diff --git a/apis/iam/v1beta1/zz_generated.deepcopy.go b/apis/iam/v1beta1/zz_generated.deepcopy.go index 52580faad4..2bd59c1998 100644 --- a/apis/iam/v1beta1/zz_generated.deepcopy.go +++ b/apis/iam/v1beta1/zz_generated.deepcopy.go @@ -1225,6 +1225,16 @@ func (in *GroupStatus) DeepCopy() *GroupStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InlinePolicyInitParameters) DeepCopyInto(out *InlinePolicyInitParameters) { *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Policy != nil { + in, out := &in.Policy, &out.Policy + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InlinePolicyInitParameters. @@ -1265,6 +1275,16 @@ func (in *InlinePolicyObservation) DeepCopy() *InlinePolicyObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InlinePolicyParameters) DeepCopyInto(out *InlinePolicyParameters) { *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Policy != nil { + in, out := &in.Policy, &out.Policy + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InlinePolicyParameters. @@ -2125,6 +2145,13 @@ func (in *RoleInitParameters) DeepCopyInto(out *RoleInitParameters) { *out = new(bool) **out = **in } + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = make([]InlinePolicyInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxSessionDuration != nil { in, out := &in.MaxSessionDuration, &out.MaxSessionDuration *out = new(float64) @@ -2392,6 +2419,13 @@ func (in *RoleParameters) DeepCopyInto(out *RoleParameters) { *out = new(bool) **out = **in } + if in.InlinePolicy != nil { + in, out := &in.InlinePolicy, &out.InlinePolicy + *out = make([]InlinePolicyParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.MaxSessionDuration != nil { in, out := &in.MaxSessionDuration, &out.MaxSessionDuration *out = new(float64) diff --git a/apis/iam/v1beta1/zz_role_types.go b/apis/iam/v1beta1/zz_role_types.go index d616699f81..1f41165bbe 100755 --- a/apis/iam/v1beta1/zz_role_types.go +++ b/apis/iam/v1beta1/zz_role_types.go @@ -14,6 +14,12 @@ import ( ) type InlinePolicyInitParameters struct { + + // Friendly name of the role. See IAM Identifiers for more information. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Policy document as a JSON formatted string. + Policy *string `json:"policy,omitempty" tf:"policy,omitempty"` } type InlinePolicyObservation struct { @@ -26,6 +32,14 @@ type InlinePolicyObservation struct { } type InlinePolicyParameters struct { + + // Friendly name of the role. See IAM Identifiers for more information. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Policy document as a JSON formatted string. + // +kubebuilder:validation:Optional + Policy *string `json:"policy,omitempty" tf:"policy,omitempty"` } type RoleInitParameters struct { @@ -39,6 +53,9 @@ type RoleInitParameters struct { // Whether to force detaching any policies the role has before destroying it. Defaults to false. ForceDetachPolicies *bool `json:"forceDetachPolicies,omitempty" tf:"force_detach_policies,omitempty"` + // Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. Configuring one empty block (i.e. + InlinePolicy []InlinePolicyInitParameters `json:"inlinePolicy,omitempty" tf:"inline_policy,omitempty"` + // Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. MaxSessionDuration *float64 `json:"maxSessionDuration,omitempty" tf:"max_session_duration,omitempty"` @@ -127,6 +144,10 @@ type RoleParameters struct { // +kubebuilder:validation:Optional ForceDetachPolicies *bool `json:"forceDetachPolicies,omitempty" tf:"force_detach_policies,omitempty"` + // Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. Configuring one empty block (i.e. + // +kubebuilder:validation:Optional + InlinePolicy []InlinePolicyParameters `json:"inlinePolicy,omitempty" tf:"inline_policy,omitempty"` + // Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. // +kubebuilder:validation:Optional MaxSessionDuration *float64 `json:"maxSessionDuration,omitempty" tf:"max_session_duration,omitempty"` diff --git a/config/iam/config.go b/config/iam/config.go index 2af8610790..7e4a957d64 100644 --- a/config/iam/config.go +++ b/config/iam/config.go @@ -35,7 +35,7 @@ func Configure(p *config.Provider) { // aws_iam_policy_attachment // aws_iam_role_policy_attachment // aws_iam_role_policy - config.MoveToStatus(r.TerraformResource, "inline_policy", "managed_policy_arns") + config.MoveToStatus(r.TerraformResource, "managed_policy_arns") }) p.AddResourceConfigurator("aws_iam_instance_profile", func(r *config.Resource) { diff --git a/examples/iam/role-with-inline-policy.yaml b/examples/iam/role-with-inline-policy.yaml new file mode 100644 index 0000000000..d488b0c597 --- /dev/null +++ b/examples/iam/role-with-inline-policy.yaml @@ -0,0 +1,36 @@ +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Role +metadata: + annotations: + meta.upbound.io/example-id: iam/v1beta1/role + labels: + testing.upbound.io/example-name: role + name: role-with-inline-policy +spec: + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + inlinePolicy: + - name: "my_inline_policy" + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": "*", + "Action": "ec2:Describe*" + } + ] + } diff --git a/package/crds/iam.aws.upbound.io_roles.yaml b/package/crds/iam.aws.upbound.io_roles.yaml index 856e1996a6..46239fd420 100644 --- a/package/crds/iam.aws.upbound.io_roles.yaml +++ b/package/crds/iam.aws.upbound.io_roles.yaml @@ -77,6 +77,21 @@ spec: description: Whether to force detaching any policies the role has before destroying it. Defaults to false. type: boolean + inlinePolicy: + description: Configuration block defining an exclusive set of + IAM inline policies associated with the IAM role. See below. + Configuring one empty block (i.e. + items: + properties: + name: + description: Friendly name of the role. See IAM Identifiers + for more information. + type: string + policy: + description: Policy document as a JSON formatted string. + type: string + type: object + type: array maxSessionDuration: description: Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value @@ -120,6 +135,21 @@ spec: description: Whether to force detaching any policies the role has before destroying it. Defaults to false. type: boolean + inlinePolicy: + description: Configuration block defining an exclusive set of + IAM inline policies associated with the IAM role. See below. + Configuring one empty block (i.e. + items: + properties: + name: + description: Friendly name of the role. See IAM Identifiers + for more information. + type: string + policy: + description: Policy document as a JSON formatted string. + type: string + type: object + type: array maxSessionDuration: description: Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value