diff --git a/api/v1/databaseclaim_types.go b/api/v1/databaseclaim_types.go index 6e6c235f..6820f088 100644 --- a/api/v1/databaseclaim_types.go +++ b/api/v1/databaseclaim_types.go @@ -221,6 +221,8 @@ type DatabaseClaimStatus struct { //tracks status of DB migration. if empty, not started. //non empty denotes migration in progress, unless it is S_Completed MigrationState string `json:"migrationState,omitempty"` + // tracks the DB which is migrated and not more operational + OldDB Status `json:"oldDB,omitempty"` } type Status struct { @@ -258,16 +260,20 @@ type Status struct { // This field used when claim is use-existing-db and attempting to migrate to newdb // +optional SourceDataFrom *SourceDataFrom `json:"sourceDataFrom,omitempty"` + + // Time at the process of post migration actions initiated + PostMigrationActionStartedAt *metav1.Time `json:"postMigrationActionStartedAt,omitempty"` } // DbState keeps track of state of the DB. type DbState string const ( - Ready DbState = "ready" - InProgress DbState = "in-progress" - UsingExistingDB DbState = "using-existing-db" - UsingSharedHost DbState = "using-shared-host" + Ready DbState = "ready" + InProgress DbState = "in-progress" + UsingExistingDB DbState = "using-existing-db" + UsingSharedHost DbState = "using-shared-host" + PostMigrationInProgress DbState = "post-migration-in-progress" ) type DatabaseClaimConnectionInfo struct { diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 1c6b8c84..67a28a81 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -169,6 +169,7 @@ func (in *DatabaseClaimStatus) DeepCopyInto(out *DatabaseClaimStatus) { *out = *in in.NewDB.DeepCopyInto(&out.NewDB) in.ActiveDB.DeepCopyInto(&out.ActiveDB) + in.OldDB.DeepCopyInto(&out.OldDB) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseClaimStatus. @@ -403,6 +404,10 @@ func (in *Status) DeepCopyInto(out *Status) { *out = new(SourceDataFrom) (*in).DeepCopyInto(*out) } + if in.PostMigrationActionStartedAt != nil { + in, out := &in.PostMigrationActionStartedAt, &out.PostMigrationActionStartedAt + *out = (*in).DeepCopy() + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Status. diff --git a/config/crd/bases/persistance.atlas.infoblox.com_databaseclaims.yaml b/config/crd/bases/persistance.atlas.infoblox.com_databaseclaims.yaml index 44ffcac7..7160c0b6 100644 --- a/config/crd/bases/persistance.atlas.infoblox.com_databaseclaims.yaml +++ b/config/crd/bases/persistance.atlas.infoblox.com_databaseclaims.yaml @@ -276,6 +276,10 @@ spec: description: The optional MinStorageGB value requests the minimum database host storage capacity in GBytes type: integer + postMigrationActionStartedAt: + description: Time at the process of post migration actions initiated + format: date-time + type: string shape: description: The optional Shape values are arbitrary and help drive instance selection @@ -413,6 +417,144 @@ spec: description: The optional MinStorageGB value requests the minimum database host storage capacity in GBytes type: integer + postMigrationActionStartedAt: + description: Time at the process of post migration actions initiated + format: date-time + type: string + shape: + description: The optional Shape values are arbitrary and help + drive instance selection + type: string + sourceDataFrom: + description: SourceDataFrom specifies an existing database or + backup to use when initially provisioning the database. if the + dbclaim has already provisioned a database, this field is ignored + This field used when claim is use-existing-db and attempting + to migrate to newdb + properties: + database: + description: Database defines the connection information to + an existing db + properties: + dsn: + description: 'DSN is the connection string used to reach + the postgres database must have protocol specifier at + beginning (example: mysql:// postgres:// )' + type: string + secretRef: + description: 'SecretRef specifies a secret to use for + connecting to the postgresdb (should be master/root) + TODO: document/validate the secret format required' + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + required: + - dsn + type: object + s3: + description: S3 defines the location of a DB backup in an + S3 bucket + properties: + bucket: + type: string + prefix: + description: Prefix is the path prefix of the S3 bucket + within which the backup to restore is located. + type: string + region: + type: string + secretRef: + description: 'SecretRef specifies a secret to use for + connecting to the s3 bucket via AWS client TODO: document/validate + the secret format required' + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sourceEngine: + description: SourceEngine is the engine used to create + the backup. + type: string + sourceEngineVersion: + description: 'SourceEngineVersion is the version of the + engine used to create the backup. Example: "5.7.30"' + type: string + required: + - bucket + - region + - sourceEngine + - sourceEngineVersion + type: object + type: + description: Type specifies the type of source + type: string + required: + - type + type: object + type: + description: Specifies the type of database to provision. Only + postgres is supported. + type: string + userUpdatedAt: + description: Time the user/password was updated/created + format: date-time + type: string + required: + - connectionInfo + type: object + oldDB: + description: tracks the DB which is migrated and not more operational + properties: + DbState: + description: DbState of the DB. inprogress, "", ready + type: string + connectionInfo: + properties: + databaseName: + type: string + hostName: + type: string + password: + type: string + port: + type: string + sslMode: + type: string + userName: + type: string + type: object + connectionUpdatedAt: + description: Time the connection info was updated/created. + format: date-time + type: string + dbCreateAt: + description: Time the database was created + format: date-time + type: string + dbversion: + description: Version of the provisioned Database + type: string + matchLabel: + description: The name of the label that was successfully matched + against the fragment key names in the db-controller configMap + type: string + minStorageGB: + description: The optional MinStorageGB value requests the minimum + database host storage capacity in GBytes + type: integer + postMigrationActionStartedAt: + description: Time at the process of post migration actions initiated + format: date-time + type: string shape: description: The optional Shape values are arbitrary and help drive instance selection diff --git a/controllers/databaseclaim_controller.go b/controllers/databaseclaim_controller.go index 67004f8d..e4866bcc 100644 --- a/controllers/databaseclaim_controller.go +++ b/controllers/databaseclaim_controller.go @@ -80,6 +80,9 @@ const ( // DebugLevel is used to set V level to 1 as suggested by official docs // https://github.com/kubernetes-sigs/controller-runtime/blob/main/TMP-LOGGING.md DebugLevel = 1 + + operationalStatusTagKey string = "operational-status" + operationalStatusInactiveValue string = "inactive" ) type ModeEnum int @@ -108,6 +111,7 @@ const ( M_UseNewDB M_InitiateDBUpgrade M_UpgradeDBInProgress + M_PostMigrationInProgress ) // DatabaseClaimReconciler reconciles a DatabaseClaim object @@ -146,6 +150,17 @@ func (r *DatabaseClaimReconciler) getMode(dbClaim *persistancev1.DatabaseClaim) logr := r.Log.WithValues("databaseclaim", dbClaim.Namespace+"/"+dbClaim.Name, "func", "getMode") //default mode is M_UseNewDB. any non supported combination needs to be identfied and set to M_NotSupported + if dbClaim.Status.OldDB.DbState == persistancev1.PostMigrationInProgress { + if dbClaim.Status.OldDB.ConnectionInfo == nil || dbClaim.Status.ActiveDB.DbState != persistancev1.Ready || + r.Input.SharedDBHost || *dbClaim.Spec.UseExistingSource || dbClaim.Spec.SourceDataFrom != nil { + return M_NotSupported + } + } + + if dbClaim.Status.OldDB.DbState == persistancev1.PostMigrationInProgress && dbClaim.Status.ActiveDB.DbState == persistancev1.Ready { + return M_PostMigrationInProgress + } + if r.Input.SharedDBHost { if dbClaim.Status.ActiveDB.DbState == persistancev1.UsingSharedHost { activeHostParams := hostparams.GetActiveHostParams(dbClaim) @@ -420,6 +435,64 @@ func (r *DatabaseClaimReconciler) updateStatus(ctx context.Context, dbClaim *per } r.Mode = r.getMode(dbClaim) + if r.Mode == M_PostMigrationInProgress { + logr.Info("post migration is in progress") + + if canTag, err := r.canTagResources(ctx, dbClaim); err != nil { + logr.Error(err, "error in checking criteria post migration ") + return r.manageError(ctx, dbClaim, err) + } else if !canTag { + logr.Info("Skipping post migration actions due to DB being used by other entities") + dbClaim.Status.OldDB = persistancev1.Status{} + return r.manageSuccess(ctx, dbClaim) + } + + // get name of DBInstance from connectionInfo + dbInstanceName := strings.Split(dbClaim.Status.OldDB.ConnectionInfo.Host, ".")[0] + + var dbParamGroupName string + // get name of DBParamGroup from connectionInfo + if dbClaim.Status.OldDB.Type == defaultAuroraPostgresStr { + dbParamGroupName = dbInstanceName + "-a-" + (strings.Split(dbClaim.Status.OldDB.DBVersion, "."))[0] + } else { + dbParamGroupName = dbInstanceName + "-" + (strings.Split(dbClaim.Status.OldDB.DBVersion, "."))[0] + } + + TagsVerified, err := r.manageOperationalTagging(ctx, logr, dbInstanceName, dbParamGroupName) + + // Even though we get error in updating tags, we log the error + // and go ahead with deleting resources + if err != nil || TagsVerified { + + if err != nil { + logr.Error(err, "Failed updating or verifying operational tags") + } + + if err = r.deleteCloudDatabase(dbInstanceName, ctx); err != nil { + logr.Error(err, "Could not delete crossplane DBInstance/DBCLluster") + } + if err = r.deleteParameterGroup(ctx, dbParamGroupName); err != nil { + logr.Error(err, "Could not delete crossplane DBParamGroup/DBClusterParamGroup") + } + + dbClaim.Status.OldDB = persistancev1.Status{} + } else if time.Since(dbClaim.Status.OldDB.PostMigrationActionStartedAt.Time).Minutes() > 5 { + // Lets keep the state of old as it is for defined time to wait and verify tags before actually deleting resources + logr.Info("defined wait time is over to verify operational tags on AWS resources. Moving ahead to delete associated crossplane resources anyway") + + if err = r.deleteCloudDatabase(dbInstanceName, ctx); err != nil { + logr.Error(err, "Could not delete crossplane DBInstance/DBCLluster") + } + if err = r.deleteParameterGroup(ctx, dbParamGroupName); err != nil { + logr.Error(err, "Could not delete crossplane DBParamGroup/DBClusterParamGroup") + } + + dbClaim.Status.OldDB = persistancev1.Status{} + } + + return r.manageSuccess(ctx, dbClaim) + + } if r.Mode == M_UseExistingDB { logr.Info("existing db reconcile started") err := r.reconcileUseExistingDB(ctx, dbClaim) @@ -770,6 +843,12 @@ loop: } dbClaim.Status.MigrationState = pgctl.S_Completed.String() + timenow := metav1.Now() + + dbClaim.Status.OldDB = *dbClaim.Status.ActiveDB.DeepCopy() + dbClaim.Status.OldDB.DbState = persistancev1.PostMigrationInProgress + dbClaim.Status.OldDB.PostMigrationActionStartedAt = &timenow + //done with migration- switch active server to newDB dbClaim.Status.ActiveDB = *dbClaim.Status.NewDB.DeepCopy() dbClaim.Status.ActiveDB.DbState = persistancev1.Ready @@ -779,6 +858,7 @@ loop: logr.Error(err, "could not update db claim") return r.manageError(ctx, dbClaim, err) } + err = r.deleteTempSecret(ctx, dbClaim) if err != nil { logr.Error(err, "ignoring delete temp secret error") @@ -789,6 +869,218 @@ loop: return r.manageSuccess(ctx, dbClaim) } +func (r *DatabaseClaimReconciler) operationalTaggingForDbParamGroup(ctx context.Context, logr logr.Logger, dbParamGroupName string) { + dbParameterGroup := &crossplanerds.DBParameterGroup{} + + err := r.Client.Get(ctx, client.ObjectKey{ + Name: dbParamGroupName, + }, dbParameterGroup) + + if err != nil { + if errors.IsNotFound(err) { + return // nothing to delete + } + logr.Error(err, "Error getting crossplane db param group for old DB ") + } else { + operationalTagForProviderPresent := false + for _, tag := range dbParameterGroup.Spec.ForProvider.Tags { + if *tag.Key == operationalStatusTagKey && *tag.Value == operationalStatusInactiveValue { + operationalTagForProviderPresent = true + } + } + if !operationalTagForProviderPresent { + patchDBParameterGroup := client.MergeFrom(dbParameterGroup.DeepCopy()) + + operationalTagKey := operationalStatusTagKey + operationalValue := operationalStatusInactiveValue + + dbParameterGroup.Spec.ForProvider.Tags = append(dbParameterGroup.Spec.ForProvider.Tags, &crossplanerds.Tag{ + Key: &operationalTagKey, + Value: &operationalValue, + }) + + err := r.Client.Patch(ctx, dbParameterGroup, patchDBParameterGroup) + if err != nil { + logr.Error(err, "Error updating operational tags for crossplane db param group ") + } + } + } +} + +func (r *DatabaseClaimReconciler) operationalTaggingForDbClusterParamGroup(ctx context.Context, logr logr.Logger, dbParamGroupName string) { + dbClusterParamGroup := &crossplanerds.DBClusterParameterGroup{} + + err := r.Client.Get(ctx, client.ObjectKey{ + Name: dbParamGroupName, + }, dbClusterParamGroup) + + if err != nil { + if errors.IsNotFound(err) { + return // nothing to delete + } + logr.Error(err, "Error getting crossplane db cluster param group for old DB ") + } else { + operationalTagForProviderPresent := false + for _, tag := range dbClusterParamGroup.Spec.ForProvider.Tags { + if *tag.Key == operationalStatusTagKey && *tag.Value == operationalStatusInactiveValue { + operationalTagForProviderPresent = true + } + } + if !operationalTagForProviderPresent { + patchDBClusterParameterGroup := client.MergeFrom(dbClusterParamGroup.DeepCopy()) + + operationalTagKey := operationalStatusTagKey + operationalValue := operationalStatusInactiveValue + + dbClusterParamGroup.Spec.ForProvider.Tags = append(dbClusterParamGroup.Spec.ForProvider.Tags, &crossplanerds.Tag{ + Key: &operationalTagKey, + Value: &operationalValue, + }) + + err := r.Client.Patch(ctx, dbClusterParamGroup, patchDBClusterParameterGroup) + if err != nil { + logr.Error(err, "Error updating operational tags for crossplane db cluster param group ") + } + } + } + +} + +func (r *DatabaseClaimReconciler) operationalTaggingForDbCluster(ctx context.Context, logr logr.Logger, dbHostName string) { + dbCluster := &crossplanerds.DBCluster{} + + err := r.Client.Get(ctx, client.ObjectKey{ + Name: dbHostName, + }, dbCluster) + + if err != nil { + if errors.IsNotFound(err) { + return // nothing to delete + } + logr.Error(err, "Error getting crossplane DBCluster for old DB") + } else { + operationalTagForProviderPresent := false + for _, tag := range dbCluster.Spec.ForProvider.Tags { + if *tag.Key == operationalStatusTagKey && *tag.Value == operationalStatusInactiveValue { + operationalTagForProviderPresent = true + } + } + if !operationalTagForProviderPresent { + patchDBClusterParameterGroup := client.MergeFrom(dbCluster.DeepCopy()) + + operationalTagKey := operationalStatusTagKey + operationalValue := operationalStatusInactiveValue + + dbCluster.Spec.ForProvider.Tags = append(dbCluster.Spec.ForProvider.Tags, &crossplanerds.Tag{ + Key: &operationalTagKey, + Value: &operationalValue, + }) + + err := r.Client.Patch(ctx, dbCluster, patchDBClusterParameterGroup) + if err != nil { + logr.Error(err, "Error updating operational tags for crossplane db cluster ") + } + } + } + +} + +func (r *DatabaseClaimReconciler) operationalTaggingForDbInstance(ctx context.Context, logr logr.Logger, dbHostName string) (bool, error) { + + dbInstance := &crossplanerds.DBInstance{} + + err := r.Client.Get(ctx, client.ObjectKey{ + Name: dbHostName, + }, dbInstance) + + if err != nil { + logr.Error(err, "Error getting crossplane dbInstance for old DB") + return false, err + } else { + operationalTagForProviderPresent := false + operationalTagAtProviderPresent := false + // Checking whether tags are already requested + for _, tag := range dbInstance.Spec.ForProvider.Tags { + if *tag.Key == operationalStatusTagKey && *tag.Value == operationalStatusInactiveValue { + operationalTagForProviderPresent = true + } + } + // checking whether tags have got updated on AWS (This will be done by chekcing tags at AtProvider) + for _, tag := range dbInstance.Status.AtProvider.TagList { + if *tag.Key == operationalStatusTagKey && *tag.Value == operationalStatusInactiveValue { + operationalTagAtProviderPresent = true + } + } + + if !operationalTagForProviderPresent { + patchDBInstance := client.MergeFrom(dbInstance.DeepCopy()) + + operationalTagKey := operationalStatusTagKey + operationalValue := operationalStatusInactiveValue + + dbInstance.Spec.ForProvider.Tags = append(dbInstance.Spec.ForProvider.Tags, &crossplanerds.Tag{ + Key: &operationalTagKey, + Value: &operationalValue, + }) + + err := r.Client.Patch(ctx, dbInstance, patchDBInstance) + if err != nil { + logr.Error(err, "Error patching crossplane dbInstance for old DB to add operational tags") + return false, err + } + } else if operationalTagForProviderPresent && !operationalTagAtProviderPresent { + logr.Info("could not find operational tags of DBInstance on AWS. These are already requested. Needs to requeue") + return false, nil + } else { + logr.Info("operational tags of DBInstance on AWS found") + return true, nil + } + + } + return false, nil +} + +// manageOperationalTagging: Will update operational tags on old DBInstance, DBCluster, DBClusterParamGroup and DBParamGroup. +// It does not return error for DBCluster, DBClusterParamGroup and DBParamGroup if they fail to update tags. Such error is only logged, but not returned. +// In case of successful updation, It does not to verify whether those tags got updated. +// +// Unlike other resources, +// It returns error just for DBinstance failling to update tags. +// It also verifies whether DBinstance got updated with the tag, and return the signal as boolean. +// +// true: operational tag is updated and verfied. +// false: operational tag is updated but could not be verified yet. +func (r *DatabaseClaimReconciler) manageOperationalTagging(ctx context.Context, logr logr.Logger, dbInstanceName, dbParamGroupName string) (bool, error) { + + r.operationalTaggingForDbClusterParamGroup(ctx, logr, dbParamGroupName) + r.operationalTaggingForDbParamGroup(ctx, logr, dbParamGroupName) + r.operationalTaggingForDbCluster(ctx, logr, dbInstanceName) + + // unlike other resources above, verifying tags updation and handling errors if any just for "DBInstance" resource + isVerfied, err := r.operationalTaggingForDbInstance(ctx, logr, dbInstanceName) + + if r.getMultiAZEnabled() { + isVerfiedforMultiAZ, errMultiAZ := r.operationalTaggingForDbInstance(ctx, logr, dbInstanceName+"-2") + if err != nil { + return false, err + } else if errMultiAZ != nil { + return false, errMultiAZ + } else if !isVerfied || !isVerfiedforMultiAZ { + return false, nil + } else { + return true, nil + } + + } else { + if err != nil { + return false, err + } else { + return isVerfied, nil + } + } + +} + func (r *DatabaseClaimReconciler) getClientForExistingDB(ctx context.Context, logr logr.Logger, dbClaim *persistancev1.DatabaseClaim, connInfo *persistancev1.DatabaseClaimConnectionInfo) (dbclient.Client, error) { @@ -883,6 +1175,22 @@ func (r *DatabaseClaimReconciler) getReclaimPolicy(fragmentKey string) string { } } +func (r *DatabaseClaimReconciler) canTagResources(ctx context.Context, dbClaim *persistancev1.DatabaseClaim) (bool, error) { + + if dbClaim.Spec.InstanceLabel == "" { + return true, nil + } + var dbClaimList persistancev1.DatabaseClaimList + if err := r.List(ctx, &dbClaimList, client.MatchingFields{instanceLableKey: dbClaim.Spec.InstanceLabel}); err != nil { + return false, err + } + + if len(dbClaimList.Items) == 1 { + return true, nil + } + return false, nil +} + func (r *DatabaseClaimReconciler) deleteExternalResources(ctx context.Context, dbClaim *persistancev1.DatabaseClaim) error { // delete any external resources associated with the dbClaim // Only RDS Instance are managed for now @@ -2309,6 +2617,8 @@ func (r *DatabaseClaimReconciler) manageSuccess(ctx context.Context, dbClaim *pe //if object is getting deleted then call requeue immediately if !dbClaim.ObjectMeta.DeletionTimestamp.IsZero() { return ctrl.Result{Requeue: true}, nil + } else if dbClaim.Status.OldDB.DbState == persistancev1.PostMigrationInProgress { + return ctrl.Result{RequeueAfter: time.Minute}, nil } else { return ctrl.Result{RequeueAfter: r.getPasswordRotationTime()}, nil } diff --git a/controllers/databaseclaim_controller_integ_test.go b/controllers/databaseclaim_controller_integ_test.go index 31aa8c95..1b3d1200 100644 --- a/controllers/databaseclaim_controller_integ_test.go +++ b/controllers/databaseclaim_controller_integ_test.go @@ -2,10 +2,16 @@ package controllers import ( "context" + "fmt" + crossplanerds "github.com/crossplane-contrib/provider-aws/apis/rds/v1alpha1" + "github.com/go-logr/logr" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "github.com/spf13/viper" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" persistancev1 "github.com/infobloxopen/db-controller/api/v1" ) @@ -43,3 +49,431 @@ var _ = Describe("db-controller", func() { }) }) }) + +var _ = Describe("manageOperationalTagging", Ordered, func() { + + // define and create objects in the test cluster + + dbCluster := &crossplanerds.DBCluster{} + dbClusterParam := &crossplanerds.DBClusterParameterGroup{} + dbParam := &crossplanerds.DBParameterGroup{} + dnInstance1 := &crossplanerds.DBInstance{} + dnInstance2 := &crossplanerds.DBInstance{} + dnInstance3 := &crossplanerds.DBInstance{} + + BeforeAll(func() { + By("Creating objects beforehand of DBClsuerParameterGroup, DBCluser, DBParameterGroup and DBInstance") + testString := "test" + ctx := context.Background() + dbCluster = &crossplanerds.DBCluster{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rds.aws.crossplane.io/v1alpha1", + Kind: "DBCluster", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "db", + Namespace: "default", + }, + Spec: crossplanerds.DBClusterSpec{ + ForProvider: crossplanerds.DBClusterParameters{ + Engine: &testString, + }, + }, + } + Expect(k8sClient.Create(ctx, dbCluster)).Should(Succeed()) + ctx = context.Background() + dbClusterParam = &crossplanerds.DBClusterParameterGroup{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rds.aws.crossplane.io/v1alpha1", + Kind: "DBClusterParameterGroup", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dbparam", + Namespace: "default", + }, + Spec: crossplanerds.DBClusterParameterGroupSpec{ + ForProvider: crossplanerds.DBClusterParameterGroupParameters{ + Description: &testString, + }, + }, + } + Expect(k8sClient.Create(ctx, dbClusterParam)).Should(Succeed()) + + dbParam = &crossplanerds.DBParameterGroup{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rds.aws.crossplane.io/v1alpha1", + Kind: "DBParameterGroup", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dbparam", + Namespace: "default", + }, + Spec: crossplanerds.DBParameterGroupSpec{ + ForProvider: crossplanerds.DBParameterGroupParameters{ + Description: &testString, + }, + }, + } + Expect(k8sClient.Create(ctx, dbParam)).Should(Succeed()) + + ctx = context.Background() + dnInstance1 = &crossplanerds.DBInstance{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rds.aws.crossplane.io/v1alpha1", + Kind: "DBInstance", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "db", + Namespace: "default", + }, + Spec: crossplanerds.DBInstanceSpec{ + ForProvider: crossplanerds.DBInstanceParameters{ + Engine: &testString, + DBInstanceClass: &testString, + }, + }, + } + Expect(k8sClient.Create(ctx, dnInstance1)).Should(Succeed()) + + ctx = context.Background() + dnInstance2 = &crossplanerds.DBInstance{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rds.aws.crossplane.io/v1alpha1", + Kind: "DBInstance", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "db-2", + Namespace: "default", + }, + Spec: crossplanerds.DBInstanceSpec{ + ForProvider: crossplanerds.DBInstanceParameters{ + Engine: &testString, + DBInstanceClass: &testString, + }, + }, + } + Expect(k8sClient.Create(ctx, dnInstance2)).Should(Succeed()) + + ctx = context.Background() + dnInstance3 = &crossplanerds.DBInstance{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rds.aws.crossplane.io/v1alpha1", + Kind: "DBInstance", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "db3", + Namespace: "default", + }, + Spec: crossplanerds.DBInstanceSpec{ + ForProvider: crossplanerds.DBInstanceParameters{ + Engine: &testString, + DBInstanceClass: &testString, + }, + }, + } + Expect(k8sClient.Create(ctx, dnInstance3)).Should(Succeed()) + }) + + Context("Now, try adding tags to resources which does not exists, while multiAZ is enabled", func() { + It("Should not add tags to any other already existing resources", func() { + mockReconciler := &DatabaseClaimReconciler{} + mockReconciler.Client = k8sClient + mockReconciler.Config = viper.New() + mockReconciler.Config.Set("dbMultiAZEnabled", true) + // providing names of non-existing resources below + check, err := mockReconciler.manageOperationalTagging(context.Background(), ctrl.Log.WithName("controllers"), "dbb", "dbparamm") + Expect(err).Should(HaveOccurred()) // This should create error + Expect(check).To(BeFalse()) + + By("Lets get all objects again to check whether tags have not been added to any resource, as we provied wrong names above") + + dbCluster = &crossplanerds.DBCluster{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db", + }, dbCluster)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dbCluster.Spec.ForProvider.Tags)).To(Equal(false)) + + dbClusterParam = &crossplanerds.DBClusterParameterGroup{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "dbparam", + }, dbClusterParam)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dbClusterParam.Spec.ForProvider.Tags)).To(Equal(false)) + + dbParam = &crossplanerds.DBParameterGroup{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "dbparam", + }, dbParam)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dbParam.Spec.ForProvider.Tags)).To(Equal(false)) + + dnInstance1 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db", + }, dnInstance1)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance1.Spec.ForProvider.Tags)).To(Equal(false)) + + dnInstance2 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db-2", + }, dnInstance2)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance2.Spec.ForProvider.Tags)).To(Equal(false)) + + dnInstance3 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db3", + }, dnInstance3)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance3.Spec.ForProvider.Tags)).To(Equal(false)) + }) + }) + + Context("Now, try Adding tags to resources, with multiAZ disabled", func() { + It("Should add tags to all valid resources. Should skip instance-2 as multiAZ is disabled", func() { + mockReconciler := &DatabaseClaimReconciler{} + mockReconciler.Client = k8sClient + mockReconciler.Config = viper.New() + mockReconciler.Config.Set("dbMultiAZEnabled", false) + check, err := mockReconciler.manageOperationalTagging(context.Background(), logr.Logger{}, "db", "dbparam") + Expect(err).ShouldNot(HaveOccurred()) + Expect(check).To(BeFalse()) + + By("Lets get all objects again to check whether tags can be found at .spec.ForProvider") + + dbCluster = &crossplanerds.DBCluster{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db", + }, dbCluster)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dbCluster.Spec.ForProvider.Tags)).To(Equal(true)) + + dbClusterParam = &crossplanerds.DBClusterParameterGroup{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "dbparam", + }, dbClusterParam)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dbClusterParam.Spec.ForProvider.Tags)).To(Equal(true)) + + dbParam = &crossplanerds.DBParameterGroup{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "dbparam", + }, dbParam)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dbParam.Spec.ForProvider.Tags)).To(Equal(true)) + + dnInstance1 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db", + }, dnInstance1)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance1.Spec.ForProvider.Tags)).To(Equal(true)) + + // tag should not be found at spec for dbInstance2 as multiAZ is disabled + dnInstance2 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db-2", + }, dnInstance2)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance2.Spec.ForProvider.Tags)).To(Equal(false)) + + // tag should not be found at spec for dbInstance3 as we had not requested this resource to be tagged + dnInstance3 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db3", + }, dnInstance3)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance3.Spec.ForProvider.Tags)).To(Equal(false)) + }) + }) + + Context("Adding tags to resources, while multiAZ is enabled", func() { + It("Should add tags to all valid resources if exists. Should NOT skip instance-2 as multiAZ is enabled", func() { + mockReconciler := &DatabaseClaimReconciler{} + mockReconciler.Client = k8sClient + mockReconciler.Config = viper.New() + mockReconciler.Config.Set("dbMultiAZEnabled", true) + check, err := mockReconciler.manageOperationalTagging(context.Background(), ctrl.Log.WithName("controllers"), "db", "dbparam") + Expect(err).ShouldNot(HaveOccurred()) + Expect(check).To(BeFalse()) + + By("Lets get all DBinstance objects again to check whether tags can be found at .spec.ForProvider for all instances in multiAZ") + + dnInstance1 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db", + }, dnInstance1)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance1.Spec.ForProvider.Tags)).To(Equal(true)) + + // tag should be found at spec for dbInstancw2 as multiAZ is enabled now + dnInstance2 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db-2", + }, dnInstance2)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance2.Spec.ForProvider.Tags)).To(Equal(true)) + + // tag should not be found at spec for dbInstancr3 as we had not requested this resource to be tagged + dnInstance3 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db3", + }, dnInstance3)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance3.Spec.ForProvider.Tags)).To(Equal(false)) + }) + }) + + Context("When tags get successfully updated, They are reflected at .status.AtProvider for DBInstance", func() { + It("manageOperationalTagging() Should return true without any error", func() { + mockReconciler := &DatabaseClaimReconciler{} + mockReconciler.Client = k8sClient + mockReconciler.Config = viper.New() + mockReconciler.Config.Set("dbMultiAZEnabled", true) + + By("adding tags beforehand to .status.AtProvier.TagList. As in reality, if tags gets successfully added. It will reflect at the said path") + + operationalStatusTagKeyPtr := operationalStatusTagKey + operationalStatusInactiveValuePtr := operationalStatusInactiveValue + ctx := context.Background() + + dnInstance1.Status.AtProvider.TagList = []*crossplanerds.Tag{ + { + Key: &operationalStatusTagKeyPtr, + Value: &operationalStatusInactiveValuePtr, + }, + } + dnInstance2.Status.AtProvider.TagList = []*crossplanerds.Tag{ + { + Key: &operationalStatusTagKeyPtr, + Value: &operationalStatusInactiveValuePtr, + }, + } + + Expect(k8sClient.Status().Update(ctx, dnInstance1)).Should(Succeed()) + Expect(k8sClient.Status().Update(ctx, dnInstance2)).Should(Succeed()) + + check, err := mockReconciler.manageOperationalTagging(context.Background(), ctrl.Log.WithName("controllers"), "db", "dbparam") + Expect(err).ShouldNot(HaveOccurred()) + Expect(check).To(BeTrue()) + + // Lets also check the tags at status + dnInstance1 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db", + }, dnInstance1)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance1.Status.AtProvider.TagList)).To(Equal(true)) + + dnInstance2 = &crossplanerds.DBInstance{} + Expect(mockReconciler.Client.Get(context.Background(), client.ObjectKey{ + Name: "db-2", + }, dnInstance2)).ShouldNot(HaveOccurred()) + Expect(hasOperationalTag(dnInstance2.Status.AtProvider.TagList)).To(Equal(true)) + + }) + }) + +}) + +func hasOperationalTag(tags []*crossplanerds.Tag) bool { + + for _, tag := range tags { + fmt.Println("==") + + fmt.Println(tag) + if *tag.Key == operationalStatusTagKey && *tag.Value == operationalStatusInactiveValue { + return true + } + } + return false + +} + +var _ = Describe("canTagResources", Ordered, func() { + + // Creating resources required to do tests beforehand + BeforeAll(func() { + ctx := context.Background() + dbClaim := &persistancev1.DatabaseClaim{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "persistance.atlas.infoblox.com/v1", + Kind: "DatabaseClaim", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dbclaim", + Namespace: "default", + }, + Spec: persistancev1.DatabaseClaimSpec{ + AppID: "sample-app", + DatabaseName: "sample_app", + InstanceLabel: "sample-connection-3", + SecretName: "sample-secret", + Username: "sample_user", + }, + } + Expect(k8sClient.Create(ctx, dbClaim)).Should(Succeed()) + ctx2 := context.Background() + dbClaim2 := &persistancev1.DatabaseClaim{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "persistance.atlas.infoblox.com/v1", + Kind: "DatabaseClaim", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dbclaim-2", + Namespace: "default", + }, + Spec: persistancev1.DatabaseClaimSpec{ + AppID: "sample-app", + DatabaseName: "sample_app", + InstanceLabel: "sample-connection-3", + SecretName: "sample-secret", + Username: "sample_user", + }, + } + Expect(k8sClient.Create(ctx2, dbClaim2)).Should(Succeed()) + }) + + Context("Adding tags to DBClaim with empty InstanceLabel", func() { + It("Should permite adding tags", func() { + ctx2 := context.Background() + dbClaim2 := &persistancev1.DatabaseClaim{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "persistance.atlas.infoblox.com/v1", + Kind: "DatabaseClaim", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dbclaim-2", + Namespace: "default", + }, + Spec: persistancev1.DatabaseClaimSpec{ + AppID: "sample-app", + DatabaseName: "sample_app", + InstanceLabel: "", + SecretName: "sample-secret", + Username: "sample_user", + }, + } + mockReconciler := &DatabaseClaimReconciler{} + mockReconciler.Client = k8sClient + check, err2 := mockReconciler.canTagResources(ctx2, dbClaim2) + Expect(err2).ShouldNot(HaveOccurred()) + Expect(check).To(BeTrue()) + }) + }) + + Context("Adding tags to DBClaim, When There are already more than one DBClaim exists with similar InstanceLabel", func() { + It("Should not permite adding tags", func() { + ctx2 := context.Background() + dbClaim2 := &persistancev1.DatabaseClaim{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "persistance.atlas.infoblox.com/v1", + Kind: "DatabaseClaim", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dbclaim-2", + Namespace: "default", + }, + Spec: persistancev1.DatabaseClaimSpec{ + AppID: "sample-app", + DatabaseName: "sample_app", + InstanceLabel: "sample-connection-3", + SecretName: "sample-secret", + Username: "sample_user", + }, + } + mockReconciler := &DatabaseClaimReconciler{} + mockReconciler.Client = k8sClient + check, err2 := mockReconciler.canTagResources(ctx2, dbClaim2) + Expect(err2).Should(HaveOccurred()) + Expect(check).To(BeFalse()) + }) + }) + +}) diff --git a/controllers/databaseclaim_controller_test.go b/controllers/databaseclaim_controller_test.go index 80f0f58f..b39c18aa 100644 --- a/controllers/databaseclaim_controller_test.go +++ b/controllers/databaseclaim_controller_test.go @@ -1699,6 +1699,203 @@ func TestDatabaseClaimReconciler_getMode(t *testing.T) { }, M_UseNewDB, }, + { + "postMigrationActions-positive", + fields{ + Log: zap.New(zap.UseFlagOptions(&opts)), + Input: &input{ + HostParams: hostparams.HostParams{ + Engine: "aurora-postgres", + Shape: "db.t4g.medium", + MinStorageGB: 20, + EngineVersion: "12.11", + }, + SharedDBHost: false, + }, + }, + + args{ + dbClaim: &persistancev1.DatabaseClaim{ + ObjectMeta: v1.ObjectMeta{Name: "identity-dbclaim-name", + Namespace: "unitest"}, + + Spec: persistancev1.DatabaseClaimSpec{ + UseExistingSource: &flse, + }, + Status: persistancev1.DatabaseClaimStatus{ + ActiveDB: persistancev1.Status{ + DbState: persistancev1.Ready, + }, + OldDB: persistancev1.Status{ + DbState: persistancev1.PostMigrationInProgress, + Type: "aurora-postgres", + DBVersion: "13.11", + Shape: "db.t4g.medium", + MinStorageGB: 20, + ConnectionInfo: &persistancev1.DatabaseClaimConnectionInfo{}, + }, + }, + }, + }, + M_PostMigrationInProgress, + }, + { + "postMigrationActions-negative-without-connectionInfo-in-oldDB", + fields{ + Log: zap.New(zap.UseFlagOptions(&opts)), + Input: &input{ + HostParams: hostparams.HostParams{ + Engine: "aurora-postgres", + Shape: "db.t4g.medium", + MinStorageGB: 20, + EngineVersion: "12.11", + }, + SharedDBHost: false, + }, + }, + + args{ + dbClaim: &persistancev1.DatabaseClaim{ + ObjectMeta: v1.ObjectMeta{Name: "identity-dbclaim-name", + Namespace: "unitest"}, + + Spec: persistancev1.DatabaseClaimSpec{ + UseExistingSource: &flse, + }, + Status: persistancev1.DatabaseClaimStatus{ + ActiveDB: persistancev1.Status{ + DbState: persistancev1.Ready, + }, + OldDB: persistancev1.Status{ + DbState: persistancev1.PostMigrationInProgress, + Type: "aurora-postgres", + DBVersion: "13.11", + Shape: "db.t4g.medium", + MinStorageGB: 20, + }, + }, + }, + }, + M_NotSupported, + }, + { + "postMigrationActions-negative-wit-userExistingSource", + fields{ + Log: zap.New(zap.UseFlagOptions(&opts)), + Input: &input{ + HostParams: hostparams.HostParams{ + Engine: "aurora-postgres", + Shape: "db.t4g.medium", + MinStorageGB: 20, + EngineVersion: "12.11", + }, + SharedDBHost: false, + }, + }, + + args{ + dbClaim: &persistancev1.DatabaseClaim{ + ObjectMeta: v1.ObjectMeta{Name: "identity-dbclaim-name", + Namespace: "unitest"}, + + Spec: persistancev1.DatabaseClaimSpec{ + UseExistingSource: &tru, + }, + Status: persistancev1.DatabaseClaimStatus{ + ActiveDB: persistancev1.Status{ + DbState: persistancev1.Ready, + }, + OldDB: persistancev1.Status{ + DbState: persistancev1.PostMigrationInProgress, + Type: "aurora-postgres", + DBVersion: "13.11", + Shape: "db.t4g.medium", + MinStorageGB: 20, + }, + }, + }, + }, + M_NotSupported, + }, + { + "postMigrationActions-negative-with-sourceData", + fields{ + Log: zap.New(zap.UseFlagOptions(&opts)), + Input: &input{ + HostParams: hostparams.HostParams{ + Engine: "aurora-postgres", + Shape: "db.t4g.medium", + MinStorageGB: 20, + EngineVersion: "12.11", + }, + SharedDBHost: false, + }, + }, + + args{ + dbClaim: &persistancev1.DatabaseClaim{ + ObjectMeta: v1.ObjectMeta{Name: "identity-dbclaim-name", + Namespace: "unitest"}, + + Spec: persistancev1.DatabaseClaimSpec{ + UseExistingSource: &flse, + SourceDataFrom: &persistancev1.SourceDataFrom{}, + }, + Status: persistancev1.DatabaseClaimStatus{ + ActiveDB: persistancev1.Status{ + DbState: persistancev1.Ready, + }, + OldDB: persistancev1.Status{ + DbState: persistancev1.PostMigrationInProgress, + Type: "aurora-postgres", + DBVersion: "13.11", + Shape: "db.t4g.medium", + MinStorageGB: 20, + }, + }, + }, + }, + M_NotSupported, + }, + { + "postMigrationActions-negative-with-sharedDB", + fields{ + Log: zap.New(zap.UseFlagOptions(&opts)), + Input: &input{ + HostParams: hostparams.HostParams{ + Engine: "aurora-postgres", + Shape: "db.t4g.medium", + MinStorageGB: 20, + EngineVersion: "12.11", + }, + SharedDBHost: true, + }, + }, + + args{ + dbClaim: &persistancev1.DatabaseClaim{ + ObjectMeta: v1.ObjectMeta{Name: "identity-dbclaim-name", + Namespace: "unitest"}, + + Spec: persistancev1.DatabaseClaimSpec{ + UseExistingSource: &flse, + }, + Status: persistancev1.DatabaseClaimStatus{ + ActiveDB: persistancev1.Status{ + DbState: persistancev1.Ready, + }, + OldDB: persistancev1.Status{ + DbState: persistancev1.PostMigrationInProgress, + Type: "aurora-postgres", + DBVersion: "13.11", + Shape: "db.t4g.medium", + MinStorageGB: 20, + }, + }, + }, + }, + M_NotSupported, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/controllers/suite_test.go b/controllers/suite_test.go index a006d595..6563edfe 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -36,6 +36,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" persistancev1 "github.com/infobloxopen/db-controller/api/v1" + + crossplanerds "github.com/crossplane-contrib/provider-aws/apis/rds/v1alpha1" // +kubebuilder:scaffold:imports ) @@ -82,7 +84,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases"), filepath.Join("..", "testutils", "crds")}, } var err error @@ -93,6 +95,9 @@ var _ = BeforeSuite(func() { err = persistancev1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) + err = crossplanerds.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) + // +kubebuilder:scaffold:scheme k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) diff --git a/go.mod b/go.mod index bd19111a..5dd6254f 100644 --- a/go.mod +++ b/go.mod @@ -34,10 +34,7 @@ require ( sigs.k8s.io/yaml v1.3.0 ) -require ( - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/stretchr/objx v0.5.0 // indirect -) +require github.com/pmezard/go-difflib v1.0.0 // indirect require ( github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect diff --git a/go.sum b/go.sum index 0d3ae3f2..a2d398c1 100644 --- a/go.sum +++ b/go.sum @@ -17,6 +17,7 @@ cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHOb cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= +cloud.google.com/go v0.100.2 h1:t9Iw5QH5v4XtlEQaCtUY7x6sCABps8sW0acw7e2WQ6Y= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -55,8 +56,6 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEV github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -111,11 +110,9 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -126,18 +123,14 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containerd/continuity v0.4.1 h1:wQnVrjIyQ8vhU2sgOiL5T07jo+ouqc2bnKsv5/EqGhU= github.com/containerd/continuity v0.4.1/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/crossplane-contrib/provider-aws v0.42.0 h1:8VEgiOX2egHKxE56ZiH9ZNaJHFEU7bhDt6yIzbvDZ34= github.com/crossplane-contrib/provider-aws v0.42.0/go.mod h1:fZETI7E2sOa/1GO4giTS9Ohgk1jwnEPDSwfjNImdy60= github.com/crossplane/crossplane-runtime v0.20.0-rc.0.0.20230320143010-c424c4aca5b0 h1:CeOwmlDuq0MU62YguasLJ1j/W58uW/FVeSlPOvOK5xM= github.com/crossplane/crossplane-runtime v0.20.0-rc.0.0.20230320143010-c424c4aca5b0/go.mod h1:OJQ1NxtQK2ZTRmvtnQPoy8LsXsARTnVydRVDQEgIuz4= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -203,7 +196,6 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -364,7 +356,6 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -374,7 +365,6 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -391,8 +381,6 @@ github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrB github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk= github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= -github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg= @@ -435,11 +423,8 @@ github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI= github.com/sethvargo/go-password v0.2.0/go.mod h1:Ym4Mr9JXLBycr02MFuVQ/0JHidNetSgbzutTr3zsYXE= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= @@ -461,9 +446,6 @@ github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUs github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -471,16 +453,10 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= -github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= diff --git a/helm/db-controller-crds/crd/persistance.atlas.infoblox.com_databaseclaims.yaml b/helm/db-controller-crds/crd/persistance.atlas.infoblox.com_databaseclaims.yaml index 44ffcac7..7160c0b6 100644 --- a/helm/db-controller-crds/crd/persistance.atlas.infoblox.com_databaseclaims.yaml +++ b/helm/db-controller-crds/crd/persistance.atlas.infoblox.com_databaseclaims.yaml @@ -276,6 +276,10 @@ spec: description: The optional MinStorageGB value requests the minimum database host storage capacity in GBytes type: integer + postMigrationActionStartedAt: + description: Time at the process of post migration actions initiated + format: date-time + type: string shape: description: The optional Shape values are arbitrary and help drive instance selection @@ -413,6 +417,144 @@ spec: description: The optional MinStorageGB value requests the minimum database host storage capacity in GBytes type: integer + postMigrationActionStartedAt: + description: Time at the process of post migration actions initiated + format: date-time + type: string + shape: + description: The optional Shape values are arbitrary and help + drive instance selection + type: string + sourceDataFrom: + description: SourceDataFrom specifies an existing database or + backup to use when initially provisioning the database. if the + dbclaim has already provisioned a database, this field is ignored + This field used when claim is use-existing-db and attempting + to migrate to newdb + properties: + database: + description: Database defines the connection information to + an existing db + properties: + dsn: + description: 'DSN is the connection string used to reach + the postgres database must have protocol specifier at + beginning (example: mysql:// postgres:// )' + type: string + secretRef: + description: 'SecretRef specifies a secret to use for + connecting to the postgresdb (should be master/root) + TODO: document/validate the secret format required' + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + required: + - dsn + type: object + s3: + description: S3 defines the location of a DB backup in an + S3 bucket + properties: + bucket: + type: string + prefix: + description: Prefix is the path prefix of the S3 bucket + within which the backup to restore is located. + type: string + region: + type: string + secretRef: + description: 'SecretRef specifies a secret to use for + connecting to the s3 bucket via AWS client TODO: document/validate + the secret format required' + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sourceEngine: + description: SourceEngine is the engine used to create + the backup. + type: string + sourceEngineVersion: + description: 'SourceEngineVersion is the version of the + engine used to create the backup. Example: "5.7.30"' + type: string + required: + - bucket + - region + - sourceEngine + - sourceEngineVersion + type: object + type: + description: Type specifies the type of source + type: string + required: + - type + type: object + type: + description: Specifies the type of database to provision. Only + postgres is supported. + type: string + userUpdatedAt: + description: Time the user/password was updated/created + format: date-time + type: string + required: + - connectionInfo + type: object + oldDB: + description: tracks the DB which is migrated and not more operational + properties: + DbState: + description: DbState of the DB. inprogress, "", ready + type: string + connectionInfo: + properties: + databaseName: + type: string + hostName: + type: string + password: + type: string + port: + type: string + sslMode: + type: string + userName: + type: string + type: object + connectionUpdatedAt: + description: Time the connection info was updated/created. + format: date-time + type: string + dbCreateAt: + description: Time the database was created + format: date-time + type: string + dbversion: + description: Version of the provisioned Database + type: string + matchLabel: + description: The name of the label that was successfully matched + against the fragment key names in the db-controller configMap + type: string + minStorageGB: + description: The optional MinStorageGB value requests the minimum + database host storage capacity in GBytes + type: integer + postMigrationActionStartedAt: + description: Time at the process of post migration actions initiated + format: date-time + type: string shape: description: The optional Shape values are arbitrary and help drive instance selection diff --git a/testutils/crds/DBCluster.yaml b/testutils/crds/DBCluster.yaml new file mode 100644 index 00000000..7565df74 --- /dev/null +++ b/testutils/crds/DBCluster.yaml @@ -0,0 +1,1675 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: "2023-10-03T17:31:23Z" + generation: 1 + name: dbclusters.rds.aws.crossplane.io + ownerReferences: + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: true + kind: ProviderRevision + name: bloxinabox-provider-877b9fccf7ca + uid: f42ec1bf-0547-43c9-a29d-1dc6c06c0286 + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: false + kind: Provider + name: bloxinabox-provider + uid: 273f9682-ede8-4b8f-82ba-5c85cf731d51 + uid: 6408ca27-a149-4f0d-9370-63b3a68a9585 +spec: + conversion: + strategy: None + group: rds.aws.crossplane.io + names: + categories: + - crossplane + - managed + - aws + kind: DBCluster + listKind: DBClusterList + plural: dbclusters + singular: dbcluster + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DBCluster is the Schema for the DBClusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DBClusterSpec defines the desired state of DBCluster + properties: + deletionPolicy: + default: Delete + description: DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. + enum: + - Orphan + - Delete + type: string + forProvider: + description: DBClusterParameters defines the desired state of DBCluster + properties: + allocatedStorage: + description: "The amount of storage in gibibytes (GiB) to allocate + to each DB instance in the Multi-AZ DB cluster. \n This setting + is required to create a Multi-AZ DB cluster. \n Valid for: Multi-AZ + DB clusters only" + format: int64 + type: integer + allowMajorVersionUpgrade: + description: "A value that indicates whether major version upgrades + are allowed. \n Constraints: You must allow major version upgrades + when specifying a value for the EngineVersion parameter that + is a different major version than the DB cluster's current version. + \n Valid for: Aurora DB clusters only" + type: boolean + applyImmediately: + description: "A value that indicates whether the modifications + in this request and any pending modifications are asynchronously + applied as soon as possible, regardless of the PreferredMaintenanceWindow + setting for the DB cluster. If this parameter is disabled, changes + to the DB cluster are applied during the next maintenance window. + \n The ApplyImmediately parameter only affects the EnableIAMDatabaseAuthentication, + MasterUserPassword values. If the ApplyImmediately parameter + is disabled, then changes to the EnableIAMDatabaseAuthentication, + MasterUserPassword values are applied during the next maintenance + window. All other changes are applied immediately, regardless + of the value of the ApplyImmediately parameter. \n By default, + this parameter is disabled." + type: boolean + autoMinorVersionUpgrade: + description: "A value that indicates whether minor engine upgrades + are applied automatically to the DB cluster during the maintenance + window. By default, minor engine upgrades are applied automatically. + \n Valid for: Multi-AZ DB clusters only" + type: boolean + autogeneratePassword: + description: "AutogeneratePassword indicates whether the controller + should generate a random password for the master user if one + is not provided via MasterUserPasswordSecretRef. \n If a password + is generated, it will be stored as a secret at the location + specified by MasterUserPasswordSecretRef." + type: boolean + availabilityZones: + description: "A list of Availability Zones (AZs) where DB instances + in the DB cluster can be created. \n For information on Amazon + Web Services Regions and Availability Zones, see Choosing the + Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) + in the Amazon Aurora User Guide. \n Valid for: Aurora DB clusters + only" + items: + type: string + type: array + backtrackWindow: + description: "The target backtrack window, in seconds. To disable + backtracking, set this value to 0. \n Default: 0 \n Constraints: + \n * If specified, this value must be set to a number from 0 + to 259,200 (72 hours). \n Valid for: Aurora MySQL DB clusters + only" + format: int64 + type: integer + backupRetentionPeriod: + description: "The number of days for which automated backups are + retained. \n Default: 1 \n Constraints: \n * Must be a value + from 1 to 35 \n Valid for: Aurora DB clusters and Multi-AZ DB + clusters" + format: int64 + type: integer + characterSetName: + description: "A value that indicates that the DB cluster should + be associated with the specified CharacterSet. \n Valid for: + Aurora DB clusters only" + type: string + copyTagsToSnapshot: + description: "A value that indicates whether to copy all tags + from the DB cluster to snapshots of the DB cluster. The default + is not to copy them. \n Valid for: Aurora DB clusters and Multi-AZ + DB clusters" + type: boolean + databaseName: + description: "The name for your database of up to 64 alphanumeric + characters. If you do not provide a name, Amazon RDS doesn't + create a database in the DB cluster you are creating. \n Valid + for: Aurora DB clusters and Multi-AZ DB clusters" + type: string + dbClusterInstanceClass: + description: "The compute and memory capacity of each DB instance + in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not + all DB instance classes are available in all Amazon Web Services + Regions, or for all database engines. \n For the full list of + DB instance classes and availability for your engine, see DB + instance class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + in the Amazon RDS User Guide. \n This setting is required to + create a Multi-AZ DB cluster. \n Valid for: Multi-AZ DB clusters + only" + type: string + dbClusterParameterGroupName: + description: "The name of the DB cluster parameter group to associate + with this DB cluster. If you do not specify a value, then the + default DB cluster parameter group for the specified DB engine + and version is used. \n Constraints: \n * If supplied, must + match the name of an existing DB cluster parameter group. \n + Valid for: Aurora DB clusters and Multi-AZ DB clusters" + type: string + dbClusterParameterGroupNameRef: + description: DBClusterParameterGroupNameRef is a reference to + a DBClusterParameterGroup used to set DBClusterParameterGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dbClusterParameterGroupNameSelector: + description: DBClusterParameterGroupNameSelector selects a reference + to a DBClusterParameterGroup used to set DBClusterParameterGroupName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + dbSubnetGroupName: + description: "A DB subnet group to associate with this DB cluster. + \n This setting is required to create a Multi-AZ DB cluster. + \n Constraints: Must match the name of an existing DBSubnetGroup. + Must not be default. \n Example: mydbsubnetgroup \n Valid for: + Aurora DB clusters and Multi-AZ DB clusters" + type: string + dbSubnetGroupNameRef: + description: DBSubnetGroupNameRef is a reference to a DBSubnetGroup + used to set DBSubnetGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dbSubnetGroupNameSelector: + description: DBSubnetGroupNameSelector selects a reference to + a DBSubnetGroup used to set DBSubnetGroupName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + dbSystemID: + description: Reserved for future use. + type: string + deletionProtection: + description: "A value that indicates whether the DB cluster has + deletion protection enabled. The database can't be deleted when + deletion protection is enabled. By default, deletion protection + isn't enabled. \n Valid for: Aurora DB clusters and Multi-AZ + DB clusters" + type: boolean + destinationRegion: + description: DestinationRegion is used for presigning the request + to a given region. + type: string + domain: + description: "The Active Directory directory ID to create the + DB cluster in. \n For Amazon Aurora DB clusters, Amazon RDS + can use Kerberos authentication to authenticate users that connect + to the DB cluster. \n For more information, see Kerberos authentication + (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) + in the Amazon Aurora User Guide. \n Valid for: Aurora DB clusters + only" + type: string + domainIAMRoleName: + description: "Specify the name of the IAM role to be used when + making API calls to the Directory Service. \n Valid for: Aurora + DB clusters only" + type: string + domainIAMRoleNameRef: + description: DomainIAMRoleNameRef is a reference to an IAMRole + used to set DomainIAMRoleName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + domainIAMRoleNameSelector: + description: DomainIAMRoleNameSelector selects a reference to + an IAMRole used to set DomainIAMRoleName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + enableCloudwatchLogsExports: + description: "The list of log types that need to be enabled for + exporting to CloudWatch Logs. The values in the list depend + on the DB engine being used. \n RDS for MySQL \n Possible values + are error, general, and slowquery. \n RDS for PostgreSQL \n + Possible values are postgresql and upgrade. \n Aurora MySQL + \n Possible values are audit, error, general, and slowquery. + \n Aurora PostgreSQL \n Possible value is postgresql. \n For + more information about exporting CloudWatch Logs for Amazon + RDS, see Publishing Database Logs to Amazon CloudWatch Logs + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + in the Amazon RDS User Guide. \n For more information about + exporting CloudWatch Logs for Amazon Aurora, see Publishing + Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + in the Amazon Aurora User Guide. \n Valid for: Aurora DB clusters + and Multi-AZ DB clusters" + items: + type: string + type: array + enableGlobalWriteForwarding: + description: "A value that indicates whether to enable this DB + cluster to forward write operations to the primary cluster of + an Aurora global database (GlobalCluster). By default, write + operations are not allowed on Aurora DB clusters that are secondary + clusters in an Aurora global database. \n You can set this value + only on Aurora DB clusters that are members of an Aurora global + database. With this parameter enabled, a secondary cluster can + forward writes to the current primary cluster and the resulting + changes are replicated back to this cluster. For the primary + DB cluster of an Aurora global database, this value is used + immediately if the primary is demoted by the FailoverGlobalCluster + API operation, but it does nothing until then. \n Valid for: + Aurora DB clusters only" + type: boolean + enableHTTPEndpoint: + description: "A value that indicates whether to enable the HTTP + endpoint for an Aurora Serverless v1 DB cluster. By default, + the HTTP endpoint is disabled. \n When enabled, the HTTP endpoint + provides a connectionless web service API for running SQL queries + on the Aurora Serverless v1 DB cluster. You can also query your + database from inside the RDS console with the query editor. + \n For more information, see Using the Data API for Aurora Serverless + v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + in the Amazon Aurora User Guide. \n Valid for: Aurora DB clusters + only" + type: boolean + enableIAMDatabaseAuthentication: + description: "A value that indicates whether to enable mapping + of Amazon Web Services Identity and Access Management (IAM) + accounts to database accounts. By default, mapping isn't enabled. + \n For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) + in the Amazon Aurora User Guide. \n Valid for: Aurora DB clusters + only" + type: boolean + enablePerformanceInsights: + description: "A value that indicates whether to turn on Performance + Insights for the DB cluster. \n For more information, see Using + Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + in the Amazon RDS User Guide. \n Valid for: Multi-AZ DB clusters + only" + type: boolean + engine: + description: "The name of the database engine to be used for this + DB cluster. \n Valid Values: \n * aurora (for MySQL 5.6-compatible + Aurora) \n * aurora-mysql (for MySQL 5.7-compatible and MySQL + 8.0-compatible Aurora) \n * aurora-postgresql \n * mysql \n + * postgres \n Valid for: Aurora DB clusters and Multi-AZ DB + clusters" + type: string + engineMode: + description: "The DB engine mode of the DB cluster, either provisioned, + serverless, parallelquery, global, or multimaster. \n The parallelquery + engine mode isn't required for Aurora MySQL version 1.23 and + higher 1.x versions, and version 2.09 and higher 2.x versions. + \n The global engine mode isn't required for Aurora MySQL version + 1.22 and higher 1.x versions, and global engine mode isn't required + for any 2.x versions. \n The multimaster engine mode only applies + for DB clusters created with Aurora MySQL version 5.6.10a. \n + The serverless engine mode only applies for Aurora Serverless + v1 DB clusters. \n For Aurora PostgreSQL, the global engine + mode isn't required, and both the parallelquery and the multimaster + engine modes currently aren't supported. \n Limitations and + requirements apply to some DB engine modes. For more information, + see the following sections in the Amazon Aurora User Guide: + \n * Limitations of Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) + \n * Requirements for Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) + \n * Limitations of Parallel Query (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations) + \n * Limitations of Aurora Global Databases (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations) + \n * Limitations of Multi-Master Clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html#aurora-multi-master-limitations) + \n Valid for: Aurora DB clusters only" + type: string + engineVersion: + description: "The version number of the database engine to use. + \n To list all of the available engine versions for MySQL 5.6-compatible + Aurora, use the following command: \n aws rds describe-db-engine-versions + --engine aurora --query \"DBEngineVersions[].EngineVersion\" + \n To list all of the available engine versions for MySQL 5.7-compatible + and MySQL 8.0-compatible Aurora, use the following command: + \n aws rds describe-db-engine-versions --engine aurora-mysql + --query \"DBEngineVersions[].EngineVersion\" \n To list all + of the available engine versions for Aurora PostgreSQL, use + the following command: \n aws rds describe-db-engine-versions + --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\" + \n To list all of the available engine versions for RDS for + MySQL, use the following command: \n aws rds describe-db-engine-versions + --engine mysql --query \"DBEngineVersions[].EngineVersion\" + \n To list all of the available engine versions for RDS for + PostgreSQL, use the following command: \n aws rds describe-db-engine-versions + --engine postgres --query \"DBEngineVersions[].EngineVersion\" + \n Aurora MySQL \n For information, see MySQL on Amazon RDS + Versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) + in the Amazon Aurora User Guide. \n Aurora PostgreSQL \n For + information, see Amazon Aurora PostgreSQL releases and engine + versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) + in the Amazon Aurora User Guide. \n MySQL \n For information, + see MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + in the Amazon RDS User Guide. \n PostgreSQL \n For information, + see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + in the Amazon RDS User Guide. \n Note: Downgrades are not allowed + by AWS and attempts to set a lower version will be ignored. + \n Valid for: Aurora DB clusters and Multi-AZ DB clusters" + type: string + finalDBSnapshotIdentifier: + description: "The DB cluster snapshot identifier of the new DB + cluster snapshot created when SkipFinalSnapshot is disabled. + \n Specifying this parameter and also skipping the creation + of a final DB cluster snapshot with the SkipFinalShapshot parameter + results in an error. \n Constraints: \n * Must be 1 to 255 letters, + numbers, or hyphens. \n * First character must be a letter \n + * Can't end with a hyphen or contain two consecutive hyphens" + type: string + globalClusterIdentifier: + description: "The global cluster ID of an Aurora cluster that + becomes the primary cluster in the new global database cluster. + \n Valid for: Aurora DB clusters only" + type: string + iops: + description: "The amount of Provisioned IOPS (input/output operations + per second) to be initially allocated for each DB instance in + the Multi-AZ DB cluster. \n For information about valid IOPS + values, see Amazon RDS Provisioned IOPS storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + in the Amazon RDS User Guide. \n This setting is required to + create a Multi-AZ DB cluster. \n Constraints: Must be a multiple + between .5 and 50 of the storage amount for the DB cluster. + \n Valid for: Multi-AZ DB clusters only" + format: int64 + type: integer + kmsKeyID: + description: "The Amazon Web Services KMS key identifier for an + encrypted DB cluster. \n The Amazon Web Services KMS key identifier + is the key ARN, key ID, alias ARN, or alias name for the KMS + key. To use a KMS key in a different Amazon Web Services account, + specify the key ARN or alias ARN. \n When a KMS key isn't specified + in KmsKeyId: \n * If ReplicationSourceIdentifier identifies + an encrypted source, then Amazon RDS will use the KMS key used + to encrypt the source. Otherwise, Amazon RDS will use your default + KMS key. \n * If the StorageEncrypted parameter is enabled and + ReplicationSourceIdentifier isn't specified, then Amazon RDS + will use your default KMS key. \n There is a default KMS key + for your Amazon Web Services account. Your Amazon Web Services + account has a different default KMS key for each Amazon Web + Services Region. \n If you create a read replica of an encrypted + DB cluster in another Amazon Web Services Region, you must set + KmsKeyId to a KMS key identifier that is valid in the destination + Amazon Web Services Region. This KMS key is used to encrypt + the read replica in that Amazon Web Services Region. \n Valid + for: Aurora DB clusters and Multi-AZ DB clusters" + type: string + kmsKeyIDRef: + description: KMSKeyIDRef is a reference to a KMS Key used to set + KMSKeyID. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kmsKeyIDSelector: + description: KMSKeyIDSelector selects a reference to a KMS Key + used to set KMSKeyID. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + manageMasterUserPassword: + description: "A value that indicates whether to manage the master + user password with Amazon Web Services Secrets Manager. \n For + more information, see Password management with Amazon Web Services + Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide and Password management with Amazon + Web Services Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + in the Amazon Aurora User Guide. \n Constraints: \n * Can't + manage the master user password with Amazon Web Services Secrets + Manager if MasterUserPassword is specified. \n Valid for: Aurora + DB clusters and Multi-AZ DB clusters" + type: boolean + masterUserPasswordSecretRef: + description: "The password for the master database user. This + password can contain any printable ASCII character except \"/\", + \"\"\", or \"@\". \n This parameter will be required in the + following scenarios: - The first cluster for a global Aurora + cluster - Any cluster as long as it doesn't belong to a global + Aurora cluster \n This parameter is required for creation of + a primary cluster. However, it is not required when attaching + a secondary regional cluster to an existing global cluster. + \n Constraints: Must contain from 8 to 41 characters." + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + masterUserSecretKMSKeyID: + description: "The Amazon Web Services KMS key identifier to encrypt + a secret that is automatically generated and managed in Amazon + Web Services Secrets Manager. \n This setting is valid only + if the master user password is managed by RDS in Amazon Web + Services Secrets Manager for the DB cluster. \n The Amazon Web + Services KMS key identifier is the key ARN, key ID, alias ARN, + or alias name for the KMS key. To use a KMS key in a different + Amazon Web Services account, specify the key ARN or alias ARN. + \n If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + KMS key is used to encrypt the secret. If the secret is in a + different Amazon Web Services account, then you can't use the + aws/secretsmanager KMS key to encrypt the secret, and you must + use a customer managed KMS key. \n There is a default KMS key + for your Amazon Web Services account. Your Amazon Web Services + account has a different default KMS key for each Amazon Web + Services Region. \n Valid for: Aurora DB clusters and Multi-AZ + DB clusters" + type: string + masterUsername: + description: "The name of the master user for the DB cluster. + \n Constraints: \n * Must be 1 to 16 letters or numbers. \n + * First character must be a letter. \n * Can't be a reserved + word for the chosen database engine. \n Valid for: Aurora DB + clusters and Multi-AZ DB clusters" + type: string + monitoringInterval: + description: "The interval, in seconds, between points when Enhanced + Monitoring metrics are collected for the DB cluster. To turn + off collecting Enhanced Monitoring metrics, specify 0. The default + is 0. \n If MonitoringRoleArn is specified, also set MonitoringInterval + to a value other than 0. \n Valid Values: 0, 1, 5, 10, 15, 30, + 60 \n Valid for: Multi-AZ DB clusters only" + format: int64 + type: integer + monitoringRoleARN: + description: "The Amazon Resource Name (ARN) for the IAM role + that permits RDS to send Enhanced Monitoring metrics to Amazon + CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. + For information on creating a monitoring role, see Setting up + and enabling Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) + in the Amazon RDS User Guide. \n If MonitoringInterval is set + to a value other than 0, supply a MonitoringRoleArn value. \n + Valid for: Multi-AZ DB clusters only" + type: string + networkType: + description: "The network type of the DB cluster. \n Valid values: + \n * IPV4 \n * DUAL \n The network type is determined by the + DBSubnetGroup specified for the DB cluster. A DBSubnetGroup + can support only the IPv4 protocol or the IPv4 and the IPv6 + protocols (DUAL). \n For more information, see Working with + a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + in the Amazon Aurora User Guide. \n Valid for: Aurora DB clusters + only" + type: string + optionGroupName: + description: "A value that indicates that the DB cluster should + be associated with the specified option group. \n DB clusters + are associated with a default option group that can't be modified." + type: string + performanceInsightsKMSKeyID: + description: "The Amazon Web Services KMS key identifier for encryption + of Performance Insights data. \n The Amazon Web Services KMS + key identifier is the key ARN, key ID, alias ARN, or alias name + for the KMS key. \n If you don't specify a value for PerformanceInsightsKMSKeyId, + then Amazon RDS uses your default KMS key. There is a default + KMS key for your Amazon Web Services account. Your Amazon Web + Services account has a different default KMS key for each Amazon + Web Services Region. \n Valid for: Multi-AZ DB clusters only" + type: string + performanceInsightsRetentionPeriod: + description: "The number of days to retain Performance Insights + data. The default is 7 days. The following values are valid: + \n * 7 \n * month * 31, where month is a number of months from + 1-23 \n * 731 \n For example, the following values are valid: + \n * 93 (3 months * 31) \n * 341 (11 months * 31) \n * 589 (19 + months * 31) \n * 731 \n If you specify a retention period such + as 94, which isn't a valid value, RDS issues an error. \n Valid + for: Multi-AZ DB clusters only" + format: int64 + type: integer + port: + description: "The port number on which the instances in the DB + cluster accept connections. \n RDS for MySQL and Aurora MySQL + \n Default: 3306 \n Valid values: 1150-65535 \n RDS for PostgreSQL + and Aurora PostgreSQL \n Default: 5432 \n Valid values: 1150-65535 + \n Valid for: Aurora DB clusters and Multi-AZ DB clusters" + format: int64 + type: integer + preSignedURL: + description: "When you are replicating a DB cluster from one Amazon + Web Services GovCloud (US) Region to another, an URL that contains + a Signature Version 4 signed request for the CreateDBCluster + operation to be called in the source Amazon Web Services Region + where the DB cluster is replicated from. Specify PreSignedUrl + only when you are performing cross-Region replication from an + encrypted DB cluster. \n The presigned URL must be a valid request + for the CreateDBCluster API operation that can run in the source + Amazon Web Services Region that contains the encrypted DB cluster + to copy. \n The presigned URL request must contain the following + parameter values: \n * KmsKeyId - The KMS key identifier for + the KMS key to use to encrypt the copy of the DB cluster in + the destination Amazon Web Services Region. This should refer + to the same KMS key for both the CreateDBCluster operation that + is called in the destination Amazon Web Services Region, and + the operation contained in the presigned URL. \n * DestinationRegion + - The name of the Amazon Web Services Region that Aurora read + replica will be created in. \n * ReplicationSourceIdentifier + - The DB cluster identifier for the encrypted DB cluster to + be copied. This identifier must be in the Amazon Resource Name + (ARN) format for the source Amazon Web Services Region. For + example, if you are copying an encrypted DB cluster from the + us-west-2 Amazon Web Services Region, then your ReplicationSourceIdentifier + would look like Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1. + \n To learn how to generate a Signature Version 4 signed request, + see Authenticating Requests: Using Query Parameters (Amazon + Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). + \n If you are using an Amazon Web Services SDK tool or the CLI, + you can specify SourceRegion (or --source-region for the CLI) + instead of specifying PreSignedUrl manually. Specifying SourceRegion + autogenerates a presigned URL that is a valid request for the + operation that can run in the source Amazon Web Services Region. + \n Valid for: Aurora DB clusters only" + type: string + preferredBackupWindow: + description: "The daily time range during which automated backups + are created if automated backups are enabled using the BackupRetentionPeriod + parameter. \n The default is a 30-minute window selected at + random from an 8-hour block of time for each Amazon Web Services + Region. To view the time blocks available, see Backup window + (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) + in the Amazon Aurora User Guide. \n Constraints: \n * Must be + in the format hh24:mi-hh24:mi. \n * Must be in Universal Coordinated + Time (UTC). \n * Must not conflict with the preferred maintenance + window. \n * Must be at least 30 minutes. \n Valid for: Aurora + DB clusters and Multi-AZ DB clusters" + type: string + preferredMaintenanceWindow: + description: "The weekly time range during which system maintenance + can occur, in Universal Coordinated Time (UTC). \n Format: ddd:hh24:mi-ddd:hh24:mi + \n The default is a 30-minute window selected at random from + an 8-hour block of time for each Amazon Web Services Region, + occurring on a random day of the week. To see the time blocks + available, see Adjusting the Preferred DB Cluster Maintenance + Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + in the Amazon Aurora User Guide. \n Valid Days: Mon, Tue, Wed, + Thu, Fri, Sat, Sun. \n Constraints: Minimum 30-minute window. + \n Valid for: Aurora DB clusters and Multi-AZ DB clusters" + type: string + publiclyAccessible: + description: "A value that indicates whether the DB cluster is + publicly accessible. \n When the DB cluster is publicly accessible, + its Domain Name System (DNS) endpoint resolves to the private + IP address from within the DB cluster's virtual private cloud + (VPC). It resolves to the public IP address from outside of + the DB cluster's VPC. Access to the DB cluster is ultimately + controlled by the security group it uses. That public access + isn't permitted if the security group assigned to the DB cluster + doesn't permit it. \n When the DB cluster isn't publicly accessible, + it is an internal DB cluster with a DNS name that resolves to + a private IP address. \n Default: The default behavior varies + depending on whether DBSubnetGroupName is specified. \n If DBSubnetGroupName + isn't specified, and PubliclyAccessible isn't specified, the + following applies: \n * If the default VPC in the target Region + doesn’t have an internet gateway attached to it, the DB cluster + is private. \n * If the default VPC in the target Region has + an internet gateway attached to it, the DB cluster is public. + \n If DBSubnetGroupName is specified, and PubliclyAccessible + isn't specified, the following applies: \n * If the subnets + are part of a VPC that doesn’t have an internet gateway attached + to it, the DB cluster is private. \n * If the subnets are part + of a VPC that has an internet gateway attached to it, the DB + cluster is public. \n Valid for: Multi-AZ DB clusters only" + type: boolean + region: + description: Region is which region the DBCluster will be created. + type: string + replicationSourceIdentifier: + description: "The Amazon Resource Name (ARN) of the source DB + instance or DB cluster if this DB cluster is created as a read + replica. \n Valid for: Aurora DB clusters only" + type: string + restoreFrom: + description: RestoreFrom specifies the details of the backup to + restore when creating a new DBCluster. + properties: + pointInTime: + description: PointInTime specifies the details of the point + in time restore. + properties: + restoreTime: + description: 'RestoreTime is the date and time (UTC) to + restore from. Must be before the latest restorable time + for the DB instance. Can''t be specified if the useLatestRestorableTime + parameter is enabled. Example: 2011-09-07T23:45:00Z' + format: date-time + type: string + restoreType: + description: "The type of restore to be performed. You + can specify one of the following values: \n * full-copy + - The new DB cluster is restored as a full copy of the + source DB cluster. \n * copy-on-write - The new DB cluster + is restored as a clone of the source DB cluster. \n + Constraints: You can't specify copy-on-write if the + engine version of the source DB cluster is earlier than + 1.11. \n If you don't specify a RestoreType value, then + the new DB cluster is restored as a full copy of the + source DB cluster. \n Valid for: Aurora DB clusters + and Multi-AZ DB clusters" + enum: + - full-copy + - copy-on-write + type: string + sourceDBClusterIdentifier: + description: 'SourceDBClusterIdentifier specifies the + identifier of the source DB cluster from which to restore. + Constraints: Must match the identifier of an existing + DB instance.' + type: string + sourceDBInstanceAutomatedBackupsArn: + description: 'SourceDBInstanceAutomatedBackupsArn specifies + the Amazon Resource Name (ARN) of the replicated automated + backups from which to restore. Example: arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE' + type: string + sourceDbiResourceId: + description: SourceDbiResourceID specifies the resource + ID of the source DB instance from which to restore. + type: string + useLatestRestorableTime: + description: UseLatestRestorableTime indicates that the + DB instance is restored from the latest backup Can't + be specified if the restoreTime parameter is provided. + type: boolean + type: object + s3: + description: S3 specifies the details of the S3 backup to + restore from. + properties: + bucketName: + description: BucketName is the name of the S3 bucket containing + the backup to restore. + type: string + ingestionRoleARN: + description: IngestionRoleARN is the IAM role RDS can + assume that will allow it to access the contents of + the S3 bucket. + type: string + prefix: + description: Prefix is the path prefix of the S3 bucket + within which the backup to restore is located. + type: string + sourceEngine: + description: SourceEngine is the engine used to create + the backup. Must be "mysql". + type: string + sourceEngineVersion: + description: 'SourceEngineVersion is the version of the + engine used to create the backup. Example: "5.7.30"' + type: string + required: + - bucketName + - ingestionRoleARN + - sourceEngine + - sourceEngineVersion + type: object + snapshot: + description: Snapshot specifies the details of the snapshot + to restore from. + properties: + snapshotIdentifier: + description: SnapshotIdentifier is the identifier of the + snapshot to restore. + type: string + required: + - snapshotIdentifier + type: object + source: + description: Source is the type of the backup to restore when + creating a new DBCluster or DBInstance. S3, Snapshot and + PointInTime are supported. + enum: + - S3 + - Snapshot + - PointInTime + type: string + required: + - source + type: object + scalingConfiguration: + description: "For DB clusters in serverless DB engine mode, the + scaling properties of the DB cluster. \n Valid for: Aurora DB + clusters only" + properties: + autoPause: + type: boolean + maxCapacity: + format: int64 + type: integer + minCapacity: + format: int64 + type: integer + secondsBeforeTimeout: + format: int64 + type: integer + secondsUntilAutoPause: + format: int64 + type: integer + timeoutAction: + type: string + type: object + serverlessV2ScalingConfiguration: + properties: + maxCapacity: + type: number + minCapacity: + type: number + type: object + skipFinalSnapshot: + description: "A value that indicates whether to skip the creation + of a final DB cluster snapshot before the DB cluster is deleted. + If skip is specified, no DB cluster snapshot is created. If + skip isn't specified, a DB cluster snapshot is created before + the DB cluster is deleted. By default, skip isn't specified, + and the DB cluster snapshot is created. By default, this parameter + is disabled. \n You must specify a FinalDBSnapshotIdentifier + parameter if SkipFinalSnapshot is disabled." + type: boolean + sourceRegion: + description: SourceRegion is the source region where the resource + exists. This is not sent over the wire and is only used for + presigning. This value should always have the same region as + the source ARN. + type: string + storageEncrypted: + description: "A value that indicates whether the DB cluster is + encrypted. \n Valid for: Aurora DB clusters and Multi-AZ DB + clusters" + type: boolean + storageType: + description: "Specifies the storage type to be associated with + the DB cluster. \n This setting is required to create a Multi-AZ + DB cluster. \n Valid values: io1 \n When specified, a value + for the Iops parameter is required. \n Default: io1 \n Valid + for: Multi-AZ DB clusters only" + type: string + tags: + description: "Tags to assign to the DB cluster. \n Valid for: + Aurora DB clusters and Multi-AZ DB clusters" + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcSecurityGroupIDRefs: + description: VPCSecurityGroupIDRefs are references to VPCSecurityGroups + used to set the VPCSecurityGroupIDs. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which + will attempt to resolve the reference only when the + corresponding field is not present. Use 'Always' to + resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + vpcSecurityGroupIDSelector: + description: VPCSecurityGroupIDSelector selects references to + VPCSecurityGroups used to set the VPCSecurityGroupIDs. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + vpcSecurityGroupIDs: + description: "A list of VPC security groups that the DB cluster + will belong to. \n Valid for: Aurora DB clusters and Multi-AZ + DB clusters" + items: + type: string + type: array + required: + - engine + - region + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: DBClusterStatus defines the observed state of DBCluster. + properties: + atProvider: + description: DBClusterObservation defines the observed state of DBCluster + properties: + activityStreamKMSKeyID: + description: "The Amazon Web Services KMS key identifier used + for encrypting messages in the database activity stream. \n + The Amazon Web Services KMS key identifier is the key ARN, key + ID, alias ARN, or alias name for the KMS key." + type: string + activityStreamKinesisStreamName: + description: The name of the Amazon Kinesis data stream used for + the database activity stream. + type: string + activityStreamMode: + description: The mode of the database activity stream. Database + events such as a change or access generate an activity stream + event. The database session can handle these events either synchronously + or asynchronously. + type: string + activityStreamStatus: + description: The status of the database activity stream. + type: string + associatedRoles: + description: Provides a list of the Amazon Web Services Identity + and Access Management (IAM) roles that are associated with the + DB cluster. IAM roles that are associated with a DB cluster + grant permission for the DB cluster to access other Amazon Web + Services on your behalf. + items: + properties: + featureName: + type: string + roleARN: + type: string + status: + type: string + type: object + type: array + automaticRestartTime: + description: The time when a stopped DB cluster is restarted automatically. + format: date-time + type: string + backtrackConsumedChangeRecords: + description: The number of change records stored for Backtrack. + format: int64 + type: integer + capacity: + description: "The current capacity of an Aurora Serverless v1 + DB cluster. The capacity is 0 (zero) when the cluster is paused. + \n For more information about Aurora Serverless v1, see Using + Amazon Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) + in the Amazon Aurora User Guide." + format: int64 + type: integer + cloneGroupID: + description: Identifies the clone group to which the DB cluster + is associated. + type: string + clusterCreateTime: + description: Specifies the time when the DB cluster was created, + in Universal Coordinated Time (UTC). + format: date-time + type: string + crossAccountClone: + description: Specifies whether the DB cluster is a clone of a + DB cluster owned by a different Amazon Web Services account. + type: boolean + customEndpoints: + description: Identifies all custom endpoints associated with the + cluster. + items: + type: string + type: array + dbClusterARN: + description: The Amazon Resource Name (ARN) for the DB cluster. + type: string + dbClusterIdentifier: + description: Contains a user-supplied DB cluster identifier. This + identifier is the unique key that identifies a DB cluster. + type: string + dbClusterMembers: + description: Provides the list of instances that make up the DB + cluster. + items: + properties: + dbClusterParameterGroupStatus: + type: string + dbInstanceIdentifier: + type: string + isClusterWriter: + type: boolean + promotionTier: + format: int64 + type: integer + type: object + type: array + dbClusterOptionGroupMemberships: + description: Provides the list of option group memberships for + this DB cluster. + items: + properties: + dbClusterOptionGroupName: + type: string + status: + type: string + type: object + type: array + dbClusterParameterGroup: + description: Specifies the name of the DB cluster parameter group + for the DB cluster. + type: string + dbClusterResourceID: + description: The Amazon Web Services Region-unique, immutable + identifier for the DB cluster. This identifier is found in Amazon + Web Services CloudTrail log entries whenever the KMS key for + the DB cluster is accessed. + type: string + dbSubnetGroup: + description: Specifies information on the subnet group associated + with the DB cluster, including the name, description, and subnets + in the subnet group. + type: string + domainMemberships: + description: The Active Directory Domain membership records associated + with the DB cluster. + items: + properties: + domain: + type: string + fQDN: + type: string + iamRoleName: + type: string + status: + type: string + type: object + type: array + earliestBacktrackTime: + description: The earliest time to which a DB cluster can be backtracked. + format: date-time + type: string + earliestRestorableTime: + description: The earliest time to which a database can be restored + with point-in-time restore. + format: date-time + type: string + enabledCloudwatchLogsExports: + description: "A list of log types that this DB cluster is configured + to export to CloudWatch Logs. \n Log types vary by DB engine. + For information about the log types for each DB engine, see + Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html) + in the Amazon Aurora User Guide." + items: + type: string + type: array + endpoint: + description: Specifies the connection endpoint for the primary + instance of the DB cluster. + type: string + engineVersion: + description: Indicates the database engine version. + type: string + globalWriteForwardingRequested: + description: Specifies whether you have requested to enable write + forwarding for a secondary cluster in an Aurora global database. + Because write forwarding takes time to enable, check the value + of GlobalWriteForwardingStatus to confirm that the request has + completed before using the write forwarding feature for this + cluster. + type: boolean + globalWriteForwardingStatus: + description: Specifies whether a secondary cluster in an Aurora + global database has write forwarding enabled, not enabled, or + is in the process of enabling it. + type: string + hostedZoneID: + description: Specifies the ID that Amazon Route 53 assigns when + you create a hosted zone. + type: string + httpEndpointEnabled: + description: "A value that indicates whether the HTTP endpoint + for an Aurora Serverless v1 DB cluster is enabled. \n When enabled, + the HTTP endpoint provides a connectionless web service API + for running SQL queries on the Aurora Serverless v1 DB cluster. + You can also query your database from inside the RDS console + with the query editor. \n For more information, see Using the + Data API for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + in the Amazon Aurora User Guide." + type: boolean + iamDatabaseAuthenticationEnabled: + description: A value that indicates whether the mapping of Amazon + Web Services Identity and Access Management (IAM) accounts to + database accounts is enabled. + type: boolean + latestRestorableTime: + description: Specifies the latest time to which a database can + be restored with point-in-time restore. + format: date-time + type: string + masterUserSecret: + description: "Contains the secret managed by RDS in Amazon Web + Services Secrets Manager for the master user password. \n For + more information, see Password management with Amazon Web Services + Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide and Password management with Amazon + Web Services Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + in the Amazon Aurora User Guide." + properties: + kmsKeyID: + type: string + secretARN: + type: string + secretStatus: + type: string + type: object + multiAZ: + description: Specifies whether the DB cluster has instances in + multiple Availability Zones. + type: boolean + percentProgress: + description: Specifies the progress of the operation as a percentage. + type: string + performanceInsightsEnabled: + description: "True if Performance Insights is enabled for the + DB cluster, and otherwise false. \n This setting is only for + non-Aurora Multi-AZ DB clusters." + type: boolean + readReplicaIdentifiers: + description: Contains one or more identifiers of the read replicas + associated with this DB cluster. + items: + type: string + type: array + readerEndpoint: + description: "The reader endpoint for the DB cluster. The reader + endpoint for a DB cluster load-balances connections across the + Aurora Replicas that are available in a DB cluster. As clients + request new connections to the reader endpoint, Aurora distributes + the connection requests among the Aurora Replicas in the DB + cluster. This functionality can help balance your read workload + across multiple Aurora Replicas in your DB cluster. \n If a + failover occurs, and the Aurora Replica that you are connected + to is promoted to be the primary instance, your connection is + dropped. To continue sending your read workload to other Aurora + Replicas in the cluster, you can then reconnect to the reader + endpoint." + type: string + scalingConfigurationInfo: + properties: + autoPause: + type: boolean + maxCapacity: + format: int64 + type: integer + minCapacity: + format: int64 + type: integer + secondsBeforeTimeout: + format: int64 + type: integer + secondsUntilAutoPause: + format: int64 + type: integer + timeoutAction: + type: string + type: object + status: + description: Specifies the current state of this DB cluster. + type: string + tagList: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcSecurityGroups: + description: Provides a list of VPC security groups that the DB + cluster belongs to. + items: + properties: + status: + type: string + vpcSecurityGroupID: + type: string + type: object + type: array + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/testutils/crds/DBClusterParameterGroup.yaml b/testutils/crds/DBClusterParameterGroup.yaml new file mode 100644 index 00000000..a7259504 --- /dev/null +++ b/testutils/crds/DBClusterParameterGroup.yaml @@ -0,0 +1,404 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: "2023-10-03T17:31:23Z" + generation: 1 + name: dbclusterparametergroups.rds.aws.crossplane.io + ownerReferences: + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: true + kind: ProviderRevision + name: bloxinabox-provider-877b9fccf7ca + uid: f42ec1bf-0547-43c9-a29d-1dc6c06c0286 + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: false + kind: Provider + name: bloxinabox-provider + uid: 273f9682-ede8-4b8f-82ba-5c85cf731d51 + uid: 6f0deed4-6089-4406-abf8-1e9e4f660732 +spec: + conversion: + strategy: None + group: rds.aws.crossplane.io + names: + categories: + - crossplane + - managed + - aws + kind: DBClusterParameterGroup + listKind: DBClusterParameterGroupList + plural: dbclusterparametergroups + singular: dbclusterparametergroup + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DBClusterParameterGroup is the Schema for the DBClusterParameterGroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DBClusterParameterGroupSpec defines the desired state of + DBClusterParameterGroup + properties: + deletionPolicy: + default: Delete + description: DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. + enum: + - Orphan + - Delete + type: string + forProvider: + description: DBClusterParameterGroupParameters defines the desired + state of DBClusterParameterGroup + properties: + dbParameterGroupFamily: + description: "The DB cluster parameter group family name. A DB + cluster parameter group can be associated with one and only + one DB cluster parameter group family, and can be applied only + to a DB cluster running a database engine and engine version + compatible with that DB cluster parameter group family. \n Aurora + MySQL \n Example: aurora5.6, aurora-mysql5.7 \n Aurora PostgreSQL + \n Example: aurora-postgresql9.6 \n To list all of the available + parameter group families for a DB engine, use the following + command: \n aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" + --engine \n For example, to list all of the available + parameter group families for the Aurora PostgreSQL DB engine, + use the following command: \n aws rds describe-db-engine-versions + --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine + aurora-postgresql \n The output contains duplicates. \n The + following are the valid DB engine values: \n * aurora (for MySQL + 5.6-compatible Aurora) \n * aurora-mysql (for MySQL 5.7-compatible + Aurora) \n * aurora-postgresql \n One of DBParameterGroupFamily + or DBParameterGroupFamilySelector is required." + type: string + dbParameterGroupFamilySelector: + description: "DBParameterGroupFamilySelector determines DBParameterGroupFamily + from the engine and engine version. \n One of DBParameterGroupFamily + or DBParameterGroupFamilySelector is required. \n Will not be + used if DBParameterGroupFamily is already set." + properties: + engine: + description: Engine is the name of the database engine. + type: string + engineVersion: + description: EngineVersion is the version of the database + engine. If it is nil, the default engine version given by + AWS will be used. + type: string + required: + - engine + type: object + description: + description: The description for the DB cluster parameter group. + type: string + parameters: + description: 'A list of parameters to associate with this DB cluster + parameter group. The fields ApplyMethod, ParameterName and ParameterValue + are required for every parameter. Note: AWS actually only modifies + the ApplyMethod of a parameter, if the ParameterValue changes + too.' + items: + description: CustomParameter are custom parameters for the Parameter + properties: + applyMethod: + description: The apply method of the parameter. AWS actually + only modifies to value set here, if the parameter value + changes too. + enum: + - immediate + - pending-reboot + type: string + parameterName: + description: The name of the parameter. + type: string + parameterValue: + description: The value of the parameter. + type: string + required: + - applyMethod + - parameterName + - parameterValue + type: object + type: array + region: + description: Region is which region the DBClusterParameterGroup + will be created. + type: string + tags: + description: Tags to assign to the DB cluster parameter group. + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - description + - region + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: DBClusterParameterGroupStatus defines the observed state + of DBClusterParameterGroup. + properties: + atProvider: + description: DBClusterParameterGroupObservation defines the observed + state of DBClusterParameterGroup + properties: + dbClusterParameterGroupARN: + description: The Amazon Resource Name (ARN) for the DB cluster + parameter group. + type: string + dbClusterParameterGroupName: + description: The name of the DB cluster parameter group. + type: string + dbParameterGroupFamily: + description: The name of the DB parameter group family that this + DB cluster parameter group is compatible with. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/testutils/crds/DBInstance.yaml b/testutils/crds/DBInstance.yaml new file mode 100644 index 00000000..803e1641 --- /dev/null +++ b/testutils/crds/DBInstance.yaml @@ -0,0 +1,2044 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: "2023-10-03T17:31:23Z" + generation: 1 + name: dbinstances.rds.aws.crossplane.io + ownerReferences: + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: true + kind: ProviderRevision + name: bloxinabox-provider-877b9fccf7ca + uid: f42ec1bf-0547-43c9-a29d-1dc6c06c0286 + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: false + kind: Provider + name: bloxinabox-provider + uid: 273f9682-ede8-4b8f-82ba-5c85cf731d51 + uid: 4c767e2a-e760-4ac9-bd52-eb07d1636100 +spec: + conversion: + strategy: None + group: rds.aws.crossplane.io + names: + categories: + - crossplane + - managed + - aws + kind: DBInstance + listKind: DBInstanceList + plural: dbinstances + singular: dbinstance + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DBInstance is the Schema for the DBInstances API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DBInstanceSpec defines the desired state of DBInstance + properties: + deletionPolicy: + default: Delete + description: DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. + enum: + - Orphan + - Delete + type: string + forProvider: + description: DBInstanceParameters defines the desired state of DBInstance + properties: + allocatedStorage: + description: "The amount of storage in gibibytes (GiB) to allocate + for the DB instance. \n Type: Integer \n Amazon Aurora \n Not + applicable. Aurora cluster volumes automatically grow as the + amount of data in your database increases, though you are only + charged for the space that you use in an Aurora cluster volume. + \n Amazon RDS Custom \n Constraints to the amount of storage + for each storage type are the following: \n * General Purpose + (SSD) storage (gp2, gp3): Must be an integer from 40 to 65536 + for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. + \n * Provisioned IOPS storage (io1): Must be an integer from + 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom + for SQL Server. \n MySQL \n Constraints to the amount of storage + for each storage type are the following: \n * General Purpose + (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536. + \n * Provisioned IOPS storage (io1): Must be an integer from + 100 to 65536. \n * Magnetic storage (standard): Must be an integer + from 5 to 3072. \n MariaDB \n Constraints to the amount of storage + for each storage type are the following: \n * General Purpose + (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536. + \n * Provisioned IOPS storage (io1): Must be an integer from + 100 to 65536. \n * Magnetic storage (standard): Must be an integer + from 5 to 3072. \n PostgreSQL \n Constraints to the amount of + storage for each storage type are the following: \n * General + Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + to 65536. \n * Provisioned IOPS storage (io1): Must be an integer + from 100 to 65536. \n * Magnetic storage (standard): Must be + an integer from 5 to 3072. \n Oracle \n Constraints to the amount + of storage for each storage type are the following: \n * General + Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + to 65536. \n * Provisioned IOPS storage (io1): Must be an integer + from 100 to 65536. \n * Magnetic storage (standard): Must be + an integer from 10 to 3072. \n SQL Server \n Constraints to + the amount of storage for each storage type are the following: + \n * General Purpose (SSD) storage (gp2, gp3): Enterprise and + Standard editions: Must be an integer from 20 to 16384. Web + and Express editions: Must be an integer from 20 to 16384. \n + * Provisioned IOPS storage (io1): Enterprise and Standard editions: + Must be an integer from 100 to 16384. Web and Express editions: + Must be an integer from 100 to 16384. \n * Magnetic storage + (standard): Enterprise and Standard editions: Must be an integer + from 20 to 1024. Web and Express editions: Must be an integer + from 20 to 1024." + format: int64 + type: integer + allowMajorVersionUpgrade: + description: "A value that indicates whether major version upgrades + are allowed. Changing this parameter doesn't result in an outage + and the change is asynchronously applied as soon as possible. + \n This setting doesn't apply to RDS Custom. \n Constraints: + Major version upgrades must be allowed when specifying a value + for the EngineVersion parameter that is a different major version + than the DB instance's current version." + type: boolean + applyImmediately: + description: "A value that indicates whether the modifications + in this request and any pending modifications are asynchronously + applied as soon as possible, regardless of the PreferredMaintenanceWindow + setting for the DB instance. By default, this parameter is disabled. + \n If this parameter is disabled, changes to the DB instance + are applied during the next maintenance window. Some parameter + changes can cause an outage and are applied on the next call + to RebootDBInstance, or the next failure reboot. Review the + table of parameters in Modifying a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html) + in the Amazon RDS User Guide. to see the impact of enabling + or disabling ApplyImmediately for each modified parameter and + to determine when the changes are applied." + type: boolean + autoMinorVersionUpgrade: + description: "A value that indicates whether minor engine upgrades + are applied automatically to the DB instance during the maintenance + window. By default, minor engine upgrades are applied automatically. + \n If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade + to false." + type: boolean + autogeneratePassword: + description: "AutogeneratePassword indicates whether the controller + should generate a random password for the master user if one + is not provided via MasterUserPasswordSecretRef. \n If a password + is generated, it will be stored as a secret at the location + specified by MasterUserPasswordSecretRef." + type: boolean + availabilityZone: + description: "The Availability Zone (AZ) where the database will + be created. For information on Amazon Web Services Regions and + Availability Zones, see Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + \n Amazon Aurora \n Each Aurora DB cluster hosts copies of its + storage in three separate Availability Zones. Specify one of + these Availability Zones. Aurora automatically chooses an appropriate + Availability Zone if you don't specify one. \n Default: A random, + system-chosen Availability Zone in the endpoint's Amazon Web + Services Region. \n Example: us-east-1d \n Constraint: The AvailabilityZone + parameter can't be specified if the DB instance is a Multi-AZ + deployment. The specified Availability Zone must be in the same + Amazon Web Services Region as the current endpoint." + type: string + backupRetentionPeriod: + description: "The number of days for which automated backups are + retained. Setting this parameter to a positive number enables + backups. Setting this parameter to 0 disables automated backups. + \n Amazon Aurora \n Not applicable. The retention period for + automated backups is managed by the DB cluster. \n Default: + 1 \n Constraints: \n * Must be a value from 0 to 35 \n * Can't + be set to 0 if the DB instance is a source to read replicas + \n * Can't be set to 0 for an RDS Custom for Oracle DB instance" + format: int64 + type: integer + backupTarget: + description: "Specifies where automated backups and manual snapshots + are stored. \n Possible values are outposts (Amazon Web Services + Outposts) and region (Amazon Web Services Region). The default + is region. \n For more information, see Working with Amazon + RDS on Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide." + type: string + caCertificateIdentifier: + description: "Specifies the CA certificate identifier to use for + the DB instance’s server certificate. \n This setting doesn't + apply to RDS Custom. \n For more information, see Using SSL/TLS + to encrypt a connection to a DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + in the Amazon RDS User Guide and Using SSL/TLS to encrypt a + connection to a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + in the Amazon Aurora User Guide." + type: string + characterSetName: + description: "For supported engines, this value indicates that + the DB instance should be associated with the specified CharacterSet. + \n This setting doesn't apply to RDS Custom. However, if you + need to change the character set, you can change it on the database + itself. \n Amazon Aurora \n Not applicable. The character set + is managed by the DB cluster. For more information, see CreateDBCluster." + type: string + copyTagsToSnapshot: + description: "A value that indicates whether to copy tags from + the DB instance to snapshots of the DB instance. By default, + tags are not copied. \n Amazon Aurora \n Not applicable. Copying + tags to snapshots is managed by the DB cluster. Setting this + value for an Aurora DB instance has no effect on the DB cluster + setting." + type: boolean + customIAMInstanceProfile: + description: "The instance profile associated with the underlying + Amazon EC2 instance of an RDS Custom DB instance. The instance + profile must meet the following requirements: \n * The profile + must exist in your account. \n * The profile must have an IAM + role that Amazon EC2 has permissions to assume. \n * The instance + profile name and the associated IAM role name must start with + the prefix AWSRDSCustom. \n For the list of permissions required + for the IAM role, see Configure IAM and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) + in the Amazon RDS User Guide. \n This setting is required for + RDS Custom." + type: string + dbClusterIdentifier: + description: "The identifier of the DB cluster that the instance + will belong to. \n This setting doesn't apply to RDS Custom." + type: string + dbClusterIdentifierRef: + description: DBClusterIdentifierRef is a reference to a DBCluster + used to set DBClusterIdentifier. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dbClusterIdentifierSelector: + description: DBClusterIdentifierSelector selects a reference to + a DBCluster used to set DBClusterIdentifier. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + dbInstanceClass: + description: The compute and memory capacity of the DB instance, + for example db.m5.large. Not all DB instance classes are available + in all Amazon Web Services Regions, or for all database engines. + For the full list of DB instance classes, and availability for + your engine, see DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + in the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) + in the Amazon Aurora User Guide. + type: string + dbName: + description: "The meaning of this parameter differs according + to the database engine you use. \n MySQL \n The name of the + database to create when the DB instance is created. If this + parameter isn't specified, no database is created in the DB + instance. \n Constraints: \n * Must contain 1 to 64 letters + or numbers. \n * Must begin with a letter. Subsequent characters + can be letters, underscores, or digits (0-9). \n * Can't be + a word reserved by the specified database engine \n MariaDB + \n The name of the database to create when the DB instance is + created. If this parameter isn't specified, no database is created + in the DB instance. \n Constraints: \n * Must contain 1 to 64 + letters or numbers. \n * Must begin with a letter. Subsequent + characters can be letters, underscores, or digits (0-9). \n + * Can't be a word reserved by the specified database engine + \n PostgreSQL \n The name of the database to create when the + DB instance is created. If this parameter isn't specified, a + database named postgres is created in the DB instance. \n Constraints: + \n * Must contain 1 to 63 letters, numbers, or underscores. + \n * Must begin with a letter. Subsequent characters can be + letters, underscores, or digits (0-9). \n * Can't be a word + reserved by the specified database engine \n Oracle \n The Oracle + System ID (SID) of the created DB instance. If you specify null, + the default value ORCL is used. You can't specify the string + NULL, or any other reserved word, for DBName. \n Default: ORCL + \n Constraints: \n * Can't be longer than 8 characters \n Amazon + RDS Custom for Oracle \n The Oracle System ID (SID) of the created + RDS Custom DB instance. If you don't specify a value, the default + value is ORCL. \n Default: ORCL \n Constraints: \n * It must + contain 1 to 8 alphanumeric characters. \n * It must contain + a letter. \n * It can't be a word reserved by the database engine. + \n Amazon RDS Custom for SQL Server \n Not applicable. Must + be null. \n SQL Server \n Not applicable. Must be null. \n Amazon + Aurora MySQL \n The name of the database to create when the + primary DB instance of the Aurora MySQL DB cluster is created. + If this parameter isn't specified for an Aurora MySQL DB cluster, + no database is created in the DB cluster. \n Constraints: \n + * It must contain 1 to 64 alphanumeric characters. \n * It can't + be a word reserved by the database engine. \n Amazon Aurora + PostgreSQL \n The name of the database to create when the primary + DB instance of the Aurora PostgreSQL DB cluster is created. + If this parameter isn't specified for an Aurora PostgreSQL DB + cluster, a database named postgres is created in the DB cluster. + \n Constraints: \n * It must contain 1 to 63 alphanumeric characters. + \n * It must begin with a letter. Subsequent characters can + be letters, underscores, or digits (0 to 9). \n * It can't be + a word reserved by the database engine." + type: string + dbParameterGroupName: + description: "The name of the DB parameter group to associate + with this DB instance. If you do not specify a value, then the + default DB parameter group for the specified DB engine and version + is used. \n This setting doesn't apply to RDS Custom. \n Constraints: + \n * It must be 1 to 255 letters, numbers, or hyphens. \n * + The first character must be a letter. \n * It can't end with + a hyphen or contain two consecutive hyphens." + type: string + dbParameterGroupNameRef: + description: DBParameterGroupNameRef is a reference to a DBParameterGroup + used to set DBParameterGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dbParameterGroupNameSelector: + description: DBParameterGroupNameSelector selects a reference + to a DBParameterGroup used to set DBParameterGroupName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + dbSecurityGroups: + description: A list of database security groups to associate with + this DB instance + items: + type: string + type: array + dbSubnetGroupName: + description: "A DB subnet group to associate with this DB instance. + \n Constraints: Must match the name of an existing DBSubnetGroup. + Must not be default. \n Example: mydbsubnetgroup" + type: string + dbSubnetGroupNameRef: + description: DBSubnetGroupNameRef is a reference to a DBSubnetGroup + used to set DBSubnetGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + dbSubnetGroupNameSelector: + description: DBSubnetGroupNameSelector selects a reference to + a DBSubnetGroup used to set DBSubnetGroupName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + deleteAutomatedBackups: + description: DeleteAutomatedBackups indicates whether to remove + automated backups immediately after the DB instance is deleted. + The default is to remove automated backups immediately after + the DB instance is deleted. + type: boolean + deletionProtection: + description: "A value that indicates whether the DB instance has + deletion protection enabled. The database can't be deleted when + deletion protection is enabled. By default, deletion protection + isn't enabled. For more information, see Deleting a DB Instance + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + \n Amazon Aurora \n Not applicable. You can enable or disable + deletion protection for the DB cluster. For more information, + see CreateDBCluster. DB instances in a DB cluster can be deleted + even when deletion protection is enabled for the DB cluster." + type: boolean + domain: + description: "The Active Directory directory ID to create the + DB instance in. Currently, only MySQL, Microsoft SQL Server, + Oracle, and PostgreSQL DB instances can be created in an Active + Directory Domain. \n For more information, see Kerberos Authentication + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) + in the Amazon RDS User Guide. \n This setting doesn't apply + to RDS Custom. \n Amazon Aurora \n Not applicable. The domain + is managed by the DB cluster." + type: string + domainIAMRoleName: + description: "Specify the name of the IAM role to be used when + making API calls to the Directory Service. \n This setting doesn't + apply to RDS Custom. \n Amazon Aurora \n Not applicable. The + domain is managed by the DB cluster." + type: string + domainIAMRoleNameRef: + description: DomainIAMRoleNameRef is a reference to an IAMRole + used to set DomainIAMRoleName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + domainIAMRoleNameSelector: + description: DomainIAMRoleNameSelector selects a reference to + an IAMRole used to set DomainIAMRoleName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + enableCloudwatchLogsExports: + description: "The list of log types that need to be enabled for + exporting to CloudWatch Logs. The values in the list depend + on the DB engine. For more information, see Publishing Database + Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + in the Amazon RDS User Guide. \n Amazon Aurora \n Not applicable. + CloudWatch Logs exports are managed by the DB cluster. \n RDS + Custom \n Not applicable. \n MariaDB \n Possible values are + audit, error, general, and slowquery. \n Microsoft SQL Server + \n Possible values are agent and error. \n MySQL \n Possible + values are audit, error, general, and slowquery. \n Oracle \n + Possible values are alert, audit, listener, trace, and oemagent. + \n PostgreSQL \n Possible values are postgresql and upgrade." + items: + type: string + type: array + enableCustomerOwnedIP: + description: "A value that indicates whether to enable a customer-owned + IP address (CoIP) for an RDS on Outposts DB instance. \n A CoIP + provides local or external connectivity to resources in your + Outpost subnets through your on-premises network. For some use + cases, a CoIP can provide lower latency for connections to the + DB instance from outside of its virtual private cloud (VPC) + on your local network. \n For more information about RDS on + Outposts, see Working with Amazon RDS on Amazon Web Services + Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. \n For more information about + CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + in the Amazon Web Services Outposts User Guide." + type: boolean + enableIAMDatabaseAuthentication: + description: "A value that indicates whether to enable mapping + of Amazon Web Services Identity and Access Management (IAM) + accounts to database accounts. By default, mapping isn't enabled. + \n For more information, see IAM Database Authentication for + MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) + in the Amazon RDS User Guide. \n This setting doesn't apply + to RDS Custom. \n Amazon Aurora \n Not applicable. Mapping Amazon + Web Services IAM accounts to database accounts is managed by + the DB cluster." + type: boolean + enablePerformanceInsights: + description: "A value that indicates whether to enable Performance + Insights for the DB instance. For more information, see Using + Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + in the Amazon RDS User Guide. \n This setting doesn't apply + to RDS Custom." + type: boolean + engine: + description: "The name of the database engine to be used for this + instance. \n Not every database engine is available for every + Amazon Web Services Region. \n Valid Values: \n * aurora (for + MySQL 5.6-compatible Aurora) \n * aurora-mysql (for MySQL 5.7-compatible + and MySQL 8.0-compatible Aurora) \n * aurora-postgresql \n * + custom-oracle-ee (for RDS Custom for Oracle instances) \n * + custom-sqlserver-ee (for RDS Custom for SQL Server instances) + \n * custom-sqlserver-se (for RDS Custom for SQL Server instances) + \n * custom-sqlserver-web (for RDS Custom for SQL Server instances) + \n * mariadb \n * mysql \n * oracle-ee \n * oracle-ee-cdb \n + * oracle-se2 \n * oracle-se2-cdb \n * postgres \n * sqlserver-ee + \n * sqlserver-se \n * sqlserver-ex \n * sqlserver-web" + type: string + engineVersion: + description: "The version number of the database engine to use. + \n For a list of valid engine versions, use the DescribeDBEngineVersions + operation. \n The following are the database engines and links + to information about the major and minor versions that are available + with Amazon RDS. Not every database engine is available for + every Amazon Web Services Region. \n Amazon Aurora \n Not applicable. + The version number of the database engine to be used by the + DB instance is managed by the DB cluster. \n Amazon RDS Custom + for Oracle \n A custom engine version (CEV) that you have previously + created. This setting is required for RDS Custom for Oracle. + The CEV name has the following format: 19.customized_string. + A valid CEV name is 19.my_cev1. For more information, see Creating + an RDS Custom for Oracle DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create) + in the Amazon RDS User Guide. \n Amazon RDS Custom for SQL Server + \n See RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html) + in the Amazon RDS User Guide. \n MariaDB \n For information, + see MariaDB on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) + in the Amazon RDS User Guide. \n Microsoft SQL Server \n For + information, see Microsoft SQL Server Versions on Amazon RDS + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) + in the Amazon RDS User Guide. \n MySQL \n For information, see + MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + in the Amazon RDS User Guide. \n Oracle \n For information, + see Oracle Database Engine Release Notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) + in the Amazon RDS User Guide. \n PostgreSQL \n For information, + see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + in the Amazon RDS User Guide. \n Note: Downgrades are not allowed + by AWS and attempts to set a lower version will be ignored." + type: string + finalDBSnapshotIdentifier: + description: "The DB instance snapshot identifier of the new DB + instance snapshot created when SkipFinalSnapshot is disabled. + \n Specifying this parameter and also skipping the creation + of a final DB instance snapshot with the SkipFinalShapshot parameter + results in an error. \n Constraints: \n * Must be 1 to 255 letters, + numbers, or hyphens. \n * First character must be a letter \n + * Can't end with a hyphen or contain two consecutive hyphens" + type: string + iops: + description: "The amount of Provisioned IOPS (input/output operations + per second) to be initially allocated for the DB instance. For + information about valid IOPS values, see Amazon RDS DB instance + storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html) + in the Amazon RDS User Guide. \n Constraints: For MariaDB, MySQL, + Oracle, and PostgreSQL DB instances, must be a multiple between + .5 and 50 of the storage amount for the DB instance. For SQL + Server DB instances, must be a multiple between 1 and 50 of + the storage amount for the DB instance. \n Amazon Aurora \n + Not applicable. Storage is managed by the DB cluster." + format: int64 + type: integer + kmsKeyID: + description: "The Amazon Web Services KMS key identifier for an + encrypted DB instance. \n The Amazon Web Services KMS key identifier + is the key ARN, key ID, alias ARN, or alias name for the KMS + key. To use a KMS key in a different Amazon Web Services account, + specify the key ARN or alias ARN. \n Amazon Aurora \n Not applicable. + The Amazon Web Services KMS key identifier is managed by the + DB cluster. For more information, see CreateDBCluster. \n If + StorageEncrypted is enabled, and you do not specify a value + for the KmsKeyId parameter, then Amazon RDS uses your default + KMS key. There is a default KMS key for your Amazon Web Services + account. Your Amazon Web Services account has a different default + KMS key for each Amazon Web Services Region. \n Amazon RDS Custom + \n A KMS key is required for RDS Custom instances. For most + RDS engines, if you leave this parameter empty while enabling + StorageEncrypted, the engine uses the default KMS key. However, + RDS Custom doesn't use the default key when this parameter is + empty. You must explicitly specify a key." + type: string + kmsKeyIDRef: + description: KMSKeyIDRef is a reference to a KMS Key used to set + KMSKeyID. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kmsKeyIDSelector: + description: KMSKeyIDSelector selects a reference to a KMS Key + used to set KMSKeyID. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + licenseModel: + description: "License model information for this DB instance. + \n Valid values: license-included | bring-your-own-license | + general-public-license \n This setting doesn't apply to RDS + Custom. \n Amazon Aurora \n Not applicable." + type: string + manageMasterUserPassword: + description: "A value that indicates whether to manage the master + user password with Amazon Web Services Secrets Manager. \n For + more information, see Password management with Amazon Web Services + Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide. \n Constraints: \n * Can't manage + the master user password with Amazon Web Services Secrets Manager + if MasterUserPassword is specified." + type: boolean + masterUserPasswordSecretRef: + description: "The password for the master database user. This + password can contain any printable ASCII character except \"/\", + \"\"\", or \"@\". \n Constraints: Must contain from 8 to 41 + characters." + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + masterUserSecretKMSKeyID: + description: "The Amazon Web Services KMS key identifier to encrypt + a secret that is automatically generated and managed in Amazon + Web Services Secrets Manager. \n This setting is valid only + if the master user password is managed by RDS in Amazon Web + Services Secrets Manager for the DB instance. \n The Amazon + Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. To use a KMS key in a different + Amazon Web Services account, specify the key ARN or alias ARN. + \n If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + KMS key is used to encrypt the secret. If the secret is in a + different Amazon Web Services account, then you can't use the + aws/secretsmanager KMS key to encrypt the secret, and you must + use a customer managed KMS key. \n There is a default KMS key + for your Amazon Web Services account. Your Amazon Web Services + account has a different default KMS key for each Amazon Web + Services Region." + type: string + masterUsername: + description: "The name for the master user. \n Amazon Aurora \n + Not applicable. The name for the master user is managed by the + DB cluster. \n Amazon RDS \n Constraints: \n * Required. \n + * Must be 1 to 16 letters, numbers, or underscores. \n * First + character must be a letter. \n * Can't be a reserved word for + the chosen database engine." + type: string + maxAllocatedStorage: + description: "The upper limit in gibibytes (GiB) to which Amazon + RDS can automatically scale the storage of the DB instance. + \n For more information about this setting, including limitations + that apply to it, see Managing capacity automatically with Amazon + RDS storage autoscaling (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + in the Amazon RDS User Guide. \n This setting doesn't apply + to RDS Custom. \n Amazon Aurora \n Not applicable. Storage is + managed by the DB cluster." + format: int64 + type: integer + monitoringInterval: + description: "The interval, in seconds, between points when Enhanced + Monitoring metrics are collected for the DB instance. To disable + collection of Enhanced Monitoring metrics, specify 0. The default + is 0. \n If MonitoringRoleArn is specified, then you must set + MonitoringInterval to a value other than 0. \n This setting + doesn't apply to RDS Custom. \n Valid Values: 0, 1, 5, 10, 15, + 30, 60" + format: int64 + type: integer + monitoringRoleARN: + description: "The ARN for the IAM role that permits RDS to send + enhanced monitoring metrics to Amazon CloudWatch Logs. For example, + arn:aws:iam:123456789012:role/emaccess. For information on creating + a monitoring role, see Setting Up and Enabling Enhanced Monitoring + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) + in the Amazon RDS User Guide. \n If MonitoringInterval is set + to a value other than 0, then you must supply a MonitoringRoleArn + value. \n This setting doesn't apply to RDS Custom." + type: string + monitoringRoleArnRef: + description: MonitoringRoleARNRef is a reference to an IAMRole + used to set MonitoringRoleARN. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + monitoringRoleArnSelector: + description: MonitoringRoleARNSelector selects a reference to + an IAMRole used to set MonitoringRoleARN. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + multiAZ: + description: "A value that indicates whether the DB instance is + a Multi-AZ deployment. You can't set the AvailabilityZone parameter + if the DB instance is a Multi-AZ deployment. \n This setting + doesn't apply to RDS Custom. \n Amazon Aurora \n Not applicable. + DB instance Availability Zones (AZs) are managed by the DB cluster." + type: boolean + ncharCharacterSetName: + description: "The name of the NCHAR character set for the Oracle + DB instance. \n This parameter doesn't apply to RDS Custom." + type: string + networkType: + description: "The network type of the DB instance. \n Valid values: + \n * IPV4 \n * DUAL \n The network type is determined by the + DBSubnetGroup specified for the DB instance. A DBSubnetGroup + can support only the IPv4 protocol or the IPv4 and the IPv6 + protocols (DUAL). \n For more information, see Working with + a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + in the Amazon RDS User Guide." + type: string + optionGroupName: + description: "A value that indicates that the DB instance should + be associated with the specified option group. \n Permanent + options, such as the TDE option for Oracle Advanced Security + TDE, can't be removed from an option group. Also, that option + group can't be removed from a DB instance after it is associated + with a DB instance. \n This setting doesn't apply to RDS Custom. + \n Amazon Aurora \n Not applicable." + type: string + performanceInsightsKMSKeyID: + description: "The Amazon Web Services KMS key identifier for encryption + of Performance Insights data. \n The Amazon Web Services KMS + key identifier is the key ARN, key ID, alias ARN, or alias name + for the KMS key. \n If you do not specify a value for PerformanceInsightsKMSKeyId, + then Amazon RDS uses your default KMS key. There is a default + KMS key for your Amazon Web Services account. Your Amazon Web + Services account has a different default KMS key for each Amazon + Web Services Region. \n This setting doesn't apply to RDS Custom." + type: string + performanceInsightsRetentionPeriod: + description: "The number of days to retain Performance Insights + data. The default is 7 days. The following values are valid: + \n * 7 \n * month * 31, where month is a number of months from + 1-23 \n * 731 \n For example, the following values are valid: + \n * 93 (3 months * 31) \n * 341 (11 months * 31) \n * 589 (19 + months * 31) \n * 731 \n If you specify a retention period such + as 94, which isn't a valid value, RDS issues an error. \n This + setting doesn't apply to RDS Custom." + format: int64 + type: integer + port: + description: "The port number on which the database accepts connections. + \n MySQL \n Default: 3306 \n Valid values: 1150-65535 \n Type: + Integer \n MariaDB \n Default: 3306 \n Valid values: 1150-65535 + \n Type: Integer \n PostgreSQL \n Default: 5432 \n Valid values: + 1150-65535 \n Type: Integer \n Oracle \n Default: 1521 \n Valid + values: 1150-65535 \n SQL Server \n Default: 1433 \n Valid values: + 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156. + \n Amazon Aurora \n Default: 3306 \n Valid values: 1150-65535 + \n Type: Integer" + format: int64 + type: integer + preferredBackupWindow: + description: "The daily time range during which automated backups + are created if automated backups are enabled, using the BackupRetentionPeriod + parameter. The default is a 30-minute window selected at random + from an 8-hour block of time for each Amazon Web Services Region. + For more information, see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) + in the Amazon RDS User Guide. \n Amazon Aurora \n Not applicable. + The daily time range for creating automated backups is managed + by the DB cluster. \n Constraints: \n * Must be in the format + hh24:mi-hh24:mi. \n * Must be in Universal Coordinated Time + (UTC). \n * Must not conflict with the preferred maintenance + window. \n * Must be at least 30 minutes." + type: string + preferredMaintenanceWindow: + description: "The time range each week during which system maintenance + can occur, in Universal Coordinated Time (UTC). For more information, + see Amazon RDS Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance). + \n Format: ddd:hh24:mi-ddd:hh24:mi \n The default is a 30-minute + window selected at random from an 8-hour block of time for each + Amazon Web Services Region, occurring on a random day of the + week. \n Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. \n Constraints: + Minimum 30-minute window." + type: string + processorFeatures: + description: "The number of CPU cores and the number of threads + per core for the DB instance class of the DB instance. \n This + setting doesn't apply to RDS Custom. \n Amazon Aurora \n Not + applicable." + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + promotionTier: + description: "A value that specifies the order in which an Aurora + Replica is promoted to the primary instance after a failure + of the existing primary instance. For more information, see + Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + in the Amazon Aurora User Guide. \n This setting doesn't apply + to RDS Custom. \n Default: 1 \n Valid Values: 0 - 15" + format: int64 + type: integer + publiclyAccessible: + description: "A value that indicates whether the DB instance is + publicly accessible. \n When the DB instance is publicly accessible, + its Domain Name System (DNS) endpoint resolves to the private + IP address from within the DB instance's virtual private cloud + (VPC). It resolves to the public IP address from outside of + the DB instance's VPC. Access to the DB instance is ultimately + controlled by the security group it uses. That public access + is not permitted if the security group assigned to the DB instance + doesn't permit it. \n When the DB instance isn't publicly accessible, + it is an internal DB instance with a DNS name that resolves + to a private IP address. \n Default: The default behavior varies + depending on whether DBSubnetGroupName is specified. \n If DBSubnetGroupName + isn't specified, and PubliclyAccessible isn't specified, the + following applies: \n * If the default VPC in the target Region + doesn’t have an internet gateway attached to it, the DB instance + is private. \n * If the default VPC in the target Region has + an internet gateway attached to it, the DB instance is public. + \n If DBSubnetGroupName is specified, and PubliclyAccessible + isn't specified, the following applies: \n * If the subnets + are part of a VPC that doesn’t have an internet gateway attached + to it, the DB instance is private. \n * If the subnets are part + of a VPC that has an internet gateway attached to it, the DB + instance is public." + type: boolean + region: + description: Region is which region the DBInstance will be created. + type: string + restoreFrom: + description: RestoreFrom specifies the details of the backup to + restore when creating a new DBInstance. + properties: + pointInTime: + description: PointInTime specifies the details of the point + in time restore. + properties: + restoreTime: + description: 'RestoreTime is the date and time (UTC) to + restore from. Must be before the latest restorable time + for the DB instance. Can''t be specified if the useLatestRestorableTime + parameter is enabled. Example: 2011-09-07T23:45:00Z' + format: date-time + type: string + sourceDBInstanceAutomatedBackupsArn: + description: 'SourceDBInstanceAutomatedBackupsArn specifies + the Amazon Resource Name (ARN) of the replicated automated + backups from which to restore. Example: arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE' + type: string + sourceDBInstanceIdentifier: + description: 'SourceDBInstanceIdentifier specifies the + identifier of the source DB instance from which to restore. + Constraints: Must match the identifier of an existing + DB instance.' + type: string + sourceDbiResourceId: + description: SourceDbiResourceID specifies the resource + ID of the source DB instance from which to restore. + type: string + useLatestRestorableTime: + description: UseLatestRestorableTime indicates that the + DB instance is restored from the latest backup Can't + be specified if the restoreTime parameter is provided. + type: boolean + type: object + s3: + description: S3 specifies the details of the S3 backup to + restore from. + properties: + bucketName: + description: BucketName is the name of the S3 bucket containing + the backup to restore. + type: string + ingestionRoleARN: + description: IngestionRoleARN is the IAM role RDS can + assume that will allow it to access the contents of + the S3 bucket. + type: string + prefix: + description: Prefix is the path prefix of the S3 bucket + within which the backup to restore is located. + type: string + sourceEngine: + description: SourceEngine is the engine used to create + the backup. Must be "mysql". + type: string + sourceEngineVersion: + description: 'SourceEngineVersion is the version of the + engine used to create the backup. Example: "5.7.30"' + type: string + required: + - bucketName + - ingestionRoleARN + - sourceEngine + - sourceEngineVersion + type: object + snapshot: + description: Snapshot specifies the details of the snapshot + to restore from. + properties: + snapshotIdentifier: + description: SnapshotIdentifier is the identifier of the + snapshot to restore. + type: string + required: + - snapshotIdentifier + type: object + source: + description: Source is the type of the backup to restore when + creating a new DBCluster or DBInstance. S3, Snapshot and + PointInTime are supported. + enum: + - S3 + - Snapshot + - PointInTime + type: string + required: + - source + type: object + skipFinalSnapshot: + description: "A value that indicates whether to skip the creation + of a final DB instance snapshot before the DB instance is deleted. + If skip is specified, no DB instance snapshot is created. If + skip isn't specified, a DB instance snapshot is created before + the DB instance is deleted. By default, skip isn't specified, + and the DB instance snapshot is created. By default, this parameter + is disabled. \n You must specify a FinalDBSnapshotIdentifier + parameter if SkipFinalSnapshot is disabled." + type: boolean + storageEncrypted: + description: "A value that indicates whether the DB instance is + encrypted. By default, it isn't encrypted. \n For RDS Custom + instances, either set this parameter to true or leave it unset. + If you set this parameter to false, RDS reports an error. \n + Amazon Aurora \n Not applicable. The encryption for DB instances + is managed by the DB cluster." + type: boolean + storageThroughput: + description: "Specifies the storage throughput value for the DB + instance. \n This setting applies only to the gp3 storage type. + \n This setting doesn't apply to RDS Custom or Amazon Aurora." + format: int64 + type: integer + storageType: + description: "Specifies the storage type to be associated with + the DB instance. \n Valid values: gp2 | gp3 | io1 | standard + \n If you specify io1 or gp3, you must also include a value + for the Iops parameter. \n Default: io1 if the Iops parameter + is specified, otherwise gp2 \n Amazon Aurora \n Not applicable. + Storage is managed by the DB cluster." + type: string + tags: + description: Tags to assign to the DB instance. + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + tdeCredentialARN: + description: "The ARN from the key store with which to associate + the instance for TDE encryption. \n This setting doesn't apply + to RDS Custom. \n Amazon Aurora \n Not applicable." + type: string + tdeCredentialPassword: + description: "The password for the given ARN from the key store + in order to access the device. \n This setting doesn't apply + to RDS Custom." + type: string + timezone: + description: The time zone of the DB instance. The time zone parameter + is currently supported only by Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). + type: string + vpcSecurityGroupIDRefs: + description: VPCSecurityGroupIDRefs are references to VPCSecurityGroups + used to set the VPCSecurityGroupIDs. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution + of this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which + will attempt to resolve the reference only when the + corresponding field is not present. Use 'Always' to + resolve the reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + vpcSecurityGroupIDSelector: + description: VPCSecurityGroupIDSelector selects references to + VPCSecurityGroups used to set the VPCSecurityGroupIDs. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + vpcSecurityGroupIDs: + description: "A list of Amazon EC2 VPC security groups to authorize + on this DB instance. This change is asynchronously applied as + soon as possible. \n This setting doesn't apply to RDS Custom. + \n Amazon Aurora Not applicable. The associated list of EC2 + VPC security groups is managed by the DB cluster. For more information, + see ModifyDBCluster. \n Constraints: * If supplied, must match + existing VpcSecurityGroupIds." + items: + type: string + type: array + required: + - dbInstanceClass + - engine + - region + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: DBInstanceStatus defines the observed state of DBInstance. + properties: + atProvider: + description: DBInstanceObservation defines the observed state of DBInstance + properties: + activityStreamEngineNativeAuditFieldsIncluded: + description: Indicates whether engine-native audit fields are + included in the database activity stream. + type: boolean + activityStreamKMSKeyID: + description: The Amazon Web Services KMS key identifier used for + encrypting messages in the database activity stream. The Amazon + Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. + type: string + activityStreamKinesisStreamName: + description: The name of the Amazon Kinesis data stream used for + the database activity stream. + type: string + activityStreamMode: + description: The mode of the database activity stream. Database + events such as a change or access generate an activity stream + event. RDS for Oracle always handles these events asynchronously. + type: string + activityStreamPolicyStatus: + description: The status of the policy state of the activity stream. + type: string + activityStreamStatus: + description: The status of the database activity stream. + type: string + associatedRoles: + description: The Amazon Web Services Identity and Access Management + (IAM) roles associated with the DB instance. + items: + properties: + featureName: + type: string + roleARN: + type: string + status: + type: string + type: object + type: array + automaticRestartTime: + description: The time when a stopped DB instance is restarted + automatically. + format: date-time + type: string + automationMode: + description: 'The automation mode of the RDS Custom DB instance: + full or all paused. If full, the DB instance automates monitoring + and instance recovery. If all paused, the instance pauses automation + for the duration set by --resume-full-automation-mode-minutes.' + type: string + awsBackupRecoveryPointARN: + description: The Amazon Resource Name (ARN) of the recovery point + in Amazon Web Services Backup. + type: string + certificateDetails: + description: The details of the DB instance's server certificate. + properties: + cAIdentifier: + type: string + validTill: + format: date-time + type: string + type: object + customerOwnedIPEnabled: + description: "Specifies whether a customer-owned IP address (CoIP) + is enabled for an RDS on Outposts DB instance. \n A CoIP provides + local or external connectivity to resources in your Outpost + subnets through your on-premises network. For some use cases, + a CoIP can provide lower latency for connections to the DB instance + from outside of its virtual private cloud (VPC) on your local + network. \n For more information about RDS on Outposts, see + Working with Amazon RDS on Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. \n For more information about + CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + in the Amazon Web Services Outposts User Guide." + type: boolean + dbInstanceARN: + description: The Amazon Resource Name (ARN) for the DB instance. + type: string + dbInstanceAutomatedBackupsReplications: + description: The list of replicated automated backups associated + with the DB instance. + items: + properties: + dbInstanceAutomatedBackupsARN: + type: string + type: object + type: array + dbInstanceIdentifier: + description: Contains a user-supplied database identifier. This + identifier is the unique key that identifies a DB instance. + type: string + dbInstancePort: + description: Specifies the port that the DB instance listens on. + If the DB instance is part of a DB cluster, this can be a different + port than the DB cluster port. + format: int64 + type: integer + dbInstanceStatus: + description: "Specifies the current state of this database. \n + For information about DB instance statuses, see Viewing DB instance + status (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/accessing-monitoring.html#Overview.DBInstance.Status) + in the Amazon RDS User Guide." + type: string + dbParameterGroups: + description: Provides the list of DB parameter groups applied + to this DB instance. + items: + properties: + dbParameterGroupName: + type: string + parameterApplyStatus: + type: string + type: object + type: array + dbSecurityGroups: + description: A list of DB security group elements containing DBSecurityGroup.Name + and DBSecurityGroup.Status subelements. + items: + properties: + dbSecurityGroupName: + type: string + status: + type: string + type: object + type: array + dbSubnetGroup: + description: Specifies information on the subnet group associated + with the DB instance, including the name, description, and subnets + in the subnet group. + properties: + dbSubnetGroupARN: + type: string + dbSubnetGroupDescription: + type: string + dbSubnetGroupName: + type: string + subnetGroupStatus: + type: string + subnets: + items: + properties: + subnetAvailabilityZone: + description: "Contains Availability Zone information. + \n This data type is used as an element in the OrderableDBInstanceOption + data type." + properties: + name: + type: string + type: object + subnetIdentifier: + type: string + subnetOutpost: + description: "A data type that represents an Outpost. + \n For more information about RDS on Outposts, see + Amazon RDS on Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide." + properties: + arn: + type: string + type: object + subnetStatus: + type: string + type: object + type: array + supportedNetworkTypes: + items: + type: string + type: array + vpcID: + type: string + type: object + dbSystemID: + description: The Oracle system ID (Oracle SID) for a container + database (CDB). The Oracle SID is also the name of the CDB. + This setting is valid for RDS Custom only. + type: string + dbiResourceID: + description: The Amazon Web Services Region-unique, immutable + identifier for the DB instance. This identifier is found in + Amazon Web Services CloudTrail log entries whenever the Amazon + Web Services KMS key for the DB instance is accessed. + type: string + domainMemberships: + description: The Active Directory Domain membership records associated + with the DB instance. + items: + properties: + domain: + type: string + fQDN: + type: string + iamRoleName: + type: string + status: + type: string + type: object + type: array + enabledCloudwatchLogsExports: + description: "A list of log types that this DB instance is configured + to export to CloudWatch Logs. \n Log types vary by DB engine. + For information about the log types for each DB engine, see + Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) + in the Amazon RDS User Guide." + items: + type: string + type: array + endpoint: + description: "Specifies the connection endpoint. \n The endpoint + might not be shown for instances whose status is creating." + properties: + address: + type: string + hostedZoneID: + type: string + port: + format: int64 + type: integer + type: object + engineVersion: + description: Indicates the database engine version. + type: string + enhancedMonitoringResourceARN: + description: The Amazon Resource Name (ARN) of the Amazon CloudWatch + Logs log stream that receives the Enhanced Monitoring metrics + data for the DB instance. + type: string + iamDatabaseAuthenticationEnabled: + description: "True if mapping of Amazon Web Services Identity + and Access Management (IAM) accounts to database accounts is + enabled, and otherwise false. \n IAM database authentication + can be enabled for the following database engines \n * For MySQL + 5.6, minor version 5.6.34 or higher \n * For MySQL 5.7, minor + version 5.7.16 or higher \n * Aurora 5.6 or higher. To enable + IAM database authentication for Aurora, see DBCluster Type." + type: boolean + instanceCreateTime: + description: Provides the date and time the DB instance was created. + format: date-time + type: string + latestRestorableTime: + description: Specifies the latest time to which a database can + be restored with point-in-time restore. + format: date-time + type: string + listenerEndpoint: + description: Specifies the listener connection endpoint for SQL + Server Always On. + properties: + address: + type: string + hostedZoneID: + type: string + port: + format: int64 + type: integer + type: object + masterUserSecret: + description: "Contains the secret managed by RDS in Amazon Web + Services Secrets Manager for the master user password. \n For + more information, see Password management with Amazon Web Services + Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide." + properties: + kmsKeyID: + type: string + secretARN: + type: string + secretStatus: + type: string + type: object + optionGroupMemberships: + description: Provides the list of option group memberships for + this DB instance. + items: + properties: + optionGroupName: + type: string + status: + type: string + type: object + type: array + pendingModifiedValues: + description: A value that specifies that changes to the DB instance + are pending. This element is only included when changes are + pending. Specific changes are identified by subelements. + properties: + allocatedStorage: + format: int64 + type: integer + automationMode: + type: string + backupRetentionPeriod: + format: int64 + type: integer + caCertificateIdentifier: + type: string + dbInstanceClass: + type: string + dbInstanceIdentifier: + type: string + dbSubnetGroupName: + type: string + engineVersion: + type: string + iamDatabaseAuthenticationEnabled: + type: boolean + iops: + format: int64 + type: integer + licenseModel: + type: string + masterUserPassword: + type: string + multiAZ: + type: boolean + pendingCloudwatchLogsExports: + description: A list of the log types whose configuration is + still pending. In other words, these log types are in the + process of being activated or deactivated. + properties: + logTypesToDisable: + items: + type: string + type: array + logTypesToEnable: + items: + type: string + type: array + type: object + port: + format: int64 + type: integer + processorFeatures: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + resumeFullAutomationModeTime: + format: date-time + type: string + storageThroughput: + format: int64 + type: integer + storageType: + type: string + type: object + performanceInsightsEnabled: + description: True if Performance Insights is enabled for the DB + instance, and otherwise false. + type: boolean + readReplicaDBClusterIdentifiers: + description: "Contains one or more identifiers of Aurora DB clusters + to which the RDS DB instance is replicated as a read replica. + For example, when you create an Aurora read replica of an RDS + for MySQL DB instance, the Aurora MySQL DB cluster for the Aurora + read replica is shown. This output doesn't contain information + about cross-Region Aurora read replicas. \n Currently, each + RDS DB instance can have only one Aurora read replica." + items: + type: string + type: array + readReplicaDBInstanceIdentifiers: + description: Contains one or more identifiers of the read replicas + associated with this DB instance. + items: + type: string + type: array + readReplicaSourceDBInstanceIdentifier: + description: Contains the identifier of the source DB instance + if this DB instance is a read replica. + type: string + replicaMode: + description: "The open mode of an Oracle read replica. The default + is open-read-only. For more information, see Working with Oracle + Read Replicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) + in the Amazon RDS User Guide. \n This attribute is only supported + in RDS for Oracle." + type: string + resumeFullAutomationModeTime: + description: The number of minutes to pause the automation. When + the time period ends, RDS Custom resumes full automation. The + minimum value is 60 (default). The maximum value is 1,440. + format: date-time + type: string + secondaryAvailabilityZone: + description: If present, specifies the name of the secondary Availability + Zone for a DB instance with multi-AZ support. + type: string + statusInfos: + description: The status of a read replica. If the instance isn't + a read replica, this is blank. + items: + properties: + message: + type: string + normal: + type: boolean + status: + type: string + statusType: + type: string + type: object + type: array + tagList: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcSecurityGroups: + description: Provides a list of VPC security group elements that + the DB instance belongs to. + items: + properties: + status: + type: string + vpcSecurityGroupID: + type: string + type: object + type: array + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/testutils/crds/DBParameterGroup.yaml b/testutils/crds/DBParameterGroup.yaml new file mode 100644 index 00000000..6ca41a4a --- /dev/null +++ b/testutils/crds/DBParameterGroup.yaml @@ -0,0 +1,401 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: "2023-10-03T17:31:23Z" + generation: 1 + name: dbparametergroups.rds.aws.crossplane.io + ownerReferences: + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: true + kind: ProviderRevision + name: bloxinabox-provider-877b9fccf7ca + uid: f42ec1bf-0547-43c9-a29d-1dc6c06c0286 + - apiVersion: pkg.crossplane.io/v1 + blockOwnerDeletion: true + controller: false + kind: Provider + name: bloxinabox-provider + uid: 273f9682-ede8-4b8f-82ba-5c85cf731d51 + uid: 7d5a4408-5865-411a-a74a-e6bbc3a732eb +spec: + conversion: + strategy: None + group: rds.aws.crossplane.io + names: + categories: + - crossplane + - managed + - aws + kind: DBParameterGroup + listKind: DBParameterGroupList + plural: dbparametergroups + singular: dbparametergroup + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DBParameterGroup is the Schema for the DBParameterGroups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DBParameterGroupSpec defines the desired state of DBParameterGroup + properties: + deletionPolicy: + default: Delete + description: DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. + enum: + - Orphan + - Delete + type: string + forProvider: + description: DBParameterGroupParameters defines the desired state + of DBParameterGroup + properties: + dbParameterGroupFamily: + description: "The DB parameter group family name. A DB parameter + group can be associated with one and only one DB parameter group + family, and can be applied only to a DB instance running a database + engine and engine version compatible with that DB parameter + group family. \n To list all of the available parameter group + families for a DB engine, use the following command: \n aws + rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" + --engine \n For example, to list all of the available + parameter group families for the MySQL DB engine, use the following + command: \n aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" + --engine mysql \n The output contains duplicates. \n The following + are the valid DB engine values: \n * aurora (for MySQL 5.6-compatible + Aurora) \n * aurora-mysql (for MySQL 5.7-compatible Aurora) + \n * aurora-postgresql \n * mariadb \n * mysql \n * oracle-ee + \n * oracle-ee-cdb \n * oracle-se2 \n * oracle-se2-cdb \n * + postgres \n * sqlserver-ee \n * sqlserver-se \n * sqlserver-ex + \n * sqlserver-web \n One of DBParameterGroupFamily or DBParameterGroupFamilySelector + is required." + type: string + dbParameterGroupFamilySelector: + description: "DBParameterGroupFamilySelector determines DBParameterGroupFamily + from the engine and engine version. \n One of DBParameterGroupFamily + or DBParameterGroupFamilySelector is required. \n Will not be + used if DBParameterGroupFamily is already set." + properties: + engine: + description: Engine is the name of the database engine. + type: string + engineVersion: + description: EngineVersion is the version of the database + engine. If it is nil, the default engine version given by + AWS will be used. + type: string + required: + - engine + type: object + description: + description: The description for the DB parameter group. + type: string + parameters: + description: 'A list of parameters to associate with this DB parameter + group. The fields ApplyMethod, ParameterName and ParameterValue + are required for every parameter. Note: AWS actually only modifies + the ApplyMethod of a parameter, if the ParameterValue changes + too.' + items: + description: CustomParameter are custom parameters for the Parameter + properties: + applyMethod: + description: The apply method of the parameter. AWS actually + only modifies to value set here, if the parameter value + changes too. + enum: + - immediate + - pending-reboot + type: string + parameterName: + description: The name of the parameter. + type: string + parameterValue: + description: The value of the parameter. + type: string + required: + - applyMethod + - parameterName + - parameterValue + type: object + type: array + region: + description: Region is which region the DBParameterGroup will + be created. + type: string + tags: + description: Tags to assign to the DB parameter group. + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - description + - region + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: DBParameterGroupStatus defines the observed state of DBParameterGroup. + properties: + atProvider: + description: DBParameterGroupObservation defines the observed state + of DBParameterGroup + properties: + dbParameterGroupARN: + description: The Amazon Resource Name (ARN) for the DB parameter + group. + type: string + dbParameterGroupFamily: + description: The name of the DB parameter group family that this + DB parameter group is compatible with. + type: string + dbParameterGroupName: + description: The name of the DB parameter group. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file