diff --git a/apis/attestation/v1beta1/zz_generated.deepcopy.go b/apis/attestation/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 000000000..acbad567a --- /dev/null +++ b/apis/attestation/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,193 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "github.com/crossplane/crossplane-runtime/apis/common/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Provider) DeepCopyInto(out *Provider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Provider. +func (in *Provider) DeepCopy() *Provider { + if in == nil { + return nil + } + out := new(Provider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Provider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderList) DeepCopyInto(out *ProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Provider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderList. +func (in *ProviderList) DeepCopy() *ProviderList { + if in == nil { + return nil + } + out := new(ProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderObservation) DeepCopyInto(out *ProviderObservation) { + *out = *in + if in.AttestationURI != nil { + in, out := &in.AttestationURI, &out.AttestationURI + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.TrustModel != nil { + in, out := &in.TrustModel, &out.TrustModel + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderObservation. +func (in *ProviderObservation) DeepCopy() *ProviderObservation { + if in == nil { + return nil + } + out := new(ProviderObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderParameters) DeepCopyInto(out *ProviderParameters) { + *out = *in + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.PolicySigningCertificateData != nil { + in, out := &in.PolicySigningCertificateData, &out.PolicySigningCertificateData + *out = new(string) + **out = **in + } + if in.ResourceGroupName != nil { + in, out := &in.ResourceGroupName, &out.ResourceGroupName + *out = new(string) + **out = **in + } + if in.ResourceGroupNameRef != nil { + in, out := &in.ResourceGroupNameRef, &out.ResourceGroupNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ResourceGroupNameSelector != nil { + in, out := &in.ResourceGroupNameSelector, &out.ResourceGroupNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderParameters. +func (in *ProviderParameters) DeepCopy() *ProviderParameters { + if in == nil { + return nil + } + out := new(ProviderParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec. +func (in *ProviderSpec) DeepCopy() *ProviderSpec { + if in == nil { + return nil + } + out := new(ProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderStatus) DeepCopyInto(out *ProviderStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderStatus. +func (in *ProviderStatus) DeepCopy() *ProviderStatus { + if in == nil { + return nil + } + out := new(ProviderStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/attestation/v1beta1/zz_generated.managed.go b/apis/attestation/v1beta1/zz_generated.managed.go new file mode 100644 index 000000000..2951546a2 --- /dev/null +++ b/apis/attestation/v1beta1/zz_generated.managed.go @@ -0,0 +1,74 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + +// GetCondition of this Provider. +func (mg *Provider) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Provider. +func (mg *Provider) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetProviderConfigReference of this Provider. +func (mg *Provider) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +/* +GetProviderReference of this Provider. +Deprecated: Use GetProviderConfigReference. +*/ +func (mg *Provider) GetProviderReference() *xpv1.Reference { + return mg.Spec.ProviderReference +} + +// GetPublishConnectionDetailsTo of this Provider. +func (mg *Provider) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Provider. +func (mg *Provider) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Provider. +func (mg *Provider) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Provider. +func (mg *Provider) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetProviderConfigReference of this Provider. +func (mg *Provider) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +/* +SetProviderReference of this Provider. +Deprecated: Use SetProviderConfigReference. +*/ +func (mg *Provider) SetProviderReference(r *xpv1.Reference) { + mg.Spec.ProviderReference = r +} + +// SetPublishConnectionDetailsTo of this Provider. +func (mg *Provider) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Provider. +func (mg *Provider) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/attestation/v1beta1/zz_generated.managedlist.go b/apis/attestation/v1beta1/zz_generated.managedlist.go new file mode 100644 index 000000000..84a5be951 --- /dev/null +++ b/apis/attestation/v1beta1/zz_generated.managedlist.go @@ -0,0 +1,17 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import resource "github.com/crossplane/crossplane-runtime/pkg/resource" + +// GetItems of this ProviderList. +func (l *ProviderList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/attestation/v1beta1/zz_generated.resolvers.go b/apis/attestation/v1beta1/zz_generated.resolvers.go new file mode 100644 index 000000000..08a14d2fc --- /dev/null +++ b/apis/attestation/v1beta1/zz_generated.resolvers.go @@ -0,0 +1,40 @@ +/* +Copyright 2022 Upbound Inc. +*/ +// Code generated by angryjet. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + reference "github.com/crossplane/crossplane-runtime/pkg/reference" + errors "github.com/pkg/errors" + v1beta1 "github.com/upbound/provider-azure/apis/azure/v1beta1" + client "sigs.k8s.io/controller-runtime/pkg/client" +) + +// ResolveReferences of this Provider. +func (mg *Provider) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ResourceGroupName), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ResourceGroupNameRef, + Selector: mg.Spec.ForProvider.ResourceGroupNameSelector, + To: reference.To{ + List: &v1beta1.ResourceGroupList{}, + Managed: &v1beta1.ResourceGroup{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ResourceGroupName") + } + mg.Spec.ForProvider.ResourceGroupName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ResourceGroupNameRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/attestation/v1beta1/zz_generated_terraformed.go b/apis/attestation/v1beta1/zz_generated_terraformed.go new file mode 100755 index 000000000..8e6793575 --- /dev/null +++ b/apis/attestation/v1beta1/zz_generated_terraformed.go @@ -0,0 +1,88 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "github.com/pkg/errors" + + "github.com/upbound/upjet/pkg/resource" + "github.com/upbound/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Provider +func (mg *Provider) GetTerraformResourceType() string { + return "azurerm_attestation_provider" +} + +// GetConnectionDetailsMapping for this Provider +func (tr *Provider) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Provider +func (tr *Provider) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Provider +func (tr *Provider) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Provider +func (tr *Provider) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Provider +func (tr *Provider) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Provider +func (tr *Provider) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// LateInitialize this Provider using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Provider) LateInitialize(attrs []byte) (bool, error) { + params := &ProviderParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Provider) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/attestation/v1beta1/zz_groupversion_info.go b/apis/attestation/v1beta1/zz_groupversion_info.go new file mode 100755 index 000000000..6b75e29d3 --- /dev/null +++ b/apis/attestation/v1beta1/zz_groupversion_info.go @@ -0,0 +1,32 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +// +kubebuilder:object:generate=true +// +groupName=attestation.azure.upbound.io +// +versionName=v1beta1 +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +// Package type metadata. +const ( + CRDGroup = "attestation.azure.upbound.io" + CRDVersion = "v1beta1" +) + +var ( + // CRDGroupVersion is the API Group Version used to register the objects + CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/attestation/v1beta1/zz_provider_types.go b/apis/attestation/v1beta1/zz_provider_types.go new file mode 100755 index 000000000..027010b90 --- /dev/null +++ b/apis/attestation/v1beta1/zz_provider_types.go @@ -0,0 +1,103 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type ProviderObservation struct { + + // The URI of the Attestation Service. + AttestationURI *string `json:"attestationUri,omitempty" tf:"attestation_uri,omitempty"` + + // The ID of the Attestation Provider. + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Trust model used for the Attestation Service. + TrustModel *string `json:"trustModel,omitempty" tf:"trust_model,omitempty"` +} + +type ProviderParameters struct { + + // The Azure Region where the Attestation Provider should exist. Changing this forces a new resource to be created. + // +kubebuilder:validation:Required + Location *string `json:"location" tf:"location,omitempty"` + + // A valid X.509 certificate (Section 4 of RFC4648). Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + PolicySigningCertificateData *string `json:"policySigningCertificateData,omitempty" tf:"policy_signing_certificate_data,omitempty"` + + // The name of the Resource Group where the attestation provider should exist. Changing this forces a new resource to be created. + // +crossplane:generate:reference:type=github.com/upbound/provider-azure/apis/azure/v1beta1.ResourceGroup + // +kubebuilder:validation:Optional + ResourceGroupName *string `json:"resourceGroupName,omitempty" tf:"resource_group_name,omitempty"` + + // Reference to a ResourceGroup in azure to populate resourceGroupName. + // +kubebuilder:validation:Optional + ResourceGroupNameRef *v1.Reference `json:"resourceGroupNameRef,omitempty" tf:"-"` + + // Selector for a ResourceGroup in azure to populate resourceGroupName. + // +kubebuilder:validation:Optional + ResourceGroupNameSelector *v1.Selector `json:"resourceGroupNameSelector,omitempty" tf:"-"` + + // A mapping of tags which should be assigned to the Attestation Provider. + // +kubebuilder:validation:Optional + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` +} + +// ProviderSpec defines the desired state of Provider +type ProviderSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider ProviderParameters `json:"forProvider"` +} + +// ProviderStatus defines the observed state of Provider. +type ProviderStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider ProviderObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// Provider is the Schema for the Providers API. Manages a Attestation Provider. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azure} +type Provider struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec ProviderSpec `json:"spec"` + Status ProviderStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ProviderList contains a list of Providers +type ProviderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Provider `json:"items"` +} + +// Repository type metadata. +var ( + Provider_Kind = "Provider" + Provider_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Provider_Kind}.String() + Provider_KindAPIVersion = Provider_Kind + "." + CRDGroupVersion.String() + Provider_GroupVersionKind = CRDGroupVersion.WithKind(Provider_Kind) +) + +func init() { + SchemeBuilder.Register(&Provider{}, &ProviderList{}) +} diff --git a/apis/zz_register.go b/apis/zz_register.go index 243c370cb..8053add48 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -14,6 +14,7 @@ import ( v1beta1analysisservices "github.com/upbound/provider-azure/apis/analysisservices/v1beta1" v1beta1apimanagement "github.com/upbound/provider-azure/apis/apimanagement/v1beta1" v1beta1appplatform "github.com/upbound/provider-azure/apis/appplatform/v1beta1" + v1beta1attestation "github.com/upbound/provider-azure/apis/attestation/v1beta1" v1beta1authorization "github.com/upbound/provider-azure/apis/authorization/v1beta1" v1beta1automation "github.com/upbound/provider-azure/apis/automation/v1beta1" v1beta1azure "github.com/upbound/provider-azure/apis/azure/v1beta1" @@ -87,6 +88,7 @@ func init() { v1beta1analysisservices.SchemeBuilder.AddToScheme, v1beta1apimanagement.SchemeBuilder.AddToScheme, v1beta1appplatform.SchemeBuilder.AddToScheme, + v1beta1attestation.SchemeBuilder.AddToScheme, v1beta1authorization.SchemeBuilder.AddToScheme, v1beta1automation.SchemeBuilder.AddToScheme, v1beta1azure.SchemeBuilder.AddToScheme, diff --git a/config/externalname.go b/config/externalname.go index 9e0442b25..b3193693f 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -1091,6 +1091,12 @@ var ExternalNameConfigs = map[string]config.ExternalName{ // EventHubs can be imported using the resource id // /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.EventHub/namespaces/namespace1/disasterRecoveryConfigs/config1 "azurerm_eventhub_namespace_disaster_recovery_config": config.TemplatedStringAsIdentifier("name", "/subscriptions/{{ .setup.configuration.subscription_id }}/resourceGroups/{{ .parameters.resource_group_name }}/providers/Microsoft.EventHub/namespaces/{{ .parameters.namespace_name }}/disasterRecoveryConfigs/{{ .external_name }}"), + + // attestation + // + // Attestation Providers can be imported using the resource id + // /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Attestation/attestationProviders/provider1 + "azurerm_attestation_provider": config.TemplatedStringAsIdentifier("name", "/subscriptions/{{ .setup.configuration.subscription_id }}/resourceGroups/{{ .parameters.resource_group_name }}/providers/Microsoft.Attestation/attestationProviders/{{ .external_name }}"), } func keyVaultURLIDConf(resourceType string) config.ExternalName { diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 6a06a38a3..8f8a31dbb 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -62,12 +62,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ // /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/resourceGroup1/providers/Microsoft.AppConfiguration/configurationStores/appConf1/AppConfigurationKey/appConfKey1/Label/%00 "azurerm_app_configuration_key": config.IdentifierFromProvider, - // attestation - // - // Attestation Providers can be imported using the resource id - // /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Attestation/attestationProviders/provider1 - "azurerm_attestation_provider": config.TemplatedStringAsIdentifier("name", "/subscriptions/{{ .setup.configuration.subscription_id }}/resourceGroups/{{ .parameters.resource_group_name }}/providers/Microsoft.Attestation/attestationProviders/{{ .external_name }}"), - // kusto // // Customer Managed Keys for a Kusto Cluster can be imported using the resource id diff --git a/examples-generated/attestation/provider.yaml b/examples-generated/attestation/provider.yaml new file mode 100644 index 000000000..17a58dbe2 --- /dev/null +++ b/examples-generated/attestation/provider.yaml @@ -0,0 +1,32 @@ +apiVersion: attestation.azure.upbound.io/v1beta1 +kind: Provider +metadata: + annotations: + meta.upbound.io/example-id: attestation/v1beta1/provider + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + location: West Europe + policySigningCertificateData: ${file("./example/cert.pem")} + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: azure.upbound.io/v1beta1 +kind: ResourceGroup +metadata: + annotations: + meta.upbound.io/example-id: attestation/v1beta1/provider + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + location: West Europe + +--- + diff --git a/examples/attestation/provider.yaml b/examples/attestation/provider.yaml new file mode 100644 index 000000000..347936dcd --- /dev/null +++ b/examples/attestation/provider.yaml @@ -0,0 +1,29 @@ +apiVersion: attestation.azure.upbound.io/v1beta1 +kind: Provider +metadata: + annotations: + meta.upbound.io/example-id: attestation/v1beta1/provider + labels: + testing.upbound.io/example-name: example + name: provex +spec: + forProvider: + location: West Europe + resourceGroupNameSelector: + matchLabels: + testing.upbound.io/example-name: example + +--- + +apiVersion: azure.upbound.io/v1beta1 +kind: ResourceGroup +metadata: + annotations: + meta.upbound.io/example-id: attestation/v1beta1/provider + labels: + testing.upbound.io/example-name: example + name: provex +spec: + forProvider: + location: West Europe + diff --git a/internal/controller/attestation/provider/zz_controller.go b/internal/controller/attestation/provider/zz_controller.go new file mode 100755 index 000000000..b38efa185 --- /dev/null +++ b/internal/controller/attestation/provider/zz_controller.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package provider + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/upbound/upjet/pkg/controller" + "github.com/upbound/upjet/pkg/terraform" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-azure/apis/attestation/v1beta1" +) + +// Setup adds a controller that reconciles Provider managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.Provider_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK)) + } + r := managed.NewReconciler(mgr, + xpresource.ManagedKind(v1beta1.Provider_GroupVersionKind), + managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["azurerm_attestation_provider"], + tjcontroller.WithCallbackProvider(tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Provider_GroupVersionKind))), + )), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3*time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + ) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + For(&v1beta1.Provider{}). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_setup.go b/internal/controller/zz_setup.go index 0f93b2428..01138717e 100755 --- a/internal/controller/zz_setup.go +++ b/internal/controller/zz_setup.go @@ -58,6 +58,7 @@ import ( springcloudjavadeployment "github.com/upbound/provider-azure/internal/controller/appplatform/springcloudjavadeployment" springcloudservice "github.com/upbound/provider-azure/internal/controller/appplatform/springcloudservice" springcloudstorage "github.com/upbound/provider-azure/internal/controller/appplatform/springcloudstorage" + provider "github.com/upbound/provider-azure/internal/controller/attestation/provider" managementlock "github.com/upbound/provider-azure/internal/controller/authorization/managementlock" policydefinition "github.com/upbound/provider-azure/internal/controller/authorization/policydefinition" resourcegrouppolicyassignment "github.com/upbound/provider-azure/internal/controller/authorization/resourcegrouppolicyassignment" @@ -535,6 +536,7 @@ func Setup(mgr ctrl.Manager, o controller.Options) error { springcloudjavadeployment.Setup, springcloudservice.Setup, springcloudstorage.Setup, + provider.Setup, managementlock.Setup, policydefinition.Setup, resourcegrouppolicyassignment.Setup, diff --git a/package/crds/attestation.azure.upbound.io_providers.yaml b/package/crds/attestation.azure.upbound.io_providers.yaml new file mode 100644 index 000000000..74cd3dd88 --- /dev/null +++ b/package/crds/attestation.azure.upbound.io_providers.yaml @@ -0,0 +1,396 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: providers.attestation.azure.upbound.io +spec: + group: attestation.azure.upbound.io + names: + categories: + - crossplane + - managed + - azure + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the Providers API. Manages a Attestation + Provider. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + deletionPolicy: + default: Delete + description: DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + location: + description: The Azure Region where the Attestation Provider should + exist. Changing this forces a new resource to be created. + type: string + policySigningCertificateData: + description: A valid X.509 certificate (Section 4 of RFC4648). + Changing this forces a new resource to be created. + type: string + resourceGroupName: + description: The name of the Resource Group where the attestation + provider should exist. Changing this forces a new resource to + be created. + type: string + resourceGroupNameRef: + description: Reference to a ResourceGroup in azure to populate + resourceGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceGroupNameSelector: + description: Selector for a ResourceGroup in azure to populate + resourceGroupName. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Attestation Provider. + type: object + required: + - location + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: ProviderStatus defines the observed state of Provider. + properties: + atProvider: + properties: + attestationUri: + description: The URI of the Attestation Service. + type: string + id: + description: The ID of the Attestation Provider. + type: string + trustModel: + description: Trust model used for the Attestation Service. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: []