nil + } + out := new(AllowlistedCertificatesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowlistedCertificatesParameters) DeepCopyInto(out *AllowlistedCertificatesParameters) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowlistedCertificatesParameters. +func (in *AllowlistedCertificatesParameters) DeepCopy() *AllowlistedCertificatesParameters { + if in == nil { + return nil + } + out := new(AllowlistedCertificatesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthorizationAttemptInfoInitParameters) DeepCopyInto(out *AuthorizationAttemptInfoInitParameters) { *out = *in @@ -1530,6 +1590,61 @@ func (in *IPConfigsParameters) DeepCopy() *IPConfigsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateCasInitParameters) DeepCopyInto(out *IntermediateCasInitParameters) { + *out = *in + if in.PemCertificateSecretRef != nil { + in, out := &in.PemCertificateSecretRef, &out.PemCertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateCasInitParameters. +func (in *IntermediateCasInitParameters) DeepCopy() *IntermediateCasInitParameters { + if in == nil { + return nil + } + out := new(IntermediateCasInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateCasObservation) DeepCopyInto(out *IntermediateCasObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateCasObservation. +func (in *IntermediateCasObservation) DeepCopy() *IntermediateCasObservation { + if in == nil { + return nil + } + out := new(IntermediateCasObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateCasParameters) DeepCopyInto(out *IntermediateCasParameters) { + *out = *in + if in.PemCertificateSecretRef != nil { + in, out := &in.PemCertificateSecretRef, &out.PemCertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateCasParameters. +func (in *IntermediateCasParameters) DeepCopy() *IntermediateCasParameters { + if in == nil { + return nil + } + out := new(IntermediateCasParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManagedInitParameters) DeepCopyInto(out *ManagedInitParameters) { *out = *in @@ -1867,3 +1982,461 @@ func (in *SelfManagedParameters) DeepCopy() *SelfManagedParameters { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustAnchorsInitParameters) DeepCopyInto(out *TrustAnchorsInitParameters) { + *out = *in + if in.PemCertificateSecretRef != nil { + in, out := &in.PemCertificateSecretRef, &out.PemCertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustAnchorsInitParameters. +func (in *TrustAnchorsInitParameters) DeepCopy() *TrustAnchorsInitParameters { + if in == nil { + return nil + } + out := new(TrustAnchorsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustAnchorsObservation) DeepCopyInto(out *TrustAnchorsObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustAnchorsObservation. +func (in *TrustAnchorsObservation) DeepCopy() *TrustAnchorsObservation { + if in == nil { + return nil + } + out := new(TrustAnchorsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustAnchorsParameters) DeepCopyInto(out *TrustAnchorsParameters) { + *out = *in + if in.PemCertificateSecretRef != nil { + in, out := &in.PemCertificateSecretRef, &out.PemCertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustAnchorsParameters. +func (in *TrustAnchorsParameters) DeepCopy() *TrustAnchorsParameters { + if in == nil { + return nil + } + out := new(TrustAnchorsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfig) DeepCopyInto(out *TrustConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfig. +func (in *TrustConfig) DeepCopy() *TrustConfig { + if in == nil { + return nil + } + out := new(TrustConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrustConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfigInitParameters) DeepCopyInto(out *TrustConfigInitParameters) { + *out = *in + if in.AllowlistedCertificates != nil { + in, out := &in.AllowlistedCertificates, &out.AllowlistedCertificates + *out = make([]AllowlistedCertificatesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.TrustStores != nil { + in, out := &in.TrustStores, &out.TrustStores + *out = make([]TrustStoresInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfigInitParameters. +func (in *TrustConfigInitParameters) DeepCopy() *TrustConfigInitParameters { + if in == nil { + return nil + } + out := new(TrustConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfigList) DeepCopyInto(out *TrustConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TrustConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfigList. +func (in *TrustConfigList) DeepCopy() *TrustConfigList { + if in == nil { + return nil + } + out := new(TrustConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrustConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfigObservation) DeepCopyInto(out *TrustConfigObservation) { + *out = *in + if in.AllowlistedCertificates != nil { + in, out := &in.AllowlistedCertificates, &out.AllowlistedCertificates + *out = make([]AllowlistedCertificatesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CreateTime != nil { + in, out := &in.CreateTime, &out.CreateTime + *out = new(string) + **out = **in + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.TrustStores != nil { + in, out := &in.TrustStores, &out.TrustStores + *out = make([]TrustStoresObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfigObservation. +func (in *TrustConfigObservation) DeepCopy() *TrustConfigObservation { + if in == nil { + return nil + } + out := new(TrustConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfigParameters) DeepCopyInto(out *TrustConfigParameters) { + *out = *in + if in.AllowlistedCertificates != nil { + in, out := &in.AllowlistedCertificates, &out.AllowlistedCertificates + *out = make([]AllowlistedCertificatesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.TrustStores != nil { + in, out := &in.TrustStores, &out.TrustStores + *out = make([]TrustStoresParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfigParameters. +func (in *TrustConfigParameters) DeepCopy() *TrustConfigParameters { + if in == nil { + return nil + } + out := new(TrustConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfigSpec) DeepCopyInto(out *TrustConfigSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfigSpec. +func (in *TrustConfigSpec) DeepCopy() *TrustConfigSpec { + if in == nil { + return nil + } + out := new(TrustConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustConfigStatus) DeepCopyInto(out *TrustConfigStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustConfigStatus. +func (in *TrustConfigStatus) DeepCopy() *TrustConfigStatus { + if in == nil { + return nil + } + out := new(TrustConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustStoresInitParameters) DeepCopyInto(out *TrustStoresInitParameters) { + *out = *in + if in.IntermediateCas != nil { + in, out := &in.IntermediateCas, &out.IntermediateCas + *out = make([]IntermediateCasInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TrustAnchors != nil { + in, out := &in.TrustAnchors, &out.TrustAnchors + *out = make([]TrustAnchorsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustStoresInitParameters. +func (in *TrustStoresInitParameters) DeepCopy() *TrustStoresInitParameters { + if in == nil { + return nil + } + out := new(TrustStoresInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustStoresObservation) DeepCopyInto(out *TrustStoresObservation) { + *out = *in + if in.IntermediateCas != nil { + in, out := &in.IntermediateCas, &out.IntermediateCas + *out = make([]IntermediateCasParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TrustAnchors != nil { + in, out := &in.TrustAnchors, &out.TrustAnchors + *out = make([]TrustAnchorsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustStoresObservation. +func (in *TrustStoresObservation) DeepCopy() *TrustStoresObservation { + if in == nil { + return nil + } + out := new(TrustStoresObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustStoresParameters) DeepCopyInto(out *TrustStoresParameters) { + *out = *in + if in.IntermediateCas != nil { + in, out := &in.IntermediateCas, &out.IntermediateCas + *out = make([]IntermediateCasParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TrustAnchors != nil { + in, out := &in.TrustAnchors, &out.TrustAnchors + *out = make([]TrustAnchorsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustStoresParameters. +func (in *TrustStoresParameters) DeepCopy() *TrustStoresParameters { + if in == nil { + return nil + } + out := new(TrustStoresParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/certificatemanager/v1beta1/zz_generated.managed.go b/apis/certificatemanager/v1beta1/zz_generated.managed.go index bc5873ccd..153ec19e1 100644 --- a/apis/certificatemanager/v1beta1/zz_generated.managed.go +++ b/apis/certificatemanager/v1beta1/zz_generated.managed.go @@ -246,3 +246,63 @@ func (mg *DNSAuthorization) SetPublishConnectionDetailsTo(r *xpv1.PublishConnect func (mg *DNSAuthorization) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this TrustConfig. +func (mg *TrustConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this TrustConfig. +func (mg *TrustConfig) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this TrustConfig. +func (mg *TrustConfig) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this TrustConfig. +func (mg *TrustConfig) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this TrustConfig. +func (mg *TrustConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this TrustConfig. +func (mg *TrustConfig) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this TrustConfig. +func (mg *TrustConfig) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this TrustConfig. +func (mg *TrustConfig) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this TrustConfig. +func (mg *TrustConfig) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this TrustConfig. +func (mg *TrustConfig) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this TrustConfig. +func (mg *TrustConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this TrustConfig. +func (mg *TrustConfig) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/certificatemanager/v1beta1/zz_generated.managedlist.go b/apis/certificatemanager/v1beta1/zz_generated.managedlist.go index e16779584..d4fbe43b5 100644 --- a/apis/certificatemanager/v1beta1/zz_generated.managedlist.go +++ b/apis/certificatemanager/v1beta1/zz_generated.managedlist.go @@ -42,3 +42,12 @@ func (l *DNSAuthorizationList) GetItems() []resource.Managed { } return items } + +// GetItems of this TrustConfigList. +func (l *TrustConfigList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/certificatemanager/v1beta1/zz_trustconfig_terraformed.go b/apis/certificatemanager/v1beta1/zz_trustconfig_terraformed.go new file mode 100755 index 000000000..881017a6b --- /dev/null +++ b/apis/certificatemanager/v1beta1/zz_trustconfig_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this TrustConfig +func (mg *TrustConfig) GetTerraformResourceType() string { + return "google_certificate_manager_trust_config" +} + +// GetConnectionDetailsMapping for this TrustConfig +func (tr *TrustConfig) GetConnectionDetailsMapping() map[string]string { + return map[string]string{"trust_stores[*].intermediate_cas[*].pem_certificate": "trustStores[*].intermediateCas[*].pemCertificateSecretRef", "trust_stores[*].trust_anchors[*].pem_certificate": "trustStores[*].trustAnchors[*].pemCertificateSecretRef"} +} + +// GetObservation of this TrustConfig +func (tr *TrustConfig) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this TrustConfig +func (tr *TrustConfig) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this TrustConfig +func (tr *TrustConfig) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this TrustConfig +func (tr *TrustConfig) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this TrustConfig +func (tr *TrustConfig) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this TrustConfig +func (tr *TrustConfig) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this TrustConfig +func (tr *TrustConfig) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this TrustConfig using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *TrustConfig) LateInitialize(attrs []byte) (bool, error) { + params := &TrustConfigParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *TrustConfig) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/certificatemanager/v1beta1/zz_trustconfig_types.go b/apis/certificatemanager/v1beta1/zz_trustconfig_types.go new file mode 100755 index 000000000..087738dcc --- /dev/null +++ b/apis/certificatemanager/v1beta1/zz_trustconfig_types.go @@ -0,0 +1,283 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AllowlistedCertificatesInitParameters struct { + + // PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type AllowlistedCertificatesObservation struct { + + // PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type AllowlistedCertificatesParameters struct { + + // PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate. + // +kubebuilder:validation:Optional + PemCertificate *string `json:"pemCertificate" tf:"pem_certificate,omitempty"` +} + +type IntermediateCasInitParameters struct { + + // PEM root certificate of the PKI used for validation. + // Each certificate provided in PEM format may occupy up to 5kB. + // Note: This property is sensitive and will not be displayed in the plan. + PemCertificateSecretRef *v1.SecretKeySelector `json:"pemCertificateSecretRef,omitempty" tf:"-"` +} + +type IntermediateCasObservation struct { +} + +type IntermediateCasParameters struct { + + // PEM root certificate of the PKI used for validation. + // Each certificate provided in PEM format may occupy up to 5kB. + // Note: This property is sensitive and will not be displayed in the plan. + // +kubebuilder:validation:Optional + PemCertificateSecretRef *v1.SecretKeySelector `json:"pemCertificateSecretRef,omitempty" tf:"-"` +} + +type TrustAnchorsInitParameters struct { + + // PEM root certificate of the PKI used for validation. + // Each certificate provided in PEM format may occupy up to 5kB. + // Note: This property is sensitive and will not be displayed in the plan. + PemCertificateSecretRef *v1.SecretKeySelector `json:"pemCertificateSecretRef,omitempty" tf:"-"` +} + +type TrustAnchorsObservation struct { +} + +type TrustAnchorsParameters struct { + + // PEM root certificate of the PKI used for validation. + // Each certificate provided in PEM format may occupy up to 5kB. + // Note: This property is sensitive and will not be displayed in the plan. + // +kubebuilder:validation:Optional + PemCertificateSecretRef *v1.SecretKeySelector `json:"pemCertificateSecretRef,omitempty" tf:"-"` +} + +type TrustConfigInitParameters struct { + + // Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + // the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + // Structure is documented below. + AllowlistedCertificates []AllowlistedCertificatesInitParameters `json:"allowlistedCertificates,omitempty" tf:"allowlisted_certificates,omitempty"` + + // One or more paragraphs of text description of a trust config. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Set of label tags associated with the trust config. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Set of trust stores to perform validation against. + // This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + // Structure is documented below. + TrustStores []TrustStoresInitParameters `json:"trustStores,omitempty" tf:"trust_stores,omitempty"` +} + +type TrustConfigObservation struct { + + // Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + // the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + // Structure is documented below. + AllowlistedCertificates []AllowlistedCertificatesObservation `json:"allowlistedCertificates,omitempty" tf:"allowlisted_certificates,omitempty"` + + // The creation timestamp of a TrustConfig. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + + // One or more paragraphs of text description of a trust config. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/trustConfigs/{{name}} + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Set of label tags associated with the trust config. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // The trust config location. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + + // Set of trust stores to perform validation against. + // This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + // Structure is documented below. + TrustStores []TrustStoresObservation `json:"trustStores,omitempty" tf:"trust_stores,omitempty"` + + // The last update timestamp of a TrustConfig. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + // Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` +} + +type TrustConfigParameters struct { + + // Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + // the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + // Structure is documented below. + // +kubebuilder:validation:Optional + AllowlistedCertificates []AllowlistedCertificatesParameters `json:"allowlistedCertificates,omitempty" tf:"allowlisted_certificates,omitempty"` + + // One or more paragraphs of text description of a trust config. + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Set of label tags associated with the trust config. + // Note: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field effective_labels for all of the labels present on the resource. + // +kubebuilder:validation:Optional + // +mapType=granular + Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + + // The trust config location. + // +kubebuilder:validation:Required + Location *string `json:"location" tf:"location,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + // +kubebuilder:validation:Optional + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Set of trust stores to perform validation against. + // This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + // Structure is documented below. + // +kubebuilder:validation:Optional + TrustStores []TrustStoresParameters `json:"trustStores,omitempty" tf:"trust_stores,omitempty"` +} + +type TrustStoresInitParameters struct { + + // Set of intermediate CA certificates used for the path building phase of chain validation. + // The field is currently not supported if trust config is used for the workload certificate feature. + // Structure is documented below. + IntermediateCas []IntermediateCasInitParameters `json:"intermediateCas,omitempty" tf:"intermediate_cas,omitempty"` + + // List of Trust Anchors to be used while performing validation against a given TrustStore. + // Structure is documented below. + TrustAnchors []TrustAnchorsInitParameters `json:"trustAnchors,omitempty" tf:"trust_anchors,omitempty"` +} + +type TrustStoresObservation struct { + + // Set of intermediate CA certificates used for the path building phase of chain validation. + // The field is currently not supported if trust config is used for the workload certificate feature. + // Structure is documented below. + IntermediateCas []IntermediateCasParameters `json:"intermediateCas,omitempty" tf:"intermediate_cas,omitempty"` + + // List of Trust Anchors to be used while performing validation against a given TrustStore. + // Structure is documented below. + TrustAnchors []TrustAnchorsParameters `json:"trustAnchors,omitempty" tf:"trust_anchors,omitempty"` +} + +type TrustStoresParameters struct { + + // Set of intermediate CA certificates used for the path building phase of chain validation. + // The field is currently not supported if trust config is used for the workload certificate feature. + // Structure is documented below. + // +kubebuilder:validation:Optional + IntermediateCas []IntermediateCasParameters `json:"intermediateCas,omitempty" tf:"intermediate_cas,omitempty"` + + // List of Trust Anchors to be used while performing validation against a given TrustStore. + // Structure is documented below. + // +kubebuilder:validation:Optional + TrustAnchors []TrustAnchorsParameters `json:"trustAnchors,omitempty" tf:"trust_anchors,omitempty"` +} + +// TrustConfigSpec defines the desired state of TrustConfig +type TrustConfigSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider TrustConfigParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider TrustConfigInitParameters `json:"initProvider,omitempty"` +} + +// TrustConfigStatus defines the observed state of TrustConfig. +type TrustConfigStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider TrustConfigObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// TrustConfig is the Schema for the TrustConfigs API. TrustConfig represents a resource that represents your Public Key Infrastructure (PKI) configuration in Certificate Manager for use in mutual TLS authentication scenarios. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} +type TrustConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec TrustConfigSpec `json:"spec"` + Status TrustConfigStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// TrustConfigList contains a list of TrustConfigs +type TrustConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TrustConfig `json:"items"` +} + +// Repository type metadata. +var ( + TrustConfig_Kind = "TrustConfig" + TrustConfig_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: TrustConfig_Kind}.String() + TrustConfig_KindAPIVersion = TrustConfig_Kind + "." + CRDGroupVersion.String() + TrustConfig_GroupVersionKind = CRDGroupVersion.WithKind(TrustConfig_Kind) +) + +func init() { + SchemeBuilder.Register(&TrustConfig{}, &TrustConfigList{}) +} diff --git a/config/externalname.go b/config/externalname.go index 3aeaf2ce1..aa1e1e58f 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -1015,6 +1015,8 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ "google_certificate_manager_dns_authorization": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/dnsAuthorizations/{{ .external_name }}"), // Imported by using the following projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries/{{name}} "google_certificate_manager_certificate_map_entry": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/global/certificateMaps/{{ .parameters.map }}/certificateMapEntries/{{ .external_name }}"), + // Imported by using the following projects/{{project}}/locations/{{location}}/trustConfigs/{{name}} + "google_certificate_manager_trust_config": config.TemplatedStringAsIdentifier("name", "projects/{{ .setup.configuration.project }}/locations/{{ .parameters.location }}/trustConfigs/{{ .external_name }}"), // orgpolicy // diff --git a/config/generated.lst b/config/generated.lst index 484a0d670..65809bd9b 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_addons_config","google_apigee_endpoint_attachment","google_apigee_envgroup","google_apigee_envgroup_attachment","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_instance_attachment","google_apigee_nat_address","google_apigee_organization","google_apigee_sync_authorization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_policy_tag","google_data_catalog_tag","google_data_catalog_tag_template","google_data_catalog_taxonomy","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_dns_response_policy","google_dns_response_policy_rule","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_service_connection_policy","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_org_policy_policy","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_cluster","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tags_tag_binding","google_tags_tag_key","google_tags_tag_value","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file +["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_addons_config","google_apigee_endpoint_attachment","google_apigee_envgroup","google_apigee_envgroup_attachment","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_instance_attachment","google_apigee_nat_address","google_apigee_organization","google_apigee_sync_authorization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_certificate_manager_trust_config","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_policy_tag","google_data_catalog_tag","google_data_catalog_tag_template","google_data_catalog_taxonomy","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_dns_response_policy","google_dns_response_policy_rule","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_service_connection_policy","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_org_policy_policy","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_cluster","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tags_tag_binding","google_tags_tag_key","google_tags_tag_value","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file diff --git a/examples-generated/certificatemanager/v1beta1/trustconfig.yaml b/examples-generated/certificatemanager/v1beta1/trustconfig.yaml new file mode 100644 index 000000000..783f51b35 --- /dev/null +++ b/examples-generated/certificatemanager/v1beta1/trustconfig.yaml @@ -0,0 +1,25 @@ +apiVersion: certificatemanager.gcp.upbound.io/v1beta1 +kind: TrustConfig +metadata: + annotations: + meta.upbound.io/example-id: certificatemanager/v1beta1/trustconfig + labels: + testing.upbound.io/example-name: default + name: default +spec: + forProvider: + description: sample description for the trust config + labels: + foo: bar + location: us-central1 + trustStores: + - intermediateCas: + - pemCertificateSecretRef: + key: attribute.cert.pem + name: example-secret + namespace: upbound-system + trustAnchors: + - pemCertificateSecretRef: + key: attribute.cert.pem + name: example-secret + namespace: upbound-system diff --git a/examples/certificatemanager/v1beta1/trustconfig.yaml b/examples/certificatemanager/v1beta1/trustconfig.yaml new file mode 100644 index 000000000..3832abb72 --- /dev/null +++ b/examples/certificatemanager/v1beta1/trustconfig.yaml @@ -0,0 +1,40 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: certificatemanager.gcp.upbound.io/v1beta1 +kind: TrustConfig +metadata: + annotations: + meta.upbound.io/example-id: certificatemanager/v1beta1/trustconfig + labels: + testing.upbound.io/example-name: default + name: default +spec: + forProvider: + description: sample description for the trust config + labels: + foo: bar + location: us-central1 + trustStores: + - intermediateCas: + - pemCertificateSecretRef: + key: intermediate.ca.crt + name: trustconfig-secret + namespace: upbound-system + trustAnchors: + - pemCertificateSecretRef: + key: root.ca.crt + name: trustconfig-secret + namespace: upbound-system +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + meta.upbound.io/example-id: certificatemanager/v1beta1/trustconfig + name: trustconfig-secret + namespace: upbound-system +data: + root.ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZwekNDQTQrZ0F3SUJBZ0lVZmZWWkxtNW1LYWorYUVQNlRubW5vVXRkNElrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1l6RUxNQWtHQTFVRUJoTUNWVk14RGpBTUJnTlZCQWdNQlZOMFlYUmxNUTB3Q3dZRFZRUUhEQVJEYVhSNQpNUlV3RXdZRFZRUUtEQXhQY21kaGJtbDZZWFJwYjI0eERUQUxCZ05WQkFzTUJGVnVhWFF4RHpBTkJnTlZCQU1NCkJsSnZiM1JEUVRBZUZ3MHlOREV4TVRreE5ETTBNVEphRncwek5ERXhNVGN4TkRNME1USmFNR014Q3pBSkJnTlYKQkFZVEFsVlRNUTR3REFZRFZRUUlEQVZUZEdGMFpURU5NQXNHQTFVRUJ3d0VRMmwwZVRFVk1CTUdBMVVFQ2d3TQpUM0puWVc1cGVtRjBhVzl1TVEwd0N3WURWUVFMREFSVmJtbDBNUTh3RFFZRFZRUUREQVpTYjI5MFEwRXdnZ0lpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRFFlMFduS3VDSi9mTDJWSnUzbGlmWWJvTXYKK2lDUU9MOWpiaDR4c1ZISXArVzQxVG5waDk0YkI3a0MzUndXT09lSVhETXRnWTFQMWQ1ckJuQkswdnRCZENGbQowZTQrcEZ4VDZrc1lMOE9WaXpNZVZkcHhJRG9TZ0JWSVBCZlJ6WFhUV1JjWTJ3em9TOTRuUGJPMlcwY25KbXZXCmRrbUhWd3p6aGZzck1jdDFORUtMT0pDSURTYWRyZ3F1ZU93enUrdlEweVFvelY0VmhRK1BiZU1VRUZzU1MwaTMKOFpqa2hKK1Z2ME9ZWkpSbGhVVjdibEFoaHRwM1BRbHlUNGJzNThFYXNLUlp4UnNCRndENnFPV1VxdlFsbVI4bgpXQnJrVTlXdWMrRDByVlVSMStZWlRZMGxKRDJQV2NtdDFyWVBJMFJnR01EckRMM0ttbWVSWGNzMFNHVEg0bjBZCjEwTFN3bmIxZWxpQUFVUENMM0V4MnhSZDE3cUdPbEhBRFR1TzNpcWhpVk90QW9HRU8zVTJZWWpxZWQ5cXo3bSsKYWdsbG1UejF6TlMraG9RUEVYWFVyOVpuWWZVZUNZYUpXTjJpOVg1TXA4R3JkbTU3WXprRXU2ZElVOXBEMmNhbgpkb1VJY0ZucWF1VzZ6M3VjNlFHb29wUVUzMzRpckxLdmpia05Gb0pEZDRpT1BzODRFdWtab3JrQlhOaWhGK1NHCnU2TTdoUjhWOGx3SVJTZU9BNUI2WEhDUnU0b1pwRGhvdVpOYjFaY0JsSDFxTi85dkRVZXRzdS9NNmJWQnZVd1UKNys4dnhhSVZseUVDdUc4STVwTWZDdzNrWUtpU1g1RUVUTlhlTllHd1pQUUQ5eW91Vm83N2tKNjRsYUUwbnNpSQo1UlRxVE1EbzRTT2xDbE1YOHdJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVU0rOXVSa0k0OElEczhnY0dTd2JECmJSc2prNUl3SHdZRFZSMGpCQmd3Rm9BVU0rOXVSa0k0OElEczhnY0dTd2JEYlJzams1SXdEd1lEVlIwVEFRSC8KQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBd2RrN2pWeXlHdW5FRmVDbjFPY0kzWWR4d1NDNApsdW04Q0xFY25aQ2dmdFFGa1gwTWlxRXZjamh3ZHRPVVYzWlkyazR4OFFHdGRqVTBCQVp3bzMwMUdRN2MvcnpHCmtGOEV1ZGVUT3Y1MVZReHJqSk5zbjlPSVNsbFpBTUEyT29wcW04UkdwUllOSk13bEMwYmM1NWJLWGx6VWYzc0IKVS9rRGZRc3o2SGxNVTRGTittUDJRbTk1N0JoUkk2a3hEd3o2cHQ0dytETkxpZWtHQmdMNlJqM0Q3cDNSM2ZsMwpieGZrQVlHaFVOQ3BoaGJkOHR1NDQybXEwRU9UcFprTXRwS1VZVUFvc3VlQXFDbmZHMzROY0x5SUpHWCtjM3ZlCmZWWnlNc2pMRDNNV0FDVWxueWg3cXVqN1ZBamI0U2N3aU13Ty9vN2k3SkNCUzk4c1pBOWIyRklyaGR1aXpVTU0KL21aL2tsUHpTSmQyQ2ZOZWZjUU1WVVZEakgwNHJVZ0ppRlc3VVNnNlRFOGJPeWFYc1E0NS96WDR1a1krZFF3Wgo5OGs1WHJtY1EvczdNQVJRYmw2eFlOL0hialo2ZWpHTlRkTE5kM2VHeXFHOG5yMWZyOThobU4xdjduNHpNUXdoCjl6amtBK3AwWldaSFkxdmZ3OEhldzgyZzcvK2hyK0doNlQvRDZiMjhvbDJnVFRHSGoyODBXYmNLTExpeVVYYWwKRHppc0VDSnpOWG91MDNLRHVPWHJXMFNma2ZpRDJMSE4vd0dpeW5BejYwdnhWR3Vxa3h4Si9lMEM5UDdMdDVtMwpIWGtaUUNNQVg5RkFTOWROaXFzSzNWd0F0eHAyS3dHM01DTVlZZXNKOStuZzhIbzhRSUJweXdudE9NcUVtT2plCkZJTmxQMVFGbFlJQUlBbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + intermediate.ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ2RENDQTZTZ0F3SUJBZ0lVUnc4N3hiUmJFc0x5eUlIWG1PMkZsSUFEeml3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1l6RUxNQWtHQTFVRUJoTUNWVk14RGpBTUJnTlZCQWdNQlZOMFlYUmxNUTB3Q3dZRFZRUUhEQVJEYVhSNQpNUlV3RXdZRFZRUUtEQXhQY21kaGJtbDZZWFJwYjI0eERUQUxCZ05WQkFzTUJGVnVhWFF4RHpBTkJnTlZCQU1NCkJsSnZiM1JEUVRBZUZ3MHlOREV4TVRreE5ETTRORE5hRncwek5ERXhNVGN4TkRNNE5ETmFNR3N4Q3pBSkJnTlYKQkFZVEFsVlRNUTR3REFZRFZRUUlEQVZUZEdGMFpURU5NQXNHQTFVRUJ3d0VRMmwwZVRFVk1CTUdBMVVFQ2d3TQpUM0puWVc1cGVtRjBhVzl1TVEwd0N3WURWUVFMREFSVmJtbDBNUmN3RlFZRFZRUUREQTVKYm5SbGNtMWxaR2xoCmRHVkRRVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFMUjkrY2k0dlVtSjJxblgKN3VjTFEvS3JnVWZEaUpOenR4L2VGQkJrOHF1MFFjYWZpaG9VOUExdFliT1NoaTM3OWZtM1dFYkRDdWlnd25OVgpTd2N5Ymp1TitXeHBOTHpyelV1cUdPVEU2MS9zNGEwYTRhUy8rOGZtV1V4WGlyS3E0WmdxaFZNekFVYlVZNkNoClgrU1dMQ0pjWXREdXJab1lZS1NCK3RNUG5Wb3JFMUNveWJ2THYrS3JYS2xQZWI4QjFOUENaWjJWZG8zQTQ3MlIKZXN2M3JqZTk1clBkTFAyYjk1UlFOOGFsdldUaUxiVVlma3pHZFg1WjBCaWcyME1yMmlBNmxTc1ZrWXQvL1lvUQphMkxoNjR2Z3BRUmFUTC9XeEpwWGJxRFc1LzFtN1ptSXVyRDBydzNVaWV2TDZveVdGd1FzQ3dRYlFadm5LOFFmCmZNT0hCcXhMd0g2SW51ZnlVS2UwR1dZZW8xcmk0NmcrYWd4d1h6TWNwRytOMWV1WkpXUk5QMkhjK0Zhc21rbXoKc1ZncWFMQXhPU2JielFoaWNpa3JvbFdIeUZWaXJ4UmFHT2VXb3BDWXBDa0hYdWdqVndCdURZcVdsWVdJcUtUOApLSHRReXZPZEhyWmtRN2M3SGV1M0RHdHJ0d2JJYk54eEJVcjFnVzAyamFCOGlmaXQzZEJmMjJOK1F1bVBDem1CCm1NN2JPWS9VSGJvbllRc29scThROTdaMjZWTTVkR2t2S0ZpNjBMdkR6YlJIVGdFNWdmeEp6NDJva083UituM2MKL2REa0N4eGlUcUh5LzlsQ2F6WXZxS0o5azVtNGpieUhWWk9jZWdmUmxjbCtjV25xUEtvR3VENFo2QlVYQ0NNaQpPME44ZG5iTzVZWTFRdlZoTHNBZ2hOOFh5RDJyQWdNQkFBR2pZREJlTUE4R0ExVWRFd1FJTUFZQkFmOENBUUF3CkN3WURWUjBQQkFRREFnRUdNQjBHQTFVZERnUVdCQlJUN0tWYklFd1hOM0pmYzl2NjRMQXBaV21HQURBZkJnTlYKSFNNRUdEQVdnQlF6NzI1R1FqandnT3p5QndaTEJzTnRHeU9Ua2pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQQp0amRDNUpqbzVnQ3AwckI3dzZyQUFyZW1zbVdpaHRFTlY0OGhpQ21pSDlGTzkxdC9LVTU3SHl5WlNZb0d2ZGVtCnZ1T0RxTjZHczBYWDVLV0VEQmdpSi9PSktTWWpEempza3FaUFNLcDBjNzFMYVp4OGpmaks5RVY4blZxYVhJTHMKZlpVT0g2LzRlNGtrS1lEQmIycUlmbnNOUGlpVlpBbEhieCtFZHBOYVFnYjkyQTQ2K1puMUtvYTV0N2Q2VzlaRQpmQyt5ajNRNHF1UXhDL0s4TnZmWWhQb1JueU55VFZ4S3AxejhLdXVnZC9MRTNjNU5GM3NOUzRVY0dYSXBLV295CjFVcXRzWWpMZkpMc3lYUTU0ZUNFQXY3K0crLzFBb1JmRFpReWhqb1BPUSs2S0VSWExXNUFzYnd3NWdNMGV0RzYKQjlsbWtVR3NSditqSExibW5PVExtekZPdHk0MEhjc20zc0RlbUdLckdJcEFYaTg5elpPUUJsa3o2OGJVV25uOQpwZ2Z1SFVFZ09DY3c4SW9uc1BSMVdYanNRaFQ2dGlPcnZzRGdJOGhMUnd2ZHBHb0FMelF3NXpBYmx5WjlxQmh1CnNRakFEeW9WeHZoL0FKTVg5VmdhNzJVQ3dWVWZaTE1PYTdQNVA2SkpVUzd6YUpBcFJCUEVBSWpNVkdYUC9OUHUKQVdjYU5oM013WUVZWDNZSzkzN3p5NVUxN2VlTTBQMlJyQ0JGck5rMGEvbFJUQTdkOGhvS25sVk0vVnVZWHBtUQp0L3daU25ZL010QzZNOEUvVzk0dy9aOGdzdUJiVDBzWFpLUVhuN0hVTERaS09tTTZXTEpoYXArejFLTXhVRU5BClpacFEvL3g4eGMzaWgzU0pXeWxNSXpPMUFOSWkvdzlYalJxZjE0UnRGYm89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K diff --git a/internal/controller/certificatemanager/trustconfig/zz_controller.go b/internal/controller/certificatemanager/trustconfig/zz_controller.go new file mode 100755 index 000000000..12930bf31 --- /dev/null +++ b/internal/controller/certificatemanager/trustconfig/zz_controller.go @@ -0,0 +1,92 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package trustconfig + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-gcp/apis/certificatemanager/v1beta1" + features "github.com/upbound/provider-gcp/internal/features" +) + +// Setup adds a controller that reconciles TrustConfig managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.TrustConfig_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.TrustConfig_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.TrustConfig_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_certificate_manager_trust_config"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.TrustConfig_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.TrustConfig + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.TrustConfig{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.TrustConfig") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.TrustConfigList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.TrustConfigList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.TrustConfig_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.TrustConfig{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_certificatemanager_setup.go b/internal/controller/zz_certificatemanager_setup.go index e63830314..d629a53fa 100755 --- a/internal/controller/zz_certificatemanager_setup.go +++ b/internal/controller/zz_certificatemanager_setup.go @@ -13,6 +13,7 @@ import ( certificatemap "github.com/upbound/provider-gcp/internal/controller/certificatemanager/certificatemap" certificatemapentry "github.com/upbound/provider-gcp/internal/controller/certificatemanager/certificatemapentry" dnsauthorization "github.com/upbound/provider-gcp/internal/controller/certificatemanager/dnsauthorization" + trustconfig "github.com/upbound/provider-gcp/internal/controller/certificatemanager/trustconfig" ) // Setup_certificatemanager creates all controllers with the supplied logger and adds them to @@ -23,6 +24,7 @@ func Setup_certificatemanager(mgr ctrl.Manager, o controller.Options) error { certificatemap.Setup, certificatemapentry.Setup, dnsauthorization.Setup, + trustconfig.Setup, } { if err := setup(mgr, o); err != nil { return err diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 90bebc165..6f5ab29a6 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -74,6 +74,7 @@ import ( certificatemap "github.com/upbound/provider-gcp/internal/controller/certificatemanager/certificatemap" certificatemapentry "github.com/upbound/provider-gcp/internal/controller/certificatemanager/certificatemapentry" dnsauthorization "github.com/upbound/provider-gcp/internal/controller/certificatemanager/dnsauthorization" + trustconfig "github.com/upbound/provider-gcp/internal/controller/certificatemanager/trustconfig" idsendpoint "github.com/upbound/provider-gcp/internal/controller/cloud/idsendpoint" trigger "github.com/upbound/provider-gcp/internal/controller/cloudbuild/trigger" workerpool "github.com/upbound/provider-gcp/internal/controller/cloudbuild/workerpool" @@ -441,6 +442,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { certificatemap.Setup, certificatemapentry.Setup, dnsauthorization.Setup, + trustconfig.Setup, idsendpoint.Setup, trigger.Setup, workerpool.Setup, diff --git a/package/crds/certificatemanager.gcp.upbound.io_trustconfigs.yaml b/package/crds/certificatemanager.gcp.upbound.io_trustconfigs.yaml new file mode 100644 index 000000000..93a32f300 --- /dev/null +++ b/package/crds/certificatemanager.gcp.upbound.io_trustconfigs.yaml @@ -0,0 +1,653 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: trustconfigs.certificatemanager.gcp.upbound.io +spec: + group: certificatemanager.gcp.upbound.io + names: + categories: + - crossplane + - managed + - gcp + kind: TrustConfig + listKind: TrustConfigList + plural: trustconfigs + singular: trustconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TrustConfig is the Schema for the TrustConfigs API. TrustConfig + represents a resource that represents your Public Key Infrastructure (PKI) + configuration in Certificate Manager for use in mutual TLS authentication + scenarios. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TrustConfigSpec defines the desired state of TrustConfig + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + allowlistedCertificates: + description: |- + Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + Structure is documented below. + items: + properties: + pemCertificate: + description: PEM certificate that is allowlisted. The certificate + can be up to 5k bytes, and must be a parseable X.509 certificate. + type: string + type: object + type: array + description: + description: One or more paragraphs of text description of a trust + config. + type: string + labels: + additionalProperties: + type: string + description: |- + Set of label tags associated with the trust config. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular + location: + description: The trust config location. + type: string + project: + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + trustStores: + description: |- + Set of trust stores to perform validation against. + This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + Structure is documented below. + items: + properties: + intermediateCas: + description: |- + Set of intermediate CA certificates used for the path building phase of chain validation. + The field is currently not supported if trust config is used for the workload certificate feature. + Structure is documented below. + items: + properties: + pemCertificateSecretRef: + description: |- + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + trustAnchors: + description: |- + List of Trust Anchors to be used while performing validation against a given TrustStore. + Structure is documented below. + items: + properties: + pemCertificateSecretRef: + description: |- + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + type: object + type: array + required: + - location + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + allowlistedCertificates: + description: |- + Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + Structure is documented below. + items: + properties: + pemCertificate: + description: PEM certificate that is allowlisted. The certificate + can be up to 5k bytes, and must be a parseable X.509 certificate. + type: string + type: object + type: array + description: + description: One or more paragraphs of text description of a trust + config. + type: string + labels: + additionalProperties: + type: string + description: |- + Set of label tags associated with the trust config. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular + project: + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + trustStores: + description: |- + Set of trust stores to perform validation against. + This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + Structure is documented below. + items: + properties: + intermediateCas: + description: |- + Set of intermediate CA certificates used for the path building phase of chain validation. + The field is currently not supported if trust config is used for the workload certificate feature. + Structure is documented below. + items: + properties: + pemCertificateSecretRef: + description: |- + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + trustAnchors: + description: |- + List of Trust Anchors to be used while performing validation against a given TrustStore. + Structure is documented below. + items: + properties: + pemCertificateSecretRef: + description: |- + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + type: object + type: array + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: TrustConfigStatus defines the observed state of TrustConfig. + properties: + atProvider: + properties: + allowlistedCertificates: + description: |- + Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as + the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met. + Structure is documented below. + items: + properties: + pemCertificate: + description: PEM certificate that is allowlisted. The certificate + can be up to 5k bytes, and must be a parseable X.509 certificate. + type: string + type: object + type: array + createTime: + description: |- + The creation timestamp of a TrustConfig. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + description: + description: One or more paragraphs of text description of a trust + config. + type: string + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + id: + description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/trustConfigs/{{name}} + type: string + labels: + additionalProperties: + type: string + description: |- + Set of label tags associated with the trust config. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular + location: + description: The trust config location. + type: string + project: + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + terraformLabels: + additionalProperties: + type: string + description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular + trustStores: + description: |- + Set of trust stores to perform validation against. + This field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation. + Structure is documented below. + items: + properties: + intermediateCas: + description: |- + Set of intermediate CA certificates used for the path building phase of chain validation. + The field is currently not supported if trust config is used for the workload certificate feature. + Structure is documented below. + items: + properties: + pemCertificateSecretRef: + description: |- + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + trustAnchors: + description: |- + List of Trust Anchors to be used while performing validation against a given TrustStore. + Structure is documented below. + items: + properties: + pemCertificateSecretRef: + description: |- + PEM root certificate of the PKI used for validation. + Each certificate provided in PEM format may occupy up to 5kB. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + type: object + type: array + updateTime: + description: |- + The last update timestamp of a TrustConfig. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}