diff --git a/apis/apigee/v1beta1/zz_generated.conversion_hubs.go b/apis/apigee/v1beta1/zz_generated.conversion_hubs.go index aa8464c42..b1c2351e3 100755 --- a/apis/apigee/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/apigee/v1beta1/zz_generated.conversion_hubs.go @@ -26,3 +26,6 @@ func (tr *InstanceAttachment) Hub() {} // Hub marks this type as a conversion hub. func (tr *NATAddress) Hub() {} + +// Hub marks this type as a conversion hub. +func (tr *SyncAuthorization) Hub() {} diff --git a/apis/apigee/v1beta1/zz_generated.deepcopy.go b/apis/apigee/v1beta1/zz_generated.deepcopy.go index b81ab9be6..6e605f49c 100644 --- a/apis/apigee/v1beta1/zz_generated.deepcopy.go +++ b/apis/apigee/v1beta1/zz_generated.deepcopy.go @@ -3172,3 +3172,205 @@ func (in *PropertyParameters) DeepCopy() *PropertyParameters { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorization) DeepCopyInto(out *SyncAuthorization) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorization. +func (in *SyncAuthorization) DeepCopy() *SyncAuthorization { + if in == nil { + return nil + } + out := new(SyncAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SyncAuthorization) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorizationInitParameters) DeepCopyInto(out *SyncAuthorizationInitParameters) { + *out = *in + if in.Identities != nil { + in, out := &in.Identities, &out.Identities + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorizationInitParameters. +func (in *SyncAuthorizationInitParameters) DeepCopy() *SyncAuthorizationInitParameters { + if in == nil { + return nil + } + out := new(SyncAuthorizationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorizationList) DeepCopyInto(out *SyncAuthorizationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SyncAuthorization, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorizationList. +func (in *SyncAuthorizationList) DeepCopy() *SyncAuthorizationList { + if in == nil { + return nil + } + out := new(SyncAuthorizationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SyncAuthorizationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorizationObservation) DeepCopyInto(out *SyncAuthorizationObservation) { + *out = *in + if in.Etag != nil { + in, out := &in.Etag, &out.Etag + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Identities != nil { + in, out := &in.Identities, &out.Identities + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorizationObservation. +func (in *SyncAuthorizationObservation) DeepCopy() *SyncAuthorizationObservation { + if in == nil { + return nil + } + out := new(SyncAuthorizationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorizationParameters) DeepCopyInto(out *SyncAuthorizationParameters) { + *out = *in + if in.Identities != nil { + in, out := &in.Identities, &out.Identities + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.NameRef != nil { + in, out := &in.NameRef, &out.NameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NameSelector != nil { + in, out := &in.NameSelector, &out.NameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorizationParameters. +func (in *SyncAuthorizationParameters) DeepCopy() *SyncAuthorizationParameters { + if in == nil { + return nil + } + out := new(SyncAuthorizationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorizationSpec) DeepCopyInto(out *SyncAuthorizationSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorizationSpec. +func (in *SyncAuthorizationSpec) DeepCopy() *SyncAuthorizationSpec { + if in == nil { + return nil + } + out := new(SyncAuthorizationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncAuthorizationStatus) DeepCopyInto(out *SyncAuthorizationStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncAuthorizationStatus. +func (in *SyncAuthorizationStatus) DeepCopy() *SyncAuthorizationStatus { + if in == nil { + return nil + } + out := new(SyncAuthorizationStatus) + in.DeepCopyInto(out) + return out +} diff --git a/apis/apigee/v1beta1/zz_generated.managed.go b/apis/apigee/v1beta1/zz_generated.managed.go index 5efdc2ce6..53193b3bc 100644 --- a/apis/apigee/v1beta1/zz_generated.managed.go +++ b/apis/apigee/v1beta1/zz_generated.managed.go @@ -606,3 +606,63 @@ func (mg *Organization) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionD func (mg *Organization) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this SyncAuthorization. +func (mg *SyncAuthorization) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this SyncAuthorization. +func (mg *SyncAuthorization) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this SyncAuthorization. +func (mg *SyncAuthorization) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this SyncAuthorization. +func (mg *SyncAuthorization) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this SyncAuthorization. +func (mg *SyncAuthorization) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this SyncAuthorization. +func (mg *SyncAuthorization) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this SyncAuthorization. +func (mg *SyncAuthorization) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this SyncAuthorization. +func (mg *SyncAuthorization) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this SyncAuthorization. +func (mg *SyncAuthorization) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this SyncAuthorization. +func (mg *SyncAuthorization) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this SyncAuthorization. +func (mg *SyncAuthorization) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this SyncAuthorization. +func (mg *SyncAuthorization) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/apigee/v1beta1/zz_generated.managedlist.go b/apis/apigee/v1beta1/zz_generated.managedlist.go index 25c71935e..6bd400f57 100644 --- a/apis/apigee/v1beta1/zz_generated.managedlist.go +++ b/apis/apigee/v1beta1/zz_generated.managedlist.go @@ -96,3 +96,12 @@ func (l *OrganizationList) GetItems() []resource.Managed { } return items } + +// GetItems of this SyncAuthorizationList. +func (l *SyncAuthorizationList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/apigee/v1beta1/zz_generated.resolvers.go b/apis/apigee/v1beta1/zz_generated.resolvers.go index 132c3f062..b1bd4bbe3 100644 --- a/apis/apigee/v1beta1/zz_generated.resolvers.go +++ b/apis/apigee/v1beta1/zz_generated.resolvers.go @@ -562,3 +562,34 @@ func (mg *Organization) ResolveReferences(ctx context.Context, c client.Reader) return nil } + +// ResolveReferences of this SyncAuthorization. +func (mg *SyncAuthorization) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("apigee.gcp.upbound.io", "v1beta2", "Organization", "OrganizationList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Name), + Extract: resource.ExtractParamPath("name", true), + Reference: mg.Spec.ForProvider.NameRef, + Selector: mg.Spec.ForProvider.NameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Name") + } + mg.Spec.ForProvider.Name = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.NameRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/apigee/v1beta1/zz_syncauthorization_terraformed.go b/apis/apigee/v1beta1/zz_syncauthorization_terraformed.go new file mode 100755 index 000000000..47f678d28 --- /dev/null +++ b/apis/apigee/v1beta1/zz_syncauthorization_terraformed.go @@ -0,0 +1,129 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this SyncAuthorization +func (mg *SyncAuthorization) GetTerraformResourceType() string { + return "google_apigee_sync_authorization" +} + +// GetConnectionDetailsMapping for this SyncAuthorization +func (tr *SyncAuthorization) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this SyncAuthorization +func (tr *SyncAuthorization) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this SyncAuthorization +func (tr *SyncAuthorization) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this SyncAuthorization +func (tr *SyncAuthorization) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this SyncAuthorization +func (tr *SyncAuthorization) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this SyncAuthorization +func (tr *SyncAuthorization) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this SyncAuthorization +func (tr *SyncAuthorization) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this SyncAuthorization +func (tr *SyncAuthorization) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this SyncAuthorization using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *SyncAuthorization) LateInitialize(attrs []byte) (bool, error) { + params := &SyncAuthorizationParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *SyncAuthorization) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/apigee/v1beta1/zz_syncauthorization_types.go b/apis/apigee/v1beta1/zz_syncauthorization_types.go new file mode 100755 index 000000000..ffee55aa4 --- /dev/null +++ b/apis/apigee/v1beta1/zz_syncauthorization_types.go @@ -0,0 +1,128 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type SyncAuthorizationInitParameters struct { + + // Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name. + // The service-account-name is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + // You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + // The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. + Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` +} + +type SyncAuthorizationObservation struct { + + // Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + // Used internally during updates. + Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + + // an identifier for the resource with format organizations/{{name}}/syncAuthorization + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name. + // The service-account-name is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + // You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + // The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. + Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` + + // Name of the Apigee organization. + Name *string `json:"name,omitempty" tf:"name,omitempty"` +} + +type SyncAuthorizationParameters struct { + + // Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name. + // The service-account-name is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + // You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + // The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. + // +kubebuilder:validation:Optional + Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` + + // Name of the Apigee organization. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/apigee/v1beta2.Organization + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",true) + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Reference to a Organization in apigee to populate name. + // +kubebuilder:validation:Optional + NameRef *v1.Reference `json:"nameRef,omitempty" tf:"-"` + + // Selector for a Organization in apigee to populate name. + // +kubebuilder:validation:Optional + NameSelector *v1.Selector `json:"nameSelector,omitempty" tf:"-"` +} + +// SyncAuthorizationSpec defines the desired state of SyncAuthorization +type SyncAuthorizationSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider SyncAuthorizationParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider SyncAuthorizationInitParameters `json:"initProvider,omitempty"` +} + +// SyncAuthorizationStatus defines the observed state of SyncAuthorization. +type SyncAuthorizationStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider SyncAuthorizationObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// SyncAuthorization is the Schema for the SyncAuthorizations API. Authorize the Synchronizer to download environment data from the control plane. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} +type SyncAuthorization struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.identities) || (has(self.initProvider) && has(self.initProvider.identities))",message="spec.forProvider.identities is a required parameter" + Spec SyncAuthorizationSpec `json:"spec"` + Status SyncAuthorizationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// SyncAuthorizationList contains a list of SyncAuthorizations +type SyncAuthorizationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SyncAuthorization `json:"items"` +} + +// Repository type metadata. +var ( + SyncAuthorization_Kind = "SyncAuthorization" + SyncAuthorization_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: SyncAuthorization_Kind}.String() + SyncAuthorization_KindAPIVersion = SyncAuthorization_Kind + "." + CRDGroupVersion.String() + SyncAuthorization_GroupVersionKind = CRDGroupVersion.WithKind(SyncAuthorization_Kind) +) + +func init() { + SchemeBuilder.Register(&SyncAuthorization{}, &SyncAuthorizationList{}) +} diff --git a/config/externalname.go b/config/externalname.go index 38e8ac93c..292431988 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -872,6 +872,8 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ "google_apigee_instance_attachment": config.IdentifierFromProvider, // Imported by using the following format: organizations/{{name}} "google_apigee_organization": config.IdentifierFromProvider, + // Imported by using the following format: organizations/{{name}}/syncAuthorization + "google_apigee_sync_authorization": config.TemplatedStringAsIdentifier("", "organizations/{{ .parameters.name }}/syncAuthorization"), // Imported by using the following format: {{instance_id}}/natAddresses/{{name}} "google_apigee_nat_address": config.TemplatedStringAsIdentifier("name", "{{ .parameters.instance_id }}/natAddresses/{{ .external_name }}"), // Imported by using the following format: {{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 029bc8978..7946016c0 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -113,8 +113,6 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ "google_apigee_environment_iam_policy": config.IdentifierFromProvider, // Imported by using the following format: {{instance_id}}/natAddresses/{{name}} "google_apigee_nat_address": config.TemplatedStringAsIdentifier("name", "{{ .parameters.instance_id }}/natAddresses/{{ .external_name }}"), - // Imported by using the following format: organizations/{{name}}/syncAuthorization - "google_apigee_sync_authorization": config.TemplatedStringAsIdentifier("name", "organizations/{{ .external_name }}/syncAuthorization"), // apikeys // diff --git a/config/generated.lst b/config/generated.lst index 58148d042..308619073 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_addons_config","google_apigee_endpoint_attachment","google_apigee_envgroup","google_apigee_envgroup_attachment","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_instance_attachment","google_apigee_nat_address","google_apigee_organization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_org_policy_policy","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tags_tag_binding","google_tags_tag_key","google_tags_tag_value","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file +["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_addons_config","google_apigee_endpoint_attachment","google_apigee_envgroup","google_apigee_envgroup_attachment","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_instance_attachment","google_apigee_nat_address","google_apigee_organization","google_apigee_sync_authorization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_tag","google_data_catalog_tag_template","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_asset","google_dataplex_lake","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_org_policy_policy","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tags_tag_binding","google_tags_tag_key","google_tags_tag_value","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file diff --git a/examples-generated/apigee/v1beta1/syncauthorization.yaml b/examples-generated/apigee/v1beta1/syncauthorization.yaml new file mode 100644 index 000000000..b8506a8f4 --- /dev/null +++ b/examples-generated/apigee/v1beta1/syncauthorization.yaml @@ -0,0 +1,79 @@ +apiVersion: apigee.gcp.upbound.io/v1beta1 +kind: SyncAuthorization +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + labels: + testing.upbound.io/example-name: apigee_sync_authorization + name: apigee-sync-authorization +spec: + forProvider: + identities: + - serviceAccount:${google_service_account.service_account.email} + nameSelector: + matchLabels: + testing.upbound.io/example-name: apigee_org + +--- + +apiVersion: apigee.gcp.upbound.io/v1beta2 +kind: Organization +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + labels: + testing.upbound.io/example-name: apigee_org + name: apigee-org +spec: + forProvider: + analyticsRegion: us-central1 + projectId: my-project + runtimeType: HYBRID + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: Project +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + labels: + testing.upbound.io/example-name: project + name: project +spec: + forProvider: + billingAccount: 000000-0000000-0000000-000000 + name: my-project + orgId: "123456789" + projectId: my-project + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: ProjectService +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + labels: + testing.upbound.io/example-name: apigee + name: apigee +spec: + forProvider: + projectSelector: + matchLabels: + testing.upbound.io/example-name: project + service: apigee.googleapis.com + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: ServiceAccount +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + labels: + testing.upbound.io/example-name: service_account + name: service-account +spec: + forProvider: + displayName: Service Account diff --git a/examples/apigee/v1beta1/syncauthorization.yaml b/examples/apigee/v1beta1/syncauthorization.yaml new file mode 100644 index 000000000..2abfa2870 --- /dev/null +++ b/examples/apigee/v1beta1/syncauthorization.yaml @@ -0,0 +1,46 @@ +apiVersion: apigee.gcp.upbound.io/v1beta1 +kind: SyncAuthorization +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + upjet.upbound.io/manual-intervention: "This resource was skipped because the dependent Organization resource was skipped" + labels: + testing.upbound.io/example-name: apigee-sync-authorization + name: apigee-sync-authorization +spec: + forProvider: + name: ${project.project_id} + identities: + - serviceAccount:apigee-sync-authorization@${project.project_id}.iam.gserviceaccount.com + +--- + +apiVersion: apigee.gcp.upbound.io/v1beta2 +kind: Organization +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + upjet.upbound.io/manual-intervention: "Organization requires a real Project ID" + labels: + testing.upbound.io/example-name: apigee-sync-authorization + name: apigee-sync-authorization +spec: + forProvider: + analyticsRegion: us-central1 + runtimeType: HYBRID + projectId: ${project.project_id} + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: ServiceAccount +metadata: + annotations: + meta.upbound.io/example-id: apigee/v1beta1/syncauthorization + upjet.upbound.io/manual-intervention: "This resource was skipped because the dependent Organization resource was skipped" + labels: + testing.upbound.io/example-name: apigee-sync-authorization + name: apigee-sync-authorization +spec: + forProvider: + displayName: apigee-sync-authorization diff --git a/internal/controller/apigee/syncauthorization/zz_controller.go b/internal/controller/apigee/syncauthorization/zz_controller.go new file mode 100755 index 000000000..e5f76bfe7 --- /dev/null +++ b/internal/controller/apigee/syncauthorization/zz_controller.go @@ -0,0 +1,92 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package syncauthorization + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/metrics" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1beta1 "github.com/upbound/provider-gcp/apis/apigee/v1beta1" + features "github.com/upbound/provider-gcp/internal/features" +) + +// Setup adds a controller that reconciles SyncAuthorization managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1beta1.SyncAuthorization_GroupVersionKind.String()) + var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.SyncAuthorization_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.SyncAuthorization_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter( + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_apigee_sync_authorization"], + tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), + tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), + tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.SyncAuthorization_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1beta1.SyncAuthorization + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1beta1.SyncAuthorization{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.SyncAuthorization") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.SyncAuthorizationList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.SyncAuthorizationList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.SyncAuthorization_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1beta1.SyncAuthorization{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_apigee_setup.go b/internal/controller/zz_apigee_setup.go index 8e4f59070..58ea78b3d 100755 --- a/internal/controller/zz_apigee_setup.go +++ b/internal/controller/zz_apigee_setup.go @@ -19,6 +19,7 @@ import ( instanceattachment "github.com/upbound/provider-gcp/internal/controller/apigee/instanceattachment" nataddress "github.com/upbound/provider-gcp/internal/controller/apigee/nataddress" organization "github.com/upbound/provider-gcp/internal/controller/apigee/organization" + syncauthorization "github.com/upbound/provider-gcp/internal/controller/apigee/syncauthorization" ) // Setup_apigee creates all controllers with the supplied logger and adds them to @@ -35,6 +36,7 @@ func Setup_apigee(mgr ctrl.Manager, o controller.Options) error { instanceattachment.Setup, nataddress.Setup, organization.Setup, + syncauthorization.Setup, } { if err := setup(mgr, o); err != nil { return err diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 537ff767c..3ade62fb4 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -29,6 +29,7 @@ import ( instanceattachment "github.com/upbound/provider-gcp/internal/controller/apigee/instanceattachment" nataddress "github.com/upbound/provider-gcp/internal/controller/apigee/nataddress" organization "github.com/upbound/provider-gcp/internal/controller/apigee/organization" + syncauthorization "github.com/upbound/provider-gcp/internal/controller/apigee/syncauthorization" application "github.com/upbound/provider-gcp/internal/controller/appengine/application" applicationurldispatchrules "github.com/upbound/provider-gcp/internal/controller/appengine/applicationurldispatchrules" firewallrule "github.com/upbound/provider-gcp/internal/controller/appengine/firewallrule" @@ -389,6 +390,7 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { instanceattachment.Setup, nataddress.Setup, organization.Setup, + syncauthorization.Setup, application.Setup, applicationurldispatchrules.Setup, firewallrule.Setup, diff --git a/package/crds/apigee.gcp.upbound.io_syncauthorizations.yaml b/package/crds/apigee.gcp.upbound.io_syncauthorizations.yaml new file mode 100644 index 000000000..422871562 --- /dev/null +++ b/package/crds/apigee.gcp.upbound.io_syncauthorizations.yaml @@ -0,0 +1,447 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: syncauthorizations.apigee.gcp.upbound.io +spec: + group: apigee.gcp.upbound.io + names: + categories: + - crossplane + - managed + - gcp + kind: SyncAuthorization + listKind: SyncAuthorizationList + plural: syncauthorizations + singular: syncauthorization + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SyncAuthorization is the Schema for the SyncAuthorizations API. + Authorize the Synchronizer to download environment data from the control + plane. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SyncAuthorizationSpec defines the desired state of SyncAuthorization + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name. + The service-account-name is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. + items: + type: string + type: array + name: + description: Name of the Apigee organization. + type: string + nameRef: + description: Reference to a Organization in apigee to populate + name. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + nameSelector: + description: Selector for a Organization in apigee to populate + name. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name. + The service-account-name is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. + items: + type: string + type: array + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.identities is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.identities) + || (has(self.initProvider) && has(self.initProvider.identities))' + status: + description: SyncAuthorizationStatus defines the observed state of SyncAuthorization. + properties: + atProvider: + properties: + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string + id: + description: an identifier for the resource with format organizations/{{name}}/syncAuthorization + type: string + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: serviceAccount:service-account-name. + The service-account-name is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + The service accounts must have Apigee Synchronizer Manager role. See also Create service accounts. + items: + type: string + type: array + name: + description: Name of the Apigee organization. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}