From 2d14a0c6439df08033d3c0b19e5477f09e31cca5 Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Tue, 4 Jun 2024 15:15:59 +0300 Subject: [PATCH 1/4] Bump upjet to commit f4f87bab8535 - Generate the secret references for the sensitive fields under the spec.initProvider API tree. Signed-off-by: Alper Rifat Ulucinar --- .../alloydb/v1beta2/zz_cluster_terraformed.go | 2 +- apis/alloydb/v1beta2/zz_cluster_types.go | 6 +- apis/alloydb/v1beta2/zz_generated.deepcopy.go | 1 + .../v1beta2/zz_application_terraformed.go | 2 +- .../appengine/v1beta2/zz_application_types.go | 6 +- .../v1beta2/zz_generated.deepcopy.go | 1 + .../v1beta2/zz_connection_terraformed.go | 2 +- apis/bigquery/v1beta2/zz_connection_types.go | 6 +- .../zz_datatransferconfig_terraformed.go | 2 +- .../v1beta2/zz_datatransferconfig_types.go | 6 +- .../bigquery/v1beta2/zz_generated.deepcopy.go | 2 + .../v1beta2/zz_certificate_terraformed.go | 2 +- .../v1beta2/zz_certificate_types.go | 13 ++ .../v1beta2/zz_generated.deepcopy.go | 15 ++ ...z_backendbucketsignedurlkey_terraformed.go | 2 +- .../zz_backendbucketsignedurlkey_types.go | 5 + ..._backendservicesignedurlkey_terraformed.go | 2 +- .../zz_backendservicesignedurlkey_types.go | 5 + apis/compute/v1beta1/zz_generated.deepcopy.go | 7 + .../zz_regionsslcertificate_terraformed.go | 2 +- .../v1beta1/zz_regionsslcertificate_types.go | 10 + .../v1beta1/zz_sslcertificate_terraformed.go | 2 +- .../v1beta1/zz_sslcertificate_types.go | 10 + .../v1beta1/zz_vpntunnel_terraformed.go | 2 +- apis/compute/v1beta1/zz_vpntunnel_types.go | 5 + .../v1beta2/zz_backendservice_terraformed.go | 2 +- .../v1beta2/zz_backendservice_types.go | 6 +- apis/compute/v1beta2/zz_disk_terraformed.go | 2 +- apis/compute/v1beta2/zz_disk_types.go | 11 ++ apis/compute/v1beta2/zz_generated.deepcopy.go | 43 +++++ .../v1beta2/zz_instance_terraformed.go | 2 +- apis/compute/v1beta2/zz_instance_types.go | 13 ++ .../zz_instancefromtemplate_terraformed.go | 2 +- .../v1beta2/zz_instancefromtemplate_types.go | 2 + .../zz_regionbackendservice_terraformed.go | 2 +- .../v1beta2/zz_regionbackendservice_types.go | 6 +- .../v1beta2/zz_regiondisk_terraformed.go | 2 +- apis/compute/v1beta2/zz_regiondisk_types.go | 5 + .../v1beta2/zz_routerpeer_terraformed.go | 2 +- apis/compute/v1beta2/zz_routerpeer_types.go | 3 +- .../v1beta2/zz_snapshot_terraformed.go | 2 +- apis/compute/v1beta2/zz_snapshot_types.go | 10 + .../zz_deidentifytemplate_terraformed.go | 2 +- .../v1beta2/zz_deidentifytemplate_types.go | 24 ++- .../v1beta2/zz_generated.deepcopy.go | 4 + .../zz_connectionprofile_terraformed.go | 2 +- .../v1beta2/zz_connectionprofile_types.go | 44 ++++- .../v1beta2/zz_generated.deepcopy.go | 30 ++- .../v1beta2/zz_agent_terraformed.go | 2 +- apis/dialogflowcx/v1beta2/zz_agent_types.go | 4 + .../v1beta2/zz_generated.deepcopy.go | 5 + ...z_defaultsupportedidpconfig_terraformed.go | 2 +- .../zz_defaultsupportedidpconfig_types.go | 6 + .../v1beta1/zz_generated.deepcopy.go | 16 ++ .../v1beta1/zz_oauthidpconfig_terraformed.go | 2 +- .../v1beta1/zz_oauthidpconfig_types.go | 6 + ...ntdefaultsupportedidpconfig_terraformed.go | 2 +- ...z_tenantdefaultsupportedidpconfig_types.go | 6 + .../zz_tenantoauthidpconfig_terraformed.go | 2 +- .../v1beta1/zz_tenantoauthidpconfig_types.go | 6 + .../v1beta2/zz_generated.deepcopy.go | 18 +- .../zz_inboundsamlconfig_terraformed.go | 2 +- .../v1beta2/zz_inboundsamlconfig_types.go | 4 + .../zz_tenantinboundsamlconfig_terraformed.go | 2 +- .../zz_tenantinboundsamlconfig_types.go | 4 + apis/kms/v1beta1/zz_generated.deepcopy.go | 5 + .../zz_secretciphertext_terraformed.go | 2 +- apis/kms/v1beta1/zz_secretciphertext_types.go | 4 + .../v1beta2/zz_generated.deepcopy.go | 18 +- .../zz_notificationchannel_terraformed.go | 2 +- .../v1beta2/zz_notificationchannel_types.go | 12 ++ .../zz_uptimecheckconfig_terraformed.go | 2 +- .../v1beta2/zz_uptimecheckconfig_types.go | 6 +- apis/oslogin/v1beta1/zz_generated.deepcopy.go | 1 + .../v1beta1/zz_sshpublickey_terraformed.go | 2 +- apis/oslogin/v1beta1/zz_sshpublickey_types.go | 3 + .../v1beta2/zz_certificate_terraformed.go | 2 +- .../privateca/v1beta2/zz_certificate_types.go | 3 + .../v1beta2/zz_generated.deepcopy.go | 5 + .../v1beta1/zz_generated.deepcopy.go | 1 + .../v1beta1/zz_secretversion_terraformed.go | 2 +- .../v1beta1/zz_secretversion_types.go | 3 + apis/sql/v1beta1/zz_generated.deepcopy.go | 5 + ...ourcerepresentationinstance_terraformed.go | 2 +- .../zz_sourcerepresentationinstance_types.go | 4 + .../zz_databaseinstance_terraformed.go | 2 +- apis/sql/v1beta2/zz_databaseinstance_types.go | 6 + apis/sql/v1beta2/zz_generated.deepcopy.go | 15 ++ apis/sql/v1beta2/zz_user_terraformed.go | 2 +- apis/sql/v1beta2/zz_user_types.go | 6 + .../v1beta2/zz_bucketobject_terraformed.go | 2 +- apis/storage/v1beta2/zz_bucketobject_types.go | 5 +- apis/storage/v1beta2/zz_generated.deepcopy.go | 1 + go.mod | 2 + go.sum | 4 +- .../crds/alloydb.gcp.upbound.io_clusters.yaml | 23 ++- ...appengine.gcp.upbound.io_applications.yaml | 23 ++- .../bigquery.gcp.upbound.io_connections.yaml | 23 ++- ...ry.gcp.upbound.io_datatransferconfigs.yaml | 26 ++- ...temanager.gcp.upbound.io_certificates.yaml | 58 ++++++ ...upbound.io_backendbucketsignedurlkeys.yaml | 22 +++ ...ompute.gcp.upbound.io_backendservices.yaml | 23 ++- ...pbound.io_backendservicesignedurlkeys.yaml | 22 +++ .../crds/compute.gcp.upbound.io_disks.yaml | 41 +++++ ....gcp.upbound.io_instancefromtemplates.yaml | 18 ++ .../compute.gcp.upbound.io_instances.yaml | 43 +++++ ....gcp.upbound.io_regionbackendservices.yaml | 23 ++- .../compute.gcp.upbound.io_regiondisks.yaml | 20 ++ ....gcp.upbound.io_regionsslcertificates.yaml | 43 +++++ .../compute.gcp.upbound.io_routerpeers.yaml | 22 ++- .../compute.gcp.upbound.io_snapshots.yaml | 40 ++++ ...ompute.gcp.upbound.io_sslcertificates.yaml | 43 +++++ .../compute.gcp.upbound.io_vpntunnels.yaml | 22 +++ ...on.gcp.upbound.io_deidentifytemplates.yaml | 116 ++++++++++-- ...eam.gcp.upbound.io_connectionprofiles.yaml | 171 +++++++++++++++++- .../dialogflowcx.gcp.upbound.io_agents.yaml | 19 ++ ...upbound.io_defaultsupportedidpconfigs.yaml | 37 ++++ ...orm.gcp.upbound.io_inboundsamlconfigs.yaml | 20 ++ ...atform.gcp.upbound.io_oauthidpconfigs.yaml | 37 ++++ ...d.io_tenantdefaultsupportedidpconfigs.yaml | 37 ++++ ...p.upbound.io_tenantinboundsamlconfigs.yaml | 20 ++ ....gcp.upbound.io_tenantoauthidpconfigs.yaml | 37 ++++ .../kms.gcp.upbound.io_secretciphertexts.yaml | 19 ++ ...g.gcp.upbound.io_notificationchannels.yaml | 58 ++++++ ...ing.gcp.upbound.io_uptimecheckconfigs.yaml | 23 ++- .../oslogin.gcp.upbound.io_sshpublickeys.yaml | 20 ++ ...privateca.gcp.upbound.io_certificates.yaml | 23 +++ ...manager.gcp.upbound.io_secretversions.yaml | 19 ++ .../sql.gcp.upbound.io_databaseinstances.yaml | 35 ++++ ...ound.io_sourcerepresentationinstances.yaml | 19 ++ package/crds/sql.gcp.upbound.io_users.yaml | 21 +++ .../storage.gcp.upbound.io_bucketobjects.yaml | 21 ++- 132 files changed, 1743 insertions(+), 101 deletions(-) diff --git a/apis/alloydb/v1beta2/zz_cluster_terraformed.go b/apis/alloydb/v1beta2/zz_cluster_terraformed.go index 8fd183227..5cecf58e0 100755 --- a/apis/alloydb/v1beta2/zz_cluster_terraformed.go +++ b/apis/alloydb/v1beta2/zz_cluster_terraformed.go @@ -21,7 +21,7 @@ func (mg *Cluster) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Cluster func (tr *Cluster) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"initial_user[*].password": "spec.forProvider.initialUser[*].passwordSecretRef"} + return map[string]string{"initial_user[*].password": "initialUser[*].passwordSecretRef"} } // GetObservation of this Cluster diff --git a/apis/alloydb/v1beta2/zz_cluster_types.go b/apis/alloydb/v1beta2/zz_cluster_types.go index 4f2d964e8..b7d4e7067 100755 --- a/apis/alloydb/v1beta2/zz_cluster_types.go +++ b/apis/alloydb/v1beta2/zz_cluster_types.go @@ -607,6 +607,10 @@ type ContinuousBackupInfoParameters struct { type InitialUserInitParameters struct { + // The initial password for the user. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` + // The database username. User *string `json:"user,omitempty" tf:"user,omitempty"` } @@ -621,7 +625,7 @@ type InitialUserParameters struct { // The initial password for the user. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` // The database username. diff --git a/apis/alloydb/v1beta2/zz_generated.deepcopy.go b/apis/alloydb/v1beta2/zz_generated.deepcopy.go index 525acb74d..80acdd7c1 100644 --- a/apis/alloydb/v1beta2/zz_generated.deepcopy.go +++ b/apis/alloydb/v1beta2/zz_generated.deepcopy.go @@ -2043,6 +2043,7 @@ func (in *ExpiryQuantityParameters) DeepCopy() *ExpiryQuantityParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InitialUserInitParameters) DeepCopyInto(out *InitialUserInitParameters) { *out = *in + out.PasswordSecretRef = in.PasswordSecretRef if in.User != nil { in, out := &in.User, &out.User *out = new(string) diff --git a/apis/appengine/v1beta2/zz_application_terraformed.go b/apis/appengine/v1beta2/zz_application_terraformed.go index 0919a6e68..223359d1e 100755 --- a/apis/appengine/v1beta2/zz_application_terraformed.go +++ b/apis/appengine/v1beta2/zz_application_terraformed.go @@ -21,7 +21,7 @@ func (mg *Application) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Application func (tr *Application) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"iap[*].oauth2_client_secret": "spec.forProvider.iap[*].oauth2ClientSecretSecretRef", "iap[*].oauth2_client_secret_sha256": "status.atProvider.iap[*].oauth2ClientSecretSha256"} + return map[string]string{"iap[*].oauth2_client_secret": "iap[*].oauth2ClientSecretSecretRef", "iap[*].oauth2_client_secret_sha256": "status.atProvider.iap[*].oauth2ClientSecretSha256"} } // GetObservation of this Application diff --git a/apis/appengine/v1beta2/zz_application_types.go b/apis/appengine/v1beta2/zz_application_types.go index 0de00dd54..302f42144 100755 --- a/apis/appengine/v1beta2/zz_application_types.go +++ b/apis/appengine/v1beta2/zz_application_types.go @@ -190,6 +190,10 @@ type IapInitParameters struct { // OAuth2 client ID to use for the authentication flow. Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` + + // OAuth2 client secret to use for the authentication flow. + // The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. + Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` } type IapObservation struct { @@ -215,7 +219,7 @@ type IapParameters struct { // OAuth2 client secret to use for the authentication flow. // The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` } diff --git a/apis/appengine/v1beta2/zz_generated.deepcopy.go b/apis/appengine/v1beta2/zz_generated.deepcopy.go index b6de5d835..606b5561d 100644 --- a/apis/appengine/v1beta2/zz_generated.deepcopy.go +++ b/apis/appengine/v1beta2/zz_generated.deepcopy.go @@ -983,6 +983,7 @@ func (in *IapInitParameters) DeepCopyInto(out *IapInitParameters) { *out = new(string) **out = **in } + out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IapInitParameters. diff --git a/apis/bigquery/v1beta2/zz_connection_terraformed.go b/apis/bigquery/v1beta2/zz_connection_terraformed.go index d228825b3..905029aa3 100755 --- a/apis/bigquery/v1beta2/zz_connection_terraformed.go +++ b/apis/bigquery/v1beta2/zz_connection_terraformed.go @@ -21,7 +21,7 @@ func (mg *Connection) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Connection func (tr *Connection) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"cloud_sql[*].credential[*].password": "spec.forProvider.cloudSql[*].credential[*].passwordSecretRef"} + return map[string]string{"cloud_sql[*].credential[*].password": "cloudSql[*].credential[*].passwordSecretRef"} } // GetObservation of this Connection diff --git a/apis/bigquery/v1beta2/zz_connection_types.go b/apis/bigquery/v1beta2/zz_connection_types.go index 661830f10..470669914 100755 --- a/apis/bigquery/v1beta2/zz_connection_types.go +++ b/apis/bigquery/v1beta2/zz_connection_types.go @@ -456,6 +456,10 @@ type ConnectionParameters struct { type CredentialInitParameters struct { + // Password for database. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` + // Username for database. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/sql/v1beta2.User Username *string `json:"username,omitempty" tf:"username,omitempty"` @@ -479,7 +483,7 @@ type CredentialParameters struct { // Password for database. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` // Username for database. diff --git a/apis/bigquery/v1beta2/zz_datatransferconfig_terraformed.go b/apis/bigquery/v1beta2/zz_datatransferconfig_terraformed.go index e11bd8972..7160c25bc 100755 --- a/apis/bigquery/v1beta2/zz_datatransferconfig_terraformed.go +++ b/apis/bigquery/v1beta2/zz_datatransferconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *DataTransferConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this DataTransferConfig func (tr *DataTransferConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"sensitive_params[*].secret_access_key": "spec.forProvider.sensitiveParams[*].secretAccessKeySecretRef"} + return map[string]string{"sensitive_params[*].secret_access_key": "sensitiveParams[*].secretAccessKeySecretRef"} } // GetObservation of this DataTransferConfig diff --git a/apis/bigquery/v1beta2/zz_datatransferconfig_types.go b/apis/bigquery/v1beta2/zz_datatransferconfig_types.go index 32bad7698..acd6b4c74 100755 --- a/apis/bigquery/v1beta2/zz_datatransferconfig_types.go +++ b/apis/bigquery/v1beta2/zz_datatransferconfig_types.go @@ -369,6 +369,10 @@ type ScheduleOptionsParameters struct { } type SensitiveParamsInitParameters struct { + + // The Secret Access Key of the AWS account transferring data from. + // Note: This property is sensitive and will not be displayed in the plan. + SecretAccessKeySecretRef v1.SecretKeySelector `json:"secretAccessKeySecretRef" tf:"-"` } type SensitiveParamsObservation struct { @@ -378,7 +382,7 @@ type SensitiveParamsParameters struct { // The Secret Access Key of the AWS account transferring data from. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional SecretAccessKeySecretRef v1.SecretKeySelector `json:"secretAccessKeySecretRef" tf:"-"` } diff --git a/apis/bigquery/v1beta2/zz_generated.deepcopy.go b/apis/bigquery/v1beta2/zz_generated.deepcopy.go index 6b4cbdc54..420f9894b 100644 --- a/apis/bigquery/v1beta2/zz_generated.deepcopy.go +++ b/apis/bigquery/v1beta2/zz_generated.deepcopy.go @@ -2425,6 +2425,7 @@ func (in *CopyParameters) DeepCopy() *CopyParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialInitParameters) DeepCopyInto(out *CredentialInitParameters) { *out = *in + out.PasswordSecretRef = in.PasswordSecretRef if in.Username != nil { in, out := &in.Username, &out.Username *out = new(string) @@ -9994,6 +9995,7 @@ func (in *ScriptOptionsParameters) DeepCopy() *ScriptOptionsParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SensitiveParamsInitParameters) DeepCopyInto(out *SensitiveParamsInitParameters) { *out = *in + out.SecretAccessKeySecretRef = in.SecretAccessKeySecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SensitiveParamsInitParameters. diff --git a/apis/certificatemanager/v1beta2/zz_certificate_terraformed.go b/apis/certificatemanager/v1beta2/zz_certificate_terraformed.go index 38fc93c3c..081dae98b 100755 --- a/apis/certificatemanager/v1beta2/zz_certificate_terraformed.go +++ b/apis/certificatemanager/v1beta2/zz_certificate_terraformed.go @@ -21,7 +21,7 @@ func (mg *Certificate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Certificate func (tr *Certificate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"self_managed[*].certificate_pem": "spec.forProvider.selfManaged[*].certificatePemSecretRef", "self_managed[*].pem_private_key": "spec.forProvider.selfManaged[*].pemPrivateKeySecretRef", "self_managed[*].private_key_pem": "spec.forProvider.selfManaged[*].privateKeyPemSecretRef"} + return map[string]string{"self_managed[*].certificate_pem": "selfManaged[*].certificatePemSecretRef", "self_managed[*].pem_private_key": "selfManaged[*].pemPrivateKeySecretRef", "self_managed[*].private_key_pem": "selfManaged[*].privateKeyPemSecretRef"} } // GetObservation of this Certificate diff --git a/apis/certificatemanager/v1beta2/zz_certificate_types.go b/apis/certificatemanager/v1beta2/zz_certificate_types.go index 626998f65..cdd8bd6e6 100755 --- a/apis/certificatemanager/v1beta2/zz_certificate_types.go +++ b/apis/certificatemanager/v1beta2/zz_certificate_types.go @@ -259,9 +259,22 @@ type ProvisioningIssueParameters struct { type SelfManagedInitParameters struct { + // The certificate chain in PEM-encoded form. + // Leaf certificate comes first, followed by intermediate ones if any. + // Note: This property is sensitive and will not be displayed in the plan. + CertificatePemSecretRef *v1.SecretKeySelector `json:"certificatePemSecretRef,omitempty" tf:"-"` + // The certificate chain in PEM-encoded form. // Leaf certificate comes first, followed by intermediate ones if any. PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` + + // The private key of the leaf certificate in PEM-encoded form. + // Note: This property is sensitive and will not be displayed in the plan. + PemPrivateKeySecretRef *v1.SecretKeySelector `json:"pemPrivateKeySecretRef,omitempty" tf:"-"` + + // The private key of the leaf certificate in PEM-encoded form. + // Note: This property is sensitive and will not be displayed in the plan. + PrivateKeyPemSecretRef *v1.SecretKeySelector `json:"privateKeyPemSecretRef,omitempty" tf:"-"` } type SelfManagedObservation struct { diff --git a/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go b/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go index 43af1e6f7..03358b854 100644 --- a/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go +++ b/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go @@ -590,11 +590,26 @@ func (in *ProvisioningIssueParameters) DeepCopy() *ProvisioningIssueParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SelfManagedInitParameters) DeepCopyInto(out *SelfManagedInitParameters) { *out = *in + if in.CertificatePemSecretRef != nil { + in, out := &in.CertificatePemSecretRef, &out.CertificatePemSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.PemCertificate != nil { in, out := &in.PemCertificate, &out.PemCertificate *out = new(string) **out = **in } + if in.PemPrivateKeySecretRef != nil { + in, out := &in.PemPrivateKeySecretRef, &out.PemPrivateKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } + if in.PrivateKeyPemSecretRef != nil { + in, out := &in.PrivateKeyPemSecretRef, &out.PrivateKeyPemSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfManagedInitParameters. diff --git a/apis/compute/v1beta1/zz_backendbucketsignedurlkey_terraformed.go b/apis/compute/v1beta1/zz_backendbucketsignedurlkey_terraformed.go index ceeb62a75..69d06271b 100755 --- a/apis/compute/v1beta1/zz_backendbucketsignedurlkey_terraformed.go +++ b/apis/compute/v1beta1/zz_backendbucketsignedurlkey_terraformed.go @@ -21,7 +21,7 @@ func (mg *BackendBucketSignedURLKey) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this BackendBucketSignedURLKey func (tr *BackendBucketSignedURLKey) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"key_value": "spec.forProvider.keyValueSecretRef"} + return map[string]string{"key_value": "keyValueSecretRef"} } // GetObservation of this BackendBucketSignedURLKey diff --git a/apis/compute/v1beta1/zz_backendbucketsignedurlkey_types.go b/apis/compute/v1beta1/zz_backendbucketsignedurlkey_types.go index ba136dde1..fcdbaf2a5 100755 --- a/apis/compute/v1beta1/zz_backendbucketsignedurlkey_types.go +++ b/apis/compute/v1beta1/zz_backendbucketsignedurlkey_types.go @@ -27,6 +27,11 @@ type BackendBucketSignedURLKeyInitParameters struct { // +kubebuilder:validation:Optional BackendBucketSelector *v1.Selector `json:"backendBucketSelector,omitempty" tf:"-"` + // 128-bit key value used for signing the URL. The key value must be a + // valid RFC 4648 Section 5 base64url encoded string. + // Note: This property is sensitive and will not be displayed in the plan. + KeyValueSecretRef v1.SecretKeySelector `json:"keyValueSecretRef" tf:"-"` + // Name of the signed URL key. Name *string `json:"name,omitempty" tf:"name,omitempty"` diff --git a/apis/compute/v1beta1/zz_backendservicesignedurlkey_terraformed.go b/apis/compute/v1beta1/zz_backendservicesignedurlkey_terraformed.go index 5a1d47e1e..ab67c87f2 100755 --- a/apis/compute/v1beta1/zz_backendservicesignedurlkey_terraformed.go +++ b/apis/compute/v1beta1/zz_backendservicesignedurlkey_terraformed.go @@ -21,7 +21,7 @@ func (mg *BackendServiceSignedURLKey) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this BackendServiceSignedURLKey func (tr *BackendServiceSignedURLKey) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"key_value": "spec.forProvider.keyValueSecretRef"} + return map[string]string{"key_value": "keyValueSecretRef"} } // GetObservation of this BackendServiceSignedURLKey diff --git a/apis/compute/v1beta1/zz_backendservicesignedurlkey_types.go b/apis/compute/v1beta1/zz_backendservicesignedurlkey_types.go index 1df1569e9..fce8b40ca 100755 --- a/apis/compute/v1beta1/zz_backendservicesignedurlkey_types.go +++ b/apis/compute/v1beta1/zz_backendservicesignedurlkey_types.go @@ -27,6 +27,11 @@ type BackendServiceSignedURLKeyInitParameters struct { // +kubebuilder:validation:Optional BackendServiceSelector *v1.Selector `json:"backendServiceSelector,omitempty" tf:"-"` + // 128-bit key value used for signing the URL. The key value must be a + // valid RFC 4648 Section 5 base64url encoded string. + // Note: This property is sensitive and will not be displayed in the plan. + KeyValueSecretRef v1.SecretKeySelector `json:"keyValueSecretRef" tf:"-"` + // Name of the signed URL key. Name *string `json:"name,omitempty" tf:"name,omitempty"` diff --git a/apis/compute/v1beta1/zz_generated.deepcopy.go b/apis/compute/v1beta1/zz_generated.deepcopy.go index 0d0b35d42..615b12e3c 100644 --- a/apis/compute/v1beta1/zz_generated.deepcopy.go +++ b/apis/compute/v1beta1/zz_generated.deepcopy.go @@ -3370,6 +3370,7 @@ func (in *BackendBucketSignedURLKeyInitParameters) DeepCopyInto(out *BackendBuck *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + out.KeyValueSecretRef = in.KeyValueSecretRef if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -4709,6 +4710,7 @@ func (in *BackendServiceSignedURLKeyInitParameters) DeepCopyInto(out *BackendSer *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + out.KeyValueSecretRef = in.KeyValueSecretRef if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -52529,11 +52531,13 @@ func (in *RegionSSLCertificate) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionSSLCertificateInitParameters) DeepCopyInto(out *RegionSSLCertificateInitParameters) { *out = *in + out.CertificateSecretRef = in.CertificateSecretRef if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) **out = **in } + out.PrivateKeySecretRef = in.PrivateKeySecretRef if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -62179,11 +62183,13 @@ func (in *SSLCertificate) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SSLCertificateInitParameters) DeepCopyInto(out *SSLCertificateInitParameters) { *out = *in + out.CertificateSecretRef = in.CertificateSecretRef if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) **out = **in } + out.PrivateKeySecretRef = in.PrivateKeySecretRef if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -73597,6 +73603,7 @@ func (in *VPNTunnelInitParameters) DeepCopyInto(out *VPNTunnelInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + out.SharedSecretSecretRef = in.SharedSecretSecretRef if in.TargetVPNGateway != nil { in, out := &in.TargetVPNGateway, &out.TargetVPNGateway *out = new(string) diff --git a/apis/compute/v1beta1/zz_regionsslcertificate_terraformed.go b/apis/compute/v1beta1/zz_regionsslcertificate_terraformed.go index fe7ec1100..7709c7c0d 100755 --- a/apis/compute/v1beta1/zz_regionsslcertificate_terraformed.go +++ b/apis/compute/v1beta1/zz_regionsslcertificate_terraformed.go @@ -21,7 +21,7 @@ func (mg *RegionSSLCertificate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this RegionSSLCertificate func (tr *RegionSSLCertificate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"certificate": "spec.forProvider.certificateSecretRef", "private_key": "spec.forProvider.privateKeySecretRef"} + return map[string]string{"certificate": "certificateSecretRef", "private_key": "privateKeySecretRef"} } // GetObservation of this RegionSSLCertificate diff --git a/apis/compute/v1beta1/zz_regionsslcertificate_types.go b/apis/compute/v1beta1/zz_regionsslcertificate_types.go index d6486e9a0..4eedb83cc 100755 --- a/apis/compute/v1beta1/zz_regionsslcertificate_types.go +++ b/apis/compute/v1beta1/zz_regionsslcertificate_types.go @@ -15,9 +15,19 @@ import ( type RegionSSLCertificateInitParameters struct { + // The certificate in PEM format. + // The certificate chain must be no greater than 5 certs long. + // The chain must include at least one intermediate cert. + // Note: This property is sensitive and will not be displayed in the plan. + CertificateSecretRef v1.SecretKeySelector `json:"certificateSecretRef" tf:"-"` + // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The write-only private key in PEM format. + // Note: This property is sensitive and will not be displayed in the plan. + PrivateKeySecretRef v1.SecretKeySelector `json:"privateKeySecretRef" tf:"-"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/compute/v1beta1/zz_sslcertificate_terraformed.go b/apis/compute/v1beta1/zz_sslcertificate_terraformed.go index 5dcd4146e..01c747c62 100755 --- a/apis/compute/v1beta1/zz_sslcertificate_terraformed.go +++ b/apis/compute/v1beta1/zz_sslcertificate_terraformed.go @@ -21,7 +21,7 @@ func (mg *SSLCertificate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this SSLCertificate func (tr *SSLCertificate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"certificate": "spec.forProvider.certificateSecretRef", "private_key": "spec.forProvider.privateKeySecretRef"} + return map[string]string{"certificate": "certificateSecretRef", "private_key": "privateKeySecretRef"} } // GetObservation of this SSLCertificate diff --git a/apis/compute/v1beta1/zz_sslcertificate_types.go b/apis/compute/v1beta1/zz_sslcertificate_types.go index c02eeaf1f..22ba47b6a 100755 --- a/apis/compute/v1beta1/zz_sslcertificate_types.go +++ b/apis/compute/v1beta1/zz_sslcertificate_types.go @@ -15,9 +15,19 @@ import ( type SSLCertificateInitParameters struct { + // The certificate in PEM format. + // The certificate chain must be no greater than 5 certs long. + // The chain must include at least one intermediate cert. + // Note: This property is sensitive and will not be displayed in the plan. + CertificateSecretRef v1.SecretKeySelector `json:"certificateSecretRef" tf:"-"` + // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The write-only private key in PEM format. + // Note: This property is sensitive and will not be displayed in the plan. + PrivateKeySecretRef v1.SecretKeySelector `json:"privateKeySecretRef" tf:"-"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/compute/v1beta1/zz_vpntunnel_terraformed.go b/apis/compute/v1beta1/zz_vpntunnel_terraformed.go index 264e9ef4a..e7de1206a 100755 --- a/apis/compute/v1beta1/zz_vpntunnel_terraformed.go +++ b/apis/compute/v1beta1/zz_vpntunnel_terraformed.go @@ -21,7 +21,7 @@ func (mg *VPNTunnel) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this VPNTunnel func (tr *VPNTunnel) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"shared_secret": "spec.forProvider.sharedSecretSecretRef"} + return map[string]string{"shared_secret": "sharedSecretSecretRef"} } // GetObservation of this VPNTunnel diff --git a/apis/compute/v1beta1/zz_vpntunnel_types.go b/apis/compute/v1beta1/zz_vpntunnel_types.go index dad62044e..8a72a4df1 100755 --- a/apis/compute/v1beta1/zz_vpntunnel_types.go +++ b/apis/compute/v1beta1/zz_vpntunnel_types.go @@ -83,6 +83,11 @@ type VPNTunnelInitParameters struct { // +kubebuilder:validation:Optional RouterSelector *v1.Selector `json:"routerSelector,omitempty" tf:"-"` + // Shared secret used to set the secure session between the Cloud VPN + // gateway and the peer VPN gateway. + // Note: This property is sensitive and will not be displayed in the plan. + SharedSecretSecretRef v1.SecretKeySelector `json:"sharedSecretSecretRef" tf:"-"` + // URL of the Target VPN gateway with which this VPN tunnel is // associated. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.VPNGateway diff --git a/apis/compute/v1beta2/zz_backendservice_terraformed.go b/apis/compute/v1beta2/zz_backendservice_terraformed.go index e1e2201f5..0e8fa6261 100755 --- a/apis/compute/v1beta2/zz_backendservice_terraformed.go +++ b/apis/compute/v1beta2/zz_backendservice_terraformed.go @@ -21,7 +21,7 @@ func (mg *BackendService) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this BackendService func (tr *BackendService) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"iap[*].oauth2_client_secret": "spec.forProvider.iap[*].oauth2ClientSecretSecretRef", "iap[*].oauth2_client_secret_sha256": "status.atProvider.iap[*].oauth2ClientSecretSha256"} + return map[string]string{"iap[*].oauth2_client_secret": "iap[*].oauth2ClientSecretSecretRef", "iap[*].oauth2_client_secret_sha256": "status.atProvider.iap[*].oauth2ClientSecretSha256"} } // GetObservation of this BackendService diff --git a/apis/compute/v1beta2/zz_backendservice_types.go b/apis/compute/v1beta2/zz_backendservice_types.go index 6182e600b..64c30ae95 100755 --- a/apis/compute/v1beta2/zz_backendservice_types.go +++ b/apis/compute/v1beta2/zz_backendservice_types.go @@ -1441,6 +1441,10 @@ type IapInitParameters struct { // OAuth2 Client ID for IAP Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` + + // OAuth2 Client Secret for IAP + // Note: This property is sensitive and will not be displayed in the plan. + Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` } type IapObservation struct { @@ -1457,7 +1461,7 @@ type IapParameters struct { // OAuth2 Client Secret for IAP // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` } diff --git a/apis/compute/v1beta2/zz_disk_terraformed.go b/apis/compute/v1beta2/zz_disk_terraformed.go index 82bd75c85..f62018d31 100755 --- a/apis/compute/v1beta2/zz_disk_terraformed.go +++ b/apis/compute/v1beta2/zz_disk_terraformed.go @@ -21,7 +21,7 @@ func (mg *Disk) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Disk func (tr *Disk) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"disk_encryption_key[*].raw_key": "spec.forProvider.diskEncryptionKey[*].rawKeySecretRef", "disk_encryption_key[*].rsa_encrypted_key": "spec.forProvider.diskEncryptionKey[*].rsaEncryptedKeySecretRef"} + return map[string]string{"disk_encryption_key[*].raw_key": "diskEncryptionKey[*].rawKeySecretRef", "disk_encryption_key[*].rsa_encrypted_key": "diskEncryptionKey[*].rsaEncryptedKeySecretRef"} } // GetObservation of this Disk diff --git a/apis/compute/v1beta2/zz_disk_types.go b/apis/compute/v1beta2/zz_disk_types.go index a79e10089..c1ac42286 100755 --- a/apis/compute/v1beta2/zz_disk_types.go +++ b/apis/compute/v1beta2/zz_disk_types.go @@ -64,6 +64,17 @@ type DiskEncryptionKeyInitParameters struct { // The service account used for the encryption request for the given KMS key. // If absent, the Compute Engine Service Agent service account is used. KMSKeyServiceAccount *string `json:"kmsKeyServiceAccount,omitempty" tf:"kms_key_service_account,omitempty"` + + // Specifies a 256-bit customer-supplied encryption key, encoded in + // RFC 4648 base64 to either encrypt or decrypt this resource. + // Note: This property is sensitive and will not be displayed in the plan. + RawKeySecretRef *v1.SecretKeySelector `json:"rawKeySecretRef,omitempty" tf:"-"` + + // Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + // customer-supplied encryption key to either encrypt or decrypt + // this resource. You can provide either the rawKey or the rsaEncryptedKey. + // Note: This property is sensitive and will not be displayed in the plan. + RsaEncryptedKeySecretRef *v1.SecretKeySelector `json:"rsaEncryptedKeySecretRef,omitempty" tf:"-"` } type DiskEncryptionKeyObservation struct { diff --git a/apis/compute/v1beta2/zz_generated.deepcopy.go b/apis/compute/v1beta2/zz_generated.deepcopy.go index eb59457f9..c24ebd1b7 100644 --- a/apis/compute/v1beta2/zz_generated.deepcopy.go +++ b/apis/compute/v1beta2/zz_generated.deepcopy.go @@ -1124,6 +1124,11 @@ func (in *AttachedDiskInitParameters) DeepCopyInto(out *AttachedDiskInitParamete *out = new(string) **out = **in } + if in.DiskEncryptionKeyRawSecretRef != nil { + in, out := &in.DiskEncryptionKeyRawSecretRef, &out.DiskEncryptionKeyRawSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -4037,6 +4042,11 @@ func (in *BootDiskInitParameters) DeepCopyInto(out *BootDiskInitParameters) { *out = new(string) **out = **in } + if in.DiskEncryptionKeyRawSecretRef != nil { + in, out := &in.DiskEncryptionKeyRawSecretRef, &out.DiskEncryptionKeyRawSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.InitializeParams != nil { in, out := &in.InitializeParams, &out.InitializeParams *out = new(InitializeParamsInitParameters) @@ -8556,6 +8566,16 @@ func (in *DiskEncryptionKeyInitParameters) DeepCopyInto(out *DiskEncryptionKeyIn *out = new(string) **out = **in } + if in.RawKeySecretRef != nil { + in, out := &in.RawKeySecretRef, &out.RawKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } + if in.RsaEncryptedKeySecretRef != nil { + in, out := &in.RsaEncryptedKeySecretRef, &out.RsaEncryptedKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DiskEncryptionKeyInitParameters. @@ -15260,6 +15280,7 @@ func (in *IapInitParameters) DeepCopyInto(out *IapInitParameters) { *out = new(string) **out = **in } + out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IapInitParameters. @@ -16764,6 +16785,11 @@ func (in *InstanceFromTemplateBootDiskInitParameters) DeepCopyInto(out *Instance *out = new(string) **out = **in } + if in.DiskEncryptionKeyRawSecretRef != nil { + in, out := &in.DiskEncryptionKeyRawSecretRef, &out.DiskEncryptionKeyRawSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.InitializeParams != nil { in, out := &in.InitializeParams, &out.InitializeParams *out = new(BootDiskInitializeParamsInitParameters) @@ -25700,6 +25726,7 @@ func (in *MaxScaledInReplicasParameters) DeepCopy() *MaxScaledInReplicasParamete // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Md5AuthenticationKeyInitParameters) DeepCopyInto(out *Md5AuthenticationKeyInitParameters) { *out = *in + out.KeySecretRef = in.KeySecretRef if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -37172,6 +37199,7 @@ func (in *RegionBackendServiceIapInitParameters) DeepCopyInto(out *RegionBackend *out = new(string) **out = **in } + out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceIapInitParameters. @@ -38130,6 +38158,11 @@ func (in *RegionDiskDiskEncryptionKeyInitParameters) DeepCopyInto(out *RegionDis *out = new(string) **out = **in } + if in.RawKeySecretRef != nil { + in, out := &in.RawKeySecretRef, &out.RawKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionDiskDiskEncryptionKeyInitParameters. @@ -52477,6 +52510,11 @@ func (in *SnapshotEncryptionKeyInitParameters) DeepCopyInto(out *SnapshotEncrypt *out = new(string) **out = **in } + if in.RawKeySecretRef != nil { + in, out := &in.RawKeySecretRef, &out.RawKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SnapshotEncryptionKeyInitParameters. @@ -53513,6 +53551,11 @@ func (in *SourceDiskEncryptionKeyInitParameters) DeepCopyInto(out *SourceDiskEnc *out = new(string) **out = **in } + if in.RawKeySecretRef != nil { + in, out := &in.RawKeySecretRef, &out.RawKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceDiskEncryptionKeyInitParameters. diff --git a/apis/compute/v1beta2/zz_instance_terraformed.go b/apis/compute/v1beta2/zz_instance_terraformed.go index 0599a3b24..1afaad430 100755 --- a/apis/compute/v1beta2/zz_instance_terraformed.go +++ b/apis/compute/v1beta2/zz_instance_terraformed.go @@ -21,7 +21,7 @@ func (mg *Instance) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Instance func (tr *Instance) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"attached_disk[*].disk_encryption_key_raw": "spec.forProvider.attachedDisk[*].diskEncryptionKeyRawSecretRef", "boot_disk[*].disk_encryption_key_raw": "spec.forProvider.bootDisk[*].diskEncryptionKeyRawSecretRef"} + return map[string]string{"attached_disk[*].disk_encryption_key_raw": "attachedDisk[*].diskEncryptionKeyRawSecretRef", "boot_disk[*].disk_encryption_key_raw": "bootDisk[*].diskEncryptionKeyRawSecretRef"} } // GetObservation of this Instance diff --git a/apis/compute/v1beta2/zz_instance_types.go b/apis/compute/v1beta2/zz_instance_types.go index f05701372..f1c236531 100755 --- a/apis/compute/v1beta2/zz_instance_types.go +++ b/apis/compute/v1beta2/zz_instance_types.go @@ -147,6 +147,12 @@ type AttachedDiskInitParameters struct { // under /dev/disk/by-id/google-* DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + // A 256-bit [customer-supplied encryption key] + // (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption), + // encoded in RFC 4648 base64 + // to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set. + DiskEncryptionKeyRawSecretRef *v1.SecretKeySelector `json:"diskEncryptionKeyRawSecretRef,omitempty" tf:"-"` + // The self_link of the encryption key that is // stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link // and disk_encryption_key_raw may be set. @@ -230,6 +236,13 @@ type BootDiskInitParameters struct { // On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + // A 256-bit [customer-supplied encryption key] + // (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption), + // encoded in RFC 4648 base64 + // to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw + // may be set. + DiskEncryptionKeyRawSecretRef *v1.SecretKeySelector `json:"diskEncryptionKeyRawSecretRef,omitempty" tf:"-"` + // Parameters for a new disk that will be created // alongside the new instance. Either initialize_params or source must be set. // Structure is documented below. diff --git a/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go b/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go index 1ffcf1eb5..bbe065740 100755 --- a/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go +++ b/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go @@ -21,7 +21,7 @@ func (mg *InstanceFromTemplate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this InstanceFromTemplate func (tr *InstanceFromTemplate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"boot_disk[*].disk_encryption_key_raw": "spec.forProvider.bootDisk[*].diskEncryptionKeyRawSecretRef"} + return map[string]string{"boot_disk[*].disk_encryption_key_raw": "bootDisk[*].diskEncryptionKeyRawSecretRef"} } // GetObservation of this InstanceFromTemplate diff --git a/apis/compute/v1beta2/zz_instancefromtemplate_types.go b/apis/compute/v1beta2/zz_instancefromtemplate_types.go index 15a127edf..7d64867da 100755 --- a/apis/compute/v1beta2/zz_instancefromtemplate_types.go +++ b/apis/compute/v1beta2/zz_instancefromtemplate_types.go @@ -173,6 +173,8 @@ type InstanceFromTemplateBootDiskInitParameters struct { // Changing this forces a new resource to be created. DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` + DiskEncryptionKeyRawSecretRef *v1.SecretKeySelector `json:"diskEncryptionKeyRawSecretRef,omitempty" tf:"-"` + InitializeParams *BootDiskInitializeParamsInitParameters `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` diff --git a/apis/compute/v1beta2/zz_regionbackendservice_terraformed.go b/apis/compute/v1beta2/zz_regionbackendservice_terraformed.go index 811390ed3..7ecf84273 100755 --- a/apis/compute/v1beta2/zz_regionbackendservice_terraformed.go +++ b/apis/compute/v1beta2/zz_regionbackendservice_terraformed.go @@ -21,7 +21,7 @@ func (mg *RegionBackendService) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this RegionBackendService func (tr *RegionBackendService) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"iap[*].oauth2_client_secret": "spec.forProvider.iap[*].oauth2ClientSecretSecretRef", "iap[*].oauth2_client_secret_sha256": "status.atProvider.iap[*].oauth2ClientSecretSha256"} + return map[string]string{"iap[*].oauth2_client_secret": "iap[*].oauth2ClientSecretSecretRef", "iap[*].oauth2_client_secret_sha256": "status.atProvider.iap[*].oauth2ClientSecretSha256"} } // GetObservation of this RegionBackendService diff --git a/apis/compute/v1beta2/zz_regionbackendservice_types.go b/apis/compute/v1beta2/zz_regionbackendservice_types.go index 4e98f0e44..2c017f444 100755 --- a/apis/compute/v1beta2/zz_regionbackendservice_types.go +++ b/apis/compute/v1beta2/zz_regionbackendservice_types.go @@ -1045,6 +1045,10 @@ type RegionBackendServiceIapInitParameters struct { // OAuth2 Client ID for IAP Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` + + // OAuth2 Client Secret for IAP + // Note: This property is sensitive and will not be displayed in the plan. + Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` } type RegionBackendServiceIapObservation struct { @@ -1061,7 +1065,7 @@ type RegionBackendServiceIapParameters struct { // OAuth2 Client Secret for IAP // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` } diff --git a/apis/compute/v1beta2/zz_regiondisk_terraformed.go b/apis/compute/v1beta2/zz_regiondisk_terraformed.go index d9c349ee9..d20e492fd 100755 --- a/apis/compute/v1beta2/zz_regiondisk_terraformed.go +++ b/apis/compute/v1beta2/zz_regiondisk_terraformed.go @@ -21,7 +21,7 @@ func (mg *RegionDisk) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this RegionDisk func (tr *RegionDisk) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"disk_encryption_key[*].raw_key": "spec.forProvider.diskEncryptionKey[*].rawKeySecretRef"} + return map[string]string{"disk_encryption_key[*].raw_key": "diskEncryptionKey[*].rawKeySecretRef"} } // GetObservation of this RegionDisk diff --git a/apis/compute/v1beta2/zz_regiondisk_types.go b/apis/compute/v1beta2/zz_regiondisk_types.go index ee88d513a..c5b9fef44 100755 --- a/apis/compute/v1beta2/zz_regiondisk_types.go +++ b/apis/compute/v1beta2/zz_regiondisk_types.go @@ -56,6 +56,11 @@ type RegionDiskDiskEncryptionKeyInitParameters struct { // The name of the encryption key that is stored in Google Cloud KMS. KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // Specifies a 256-bit customer-supplied encryption key, encoded in + // RFC 4648 base64 to either encrypt or decrypt this resource. + // Note: This property is sensitive and will not be displayed in the plan. + RawKeySecretRef *v1.SecretKeySelector `json:"rawKeySecretRef,omitempty" tf:"-"` } type RegionDiskDiskEncryptionKeyObservation struct { diff --git a/apis/compute/v1beta2/zz_routerpeer_terraformed.go b/apis/compute/v1beta2/zz_routerpeer_terraformed.go index 747db225d..7291e0b77 100755 --- a/apis/compute/v1beta2/zz_routerpeer_terraformed.go +++ b/apis/compute/v1beta2/zz_routerpeer_terraformed.go @@ -21,7 +21,7 @@ func (mg *RouterPeer) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this RouterPeer func (tr *RouterPeer) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"md5_authentication_key[*].key": "spec.forProvider.md5AuthenticationKey[*].keySecretRef"} + return map[string]string{"md5_authentication_key[*].key": "md5AuthenticationKey[*].keySecretRef"} } // GetObservation of this RouterPeer diff --git a/apis/compute/v1beta2/zz_routerpeer_types.go b/apis/compute/v1beta2/zz_routerpeer_types.go index 7a85fe463..d4db12484 100755 --- a/apis/compute/v1beta2/zz_routerpeer_types.go +++ b/apis/compute/v1beta2/zz_routerpeer_types.go @@ -108,6 +108,7 @@ type BfdParameters struct { } type Md5AuthenticationKeyInitParameters struct { + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` // Name of this BGP peer. The name must be 1-63 characters long, // and comply with RFC1035. Specifically, the name must be 1-63 characters @@ -131,7 +132,7 @@ type Md5AuthenticationKeyObservation struct { type Md5AuthenticationKeyParameters struct { - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` // Name of this BGP peer. The name must be 1-63 characters long, diff --git a/apis/compute/v1beta2/zz_snapshot_terraformed.go b/apis/compute/v1beta2/zz_snapshot_terraformed.go index 7026a45e2..3cbf134cb 100755 --- a/apis/compute/v1beta2/zz_snapshot_terraformed.go +++ b/apis/compute/v1beta2/zz_snapshot_terraformed.go @@ -21,7 +21,7 @@ func (mg *Snapshot) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Snapshot func (tr *Snapshot) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"snapshot_encryption_key[*].raw_key": "spec.forProvider.snapshotEncryptionKey[*].rawKeySecretRef", "source_disk_encryption_key[*].raw_key": "spec.forProvider.sourceDiskEncryptionKey[*].rawKeySecretRef"} + return map[string]string{"snapshot_encryption_key[*].raw_key": "snapshotEncryptionKey[*].rawKeySecretRef", "source_disk_encryption_key[*].raw_key": "sourceDiskEncryptionKey[*].rawKeySecretRef"} } // GetObservation of this Snapshot diff --git a/apis/compute/v1beta2/zz_snapshot_types.go b/apis/compute/v1beta2/zz_snapshot_types.go index fd18273cd..367be6aa3 100755 --- a/apis/compute/v1beta2/zz_snapshot_types.go +++ b/apis/compute/v1beta2/zz_snapshot_types.go @@ -21,6 +21,11 @@ type SnapshotEncryptionKeyInitParameters struct { // The service account used for the encryption request for the given KMS key. // If absent, the Compute Engine Service Agent service account is used. KMSKeyServiceAccount *string `json:"kmsKeyServiceAccount,omitempty" tf:"kms_key_service_account,omitempty"` + + // Specifies a 256-bit customer-supplied encryption key, encoded in + // RFC 4648 base64 to either encrypt or decrypt this resource. + // Note: This property is sensitive and will not be displayed in the plan. + RawKeySecretRef *v1.SecretKeySelector `json:"rawKeySecretRef,omitempty" tf:"-"` } type SnapshotEncryptionKeyObservation struct { @@ -284,6 +289,11 @@ type SourceDiskEncryptionKeyInitParameters struct { // The service account used for the encryption request for the given KMS key. // If absent, the Compute Engine Service Agent service account is used. KMSKeyServiceAccount *string `json:"kmsKeyServiceAccount,omitempty" tf:"kms_key_service_account,omitempty"` + + // Specifies a 256-bit customer-supplied encryption key, encoded in + // RFC 4648 base64 to either encrypt or decrypt this resource. + // Note: This property is sensitive and will not be displayed in the plan. + RawKeySecretRef *v1.SecretKeySelector `json:"rawKeySecretRef,omitempty" tf:"-"` } type SourceDiskEncryptionKeyObservation struct { diff --git a/apis/datalossprevention/v1beta2/zz_deidentifytemplate_terraformed.go b/apis/datalossprevention/v1beta2/zz_deidentifytemplate_terraformed.go index 4158f87aa..502e292ee 100755 --- a/apis/datalossprevention/v1beta2/zz_deidentifytemplate_terraformed.go +++ b/apis/datalossprevention/v1beta2/zz_deidentifytemplate_terraformed.go @@ -21,7 +21,7 @@ func (mg *DeidentifyTemplate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this DeidentifyTemplate func (tr *DeidentifyTemplate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].crypto_deterministic_config[*].crypto_key[*].unwrapped[*].key": "spec.forProvider.deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].cryptoDeterministicConfig[*].cryptoKey[*].unwrapped[*].keySecretRef", "deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].crypto_hash_config[*].crypto_key[*].unwrapped[*].key": "spec.forProvider.deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].cryptoHashConfig[*].cryptoKey[*].unwrapped[*].keySecretRef", "deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].crypto_replace_ffx_fpe_config[*].crypto_key[*].unwrapped[*].key": "spec.forProvider.deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].cryptoReplaceFfxFpeConfig[*].cryptoKey[*].unwrapped[*].keySecretRef", "deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].date_shift_config[*].crypto_key[*].unwrapped[*].key": "spec.forProvider.deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].dateShiftConfig[*].cryptoKey[*].unwrapped[*].keySecretRef"} + return map[string]string{"deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].crypto_deterministic_config[*].crypto_key[*].unwrapped[*].key": "deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].cryptoDeterministicConfig[*].cryptoKey[*].unwrapped[*].keySecretRef", "deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].crypto_hash_config[*].crypto_key[*].unwrapped[*].key": "deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].cryptoHashConfig[*].cryptoKey[*].unwrapped[*].keySecretRef", "deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].crypto_replace_ffx_fpe_config[*].crypto_key[*].unwrapped[*].key": "deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].cryptoReplaceFfxFpeConfig[*].cryptoKey[*].unwrapped[*].keySecretRef", "deidentify_config[*].record_transformations[*].field_transformations[*].info_type_transformations[*].transformations[*].primitive_transformation[*].date_shift_config[*].crypto_key[*].unwrapped[*].key": "deidentifyConfig[*].recordTransformations[*].fieldTransformations[*].infoTypeTransformations[*].transformations[*].primitiveTransformation[*].dateShiftConfig[*].cryptoKey[*].unwrapped[*].keySecretRef"} } // GetObservation of this DeidentifyTemplate diff --git a/apis/datalossprevention/v1beta2/zz_deidentifytemplate_types.go b/apis/datalossprevention/v1beta2/zz_deidentifytemplate_types.go index 88e137e1b..05fc4a6b0 100755 --- a/apis/datalossprevention/v1beta2/zz_deidentifytemplate_types.go +++ b/apis/datalossprevention/v1beta2/zz_deidentifytemplate_types.go @@ -1782,6 +1782,10 @@ type CryptoDeterministicConfigCryptoKeyTransientParameters struct { } type CryptoDeterministicConfigCryptoKeyUnwrappedInitParameters struct { + + // A 128/192/256 bit key. + // A base64-encoded string. + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } type CryptoDeterministicConfigCryptoKeyUnwrappedObservation struct { @@ -1791,7 +1795,7 @@ type CryptoDeterministicConfigCryptoKeyUnwrappedParameters struct { // A 128/192/256 bit key. // A base64-encoded string. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } @@ -2028,6 +2032,10 @@ type CryptoHashConfigCryptoKeyTransientParameters struct { } type CryptoHashConfigCryptoKeyUnwrappedInitParameters struct { + + // A 128/192/256 bit key. + // A base64-encoded string. + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } type CryptoHashConfigCryptoKeyUnwrappedObservation struct { @@ -2037,7 +2045,7 @@ type CryptoHashConfigCryptoKeyUnwrappedParameters struct { // A 128/192/256 bit key. // A base64-encoded string. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } @@ -5901,6 +5909,10 @@ type PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyTransientParameter } type PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyUnwrappedInitParameters struct { + + // A 128/192/256 bit key. + // A base64-encoded string. + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } type PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyUnwrappedObservation struct { @@ -5910,7 +5922,7 @@ type PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyUnwrappedParameter // A 128/192/256 bit key. // A base64-encoded string. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } @@ -6202,6 +6214,10 @@ type PrimitiveTransformationDateShiftConfigCryptoKeyTransientParameters struct { } type PrimitiveTransformationDateShiftConfigCryptoKeyUnwrappedInitParameters struct { + + // A 128/192/256 bit key. + // A base64-encoded string. + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } type PrimitiveTransformationDateShiftConfigCryptoKeyUnwrappedObservation struct { @@ -6211,7 +6227,7 @@ type PrimitiveTransformationDateShiftConfigCryptoKeyUnwrappedParameters struct { // A 128/192/256 bit key. // A base64-encoded string. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` } diff --git a/apis/datalossprevention/v1beta2/zz_generated.deepcopy.go b/apis/datalossprevention/v1beta2/zz_generated.deepcopy.go index f00b30cab..557c55005 100644 --- a/apis/datalossprevention/v1beta2/zz_generated.deepcopy.go +++ b/apis/datalossprevention/v1beta2/zz_generated.deepcopy.go @@ -4405,6 +4405,7 @@ func (in *CryptoDeterministicConfigCryptoKeyTransientParameters) DeepCopy() *Cry // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptoDeterministicConfigCryptoKeyUnwrappedInitParameters) DeepCopyInto(out *CryptoDeterministicConfigCryptoKeyUnwrappedInitParameters) { *out = *in + out.KeySecretRef = in.KeySecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CryptoDeterministicConfigCryptoKeyUnwrappedInitParameters. @@ -4916,6 +4917,7 @@ func (in *CryptoHashConfigCryptoKeyTransientParameters) DeepCopy() *CryptoHashCo // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptoHashConfigCryptoKeyUnwrappedInitParameters) DeepCopyInto(out *CryptoHashConfigCryptoKeyUnwrappedInitParameters) { *out = *in + out.KeySecretRef = in.KeySecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CryptoHashConfigCryptoKeyUnwrappedInitParameters. @@ -19359,6 +19361,7 @@ func (in *PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyTransientPara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyUnwrappedInitParameters) DeepCopyInto(out *PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyUnwrappedInitParameters) { *out = *in + out.KeySecretRef = in.KeySecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimitiveTransformationCryptoReplaceFfxFpeConfigCryptoKeyUnwrappedInitParameters. @@ -19975,6 +19978,7 @@ func (in *PrimitiveTransformationDateShiftConfigCryptoKeyTransientParameters) De // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrimitiveTransformationDateShiftConfigCryptoKeyUnwrappedInitParameters) DeepCopyInto(out *PrimitiveTransformationDateShiftConfigCryptoKeyUnwrappedInitParameters) { *out = *in + out.KeySecretRef = in.KeySecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimitiveTransformationDateShiftConfigCryptoKeyUnwrappedInitParameters. diff --git a/apis/datastream/v1beta2/zz_connectionprofile_terraformed.go b/apis/datastream/v1beta2/zz_connectionprofile_terraformed.go index bac72949d..37fc70b75 100755 --- a/apis/datastream/v1beta2/zz_connectionprofile_terraformed.go +++ b/apis/datastream/v1beta2/zz_connectionprofile_terraformed.go @@ -21,7 +21,7 @@ func (mg *ConnectionProfile) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this ConnectionProfile func (tr *ConnectionProfile) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"forward_ssh_connectivity[*].password": "spec.forProvider.forwardSshConnectivity[*].passwordSecretRef", "forward_ssh_connectivity[*].private_key": "spec.forProvider.forwardSshConnectivity[*].privateKeySecretRef", "mysql_profile[*].password": "spec.forProvider.mysqlProfile[*].passwordSecretRef", "mysql_profile[*].ssl_config[*].ca_certificate": "spec.forProvider.mysqlProfile[*].sslConfig[*].caCertificateSecretRef", "mysql_profile[*].ssl_config[*].client_certificate": "spec.forProvider.mysqlProfile[*].sslConfig[*].clientCertificateSecretRef", "mysql_profile[*].ssl_config[*].client_key": "spec.forProvider.mysqlProfile[*].sslConfig[*].clientKeySecretRef", "oracle_profile[*].password": "spec.forProvider.oracleProfile[*].passwordSecretRef", "postgresql_profile[*].password": "spec.forProvider.postgresqlProfile[*].passwordSecretRef"} + return map[string]string{"forward_ssh_connectivity[*].password": "forwardSshConnectivity[*].passwordSecretRef", "forward_ssh_connectivity[*].private_key": "forwardSshConnectivity[*].privateKeySecretRef", "mysql_profile[*].password": "mysqlProfile[*].passwordSecretRef", "mysql_profile[*].ssl_config[*].ca_certificate": "mysqlProfile[*].sslConfig[*].caCertificateSecretRef", "mysql_profile[*].ssl_config[*].client_certificate": "mysqlProfile[*].sslConfig[*].clientCertificateSecretRef", "mysql_profile[*].ssl_config[*].client_key": "mysqlProfile[*].sslConfig[*].clientKeySecretRef", "oracle_profile[*].password": "oracleProfile[*].passwordSecretRef", "postgresql_profile[*].password": "postgresqlProfile[*].passwordSecretRef"} } // GetObservation of this ConnectionProfile diff --git a/apis/datastream/v1beta2/zz_connectionprofile_types.go b/apis/datastream/v1beta2/zz_connectionprofile_types.go index 8e1d2ba3d..724c25aa9 100755 --- a/apis/datastream/v1beta2/zz_connectionprofile_types.go +++ b/apis/datastream/v1beta2/zz_connectionprofile_types.go @@ -187,9 +187,17 @@ type ForwardSSHConnectivityInitParameters struct { // Hostname for the SSH tunnel. Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + // SSH password. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef *v1.SecretKeySelector `json:"passwordSecretRef,omitempty" tf:"-"` + // Port for the SSH tunnel. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` + // SSH private key. + // Note: This property is sensitive and will not be displayed in the plan. + PrivateKeySecretRef *v1.SecretKeySelector `json:"privateKeySecretRef,omitempty" tf:"-"` + // Username for the SSH tunnel. Username *string `json:"username,omitempty" tf:"username,omitempty"` } @@ -265,6 +273,10 @@ type MySQLProfileInitParameters struct { // Hostname for the MySQL connection. Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + // Password for the MySQL connection. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` + // Port for the MySQL connection. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` @@ -300,7 +312,7 @@ type MySQLProfileParameters struct { // Password for the MySQL connection. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` // Port for the MySQL connection. @@ -329,6 +341,10 @@ type OracleProfileInitParameters struct { // Hostname for the Oracle connection. Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + // Password for the Oracle connection. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` + // Port for the Oracle connection. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` @@ -372,7 +388,7 @@ type OracleProfileParameters struct { // Password for the Oracle connection. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` // Port for the Oracle connection. @@ -411,6 +427,10 @@ type PostgresqlProfileInitParameters struct { // +kubebuilder:validation:Optional HostnameSelector *v1.Selector `json:"hostnameSelector,omitempty" tf:"-"` + // Password for the PostgreSQL connection. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` + // Port for the PostgreSQL connection. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` @@ -473,7 +493,7 @@ type PostgresqlProfileParameters struct { // Password for the PostgreSQL connection. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` // Port for the PostgreSQL connection. @@ -534,6 +554,24 @@ type PrivateConnectivityParameters struct { } type SSLConfigInitParameters struct { + + // PEM-encoded certificate of the CA that signed the source database + // server's certificate. + // Note: This property is sensitive and will not be displayed in the plan. + CACertificateSecretRef *v1.SecretKeySelector `json:"caCertificateSecretRef,omitempty" tf:"-"` + + // PEM-encoded certificate that will be used by the replica to + // authenticate against the source database server. If this field + // is used then the 'clientKey' and the 'caCertificate' fields are + // mandatory. + // Note: This property is sensitive and will not be displayed in the plan. + ClientCertificateSecretRef *v1.SecretKeySelector `json:"clientCertificateSecretRef,omitempty" tf:"-"` + + // PEM-encoded private key associated with the Client Certificate. + // If this field is used then the 'client_certificate' and the + // 'ca_certificate' fields are mandatory. + // Note: This property is sensitive and will not be displayed in the plan. + ClientKeySecretRef *v1.SecretKeySelector `json:"clientKeySecretRef,omitempty" tf:"-"` } type SSLConfigObservation struct { diff --git a/apis/datastream/v1beta2/zz_generated.deepcopy.go b/apis/datastream/v1beta2/zz_generated.deepcopy.go index 93b818ea8..f65a8d73c 100644 --- a/apis/datastream/v1beta2/zz_generated.deepcopy.go +++ b/apis/datastream/v1beta2/zz_generated.deepcopy.go @@ -506,11 +506,21 @@ func (in *ForwardSSHConnectivityInitParameters) DeepCopyInto(out *ForwardSSHConn *out = new(string) **out = **in } + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) **out = **in } + if in.PrivateKeySecretRef != nil { + in, out := &in.PrivateKeySecretRef, &out.PrivateKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.Username != nil { in, out := &in.Username, &out.Username *out = new(string) @@ -681,6 +691,7 @@ func (in *MySQLProfileInitParameters) DeepCopyInto(out *MySQLProfileInitParamete *out = new(string) **out = **in } + out.PasswordSecretRef = in.PasswordSecretRef if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -689,7 +700,7 @@ func (in *MySQLProfileInitParameters) DeepCopyInto(out *MySQLProfileInitParamete if in.SSLConfig != nil { in, out := &in.SSLConfig, &out.SSLConfig *out = new(SSLConfigInitParameters) - **out = **in + (*in).DeepCopyInto(*out) } if in.Username != nil { in, out := &in.Username, &out.Username @@ -808,6 +819,7 @@ func (in *OracleProfileInitParameters) DeepCopyInto(out *OracleProfileInitParame *out = new(string) **out = **in } + out.PasswordSecretRef = in.PasswordSecretRef if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -966,6 +978,7 @@ func (in *PostgresqlProfileInitParameters) DeepCopyInto(out *PostgresqlProfileIn *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + out.PasswordSecretRef = in.PasswordSecretRef if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -1478,6 +1491,21 @@ func (in *PrivateConnectivityParameters) DeepCopy() *PrivateConnectivityParamete // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SSLConfigInitParameters) DeepCopyInto(out *SSLConfigInitParameters) { *out = *in + if in.CACertificateSecretRef != nil { + in, out := &in.CACertificateSecretRef, &out.CACertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } + if in.ClientCertificateSecretRef != nil { + in, out := &in.ClientCertificateSecretRef, &out.ClientCertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } + if in.ClientKeySecretRef != nil { + in, out := &in.ClientKeySecretRef, &out.ClientKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLConfigInitParameters. diff --git a/apis/dialogflowcx/v1beta2/zz_agent_terraformed.go b/apis/dialogflowcx/v1beta2/zz_agent_terraformed.go index 76a7bc506..617678870 100755 --- a/apis/dialogflowcx/v1beta2/zz_agent_terraformed.go +++ b/apis/dialogflowcx/v1beta2/zz_agent_terraformed.go @@ -21,7 +21,7 @@ func (mg *Agent) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Agent func (tr *Agent) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"git_integration_settings[*].github_settings[*].access_token": "spec.forProvider.gitIntegrationSettings[*].githubSettings[*].accessTokenSecretRef"} + return map[string]string{"git_integration_settings[*].github_settings[*].access_token": "gitIntegrationSettings[*].githubSettings[*].accessTokenSecretRef"} } // GetObservation of this Agent diff --git a/apis/dialogflowcx/v1beta2/zz_agent_types.go b/apis/dialogflowcx/v1beta2/zz_agent_types.go index f8f80f43a..95babb204 100755 --- a/apis/dialogflowcx/v1beta2/zz_agent_types.go +++ b/apis/dialogflowcx/v1beta2/zz_agent_types.go @@ -328,6 +328,10 @@ type GitIntegrationSettingsParameters struct { type GithubSettingsInitParameters struct { + // The access token used to authenticate the access to the GitHub repository. + // Note: This property is sensitive and will not be displayed in the plan. + AccessTokenSecretRef *v1.SecretKeySelector `json:"accessTokenSecretRef,omitempty" tf:"-"` + // A list of branches configured to be used from Dialogflow. Branches []*string `json:"branches,omitempty" tf:"branches,omitempty"` diff --git a/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go b/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go index aba474cc7..d712aabe5 100644 --- a/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go +++ b/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go @@ -3104,6 +3104,11 @@ func (in *GitIntegrationSettingsParameters) DeepCopy() *GitIntegrationSettingsPa // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GithubSettingsInitParameters) DeepCopyInto(out *GithubSettingsInitParameters) { *out = *in + if in.AccessTokenSecretRef != nil { + in, out := &in.AccessTokenSecretRef, &out.AccessTokenSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.Branches != nil { in, out := &in.Branches, &out.Branches *out = make([]*string, len(*in)) diff --git a/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_terraformed.go b/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_terraformed.go index 869f71261..109f0d413 100755 --- a/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_terraformed.go +++ b/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *DefaultSupportedIdPConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this DefaultSupportedIdPConfig func (tr *DefaultSupportedIdPConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"client_id": "spec.forProvider.clientIdSecretRef", "client_secret": "spec.forProvider.clientSecretSecretRef"} + return map[string]string{"client_id": "clientIdSecretRef", "client_secret": "clientSecretSecretRef"} } // GetObservation of this DefaultSupportedIdPConfig diff --git a/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_types.go b/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_types.go index 8225023a4..ce9827c23 100755 --- a/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_types.go +++ b/apis/identityplatform/v1beta1/zz_defaultsupportedidpconfig_types.go @@ -15,6 +15,12 @@ import ( type DefaultSupportedIdPConfigInitParameters struct { + // OAuth client ID + ClientIDSecretRef v1.SecretKeySelector `json:"clientIdSecretRef" tf:"-"` + + // OAuth client secret + ClientSecretSecretRef v1.SecretKeySelector `json:"clientSecretSecretRef" tf:"-"` + // If this IDP allows the user to sign in Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` diff --git a/apis/identityplatform/v1beta1/zz_generated.deepcopy.go b/apis/identityplatform/v1beta1/zz_generated.deepcopy.go index 240e23487..b706c7a70 100644 --- a/apis/identityplatform/v1beta1/zz_generated.deepcopy.go +++ b/apis/identityplatform/v1beta1/zz_generated.deepcopy.go @@ -103,6 +103,8 @@ func (in *DefaultSupportedIdPConfig) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DefaultSupportedIdPConfigInitParameters) DeepCopyInto(out *DefaultSupportedIdPConfigInitParameters) { *out = *in + out.ClientIDSecretRef = in.ClientIDSecretRef + out.ClientSecretSecretRef = in.ClientSecretSecretRef if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) @@ -899,6 +901,12 @@ func (in *OAuthIdPConfig) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OAuthIdPConfigInitParameters) DeepCopyInto(out *OAuthIdPConfigInitParameters) { *out = *in + out.ClientIDSecretRef = in.ClientIDSecretRef + if in.ClientSecretSecretRef != nil { + in, out := &in.ClientSecretSecretRef, &out.ClientSecretSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -1756,6 +1764,8 @@ func (in *TenantDefaultSupportedIdPConfig) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TenantDefaultSupportedIdPConfigInitParameters) DeepCopyInto(out *TenantDefaultSupportedIdPConfigInitParameters) { *out = *in + out.ClientIDSecretRef = in.ClientIDSecretRef + out.ClientSecretSecretRef = in.ClientSecretSecretRef if in.Enabled != nil { in, out := &in.Enabled, &out.Enabled *out = new(bool) @@ -2531,6 +2541,12 @@ func (in *TenantOAuthIdPConfig) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TenantOAuthIdPConfigInitParameters) DeepCopyInto(out *TenantOAuthIdPConfigInitParameters) { *out = *in + out.ClientIDSecretRef = in.ClientIDSecretRef + if in.ClientSecretSecretRef != nil { + in, out := &in.ClientSecretSecretRef, &out.ClientSecretSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) diff --git a/apis/identityplatform/v1beta1/zz_oauthidpconfig_terraformed.go b/apis/identityplatform/v1beta1/zz_oauthidpconfig_terraformed.go index 6aed5d4d2..df800bccc 100755 --- a/apis/identityplatform/v1beta1/zz_oauthidpconfig_terraformed.go +++ b/apis/identityplatform/v1beta1/zz_oauthidpconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *OAuthIdPConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this OAuthIdPConfig func (tr *OAuthIdPConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"client_id": "spec.forProvider.clientIdSecretRef", "client_secret": "spec.forProvider.clientSecretSecretRef"} + return map[string]string{"client_id": "clientIdSecretRef", "client_secret": "clientSecretSecretRef"} } // GetObservation of this OAuthIdPConfig diff --git a/apis/identityplatform/v1beta1/zz_oauthidpconfig_types.go b/apis/identityplatform/v1beta1/zz_oauthidpconfig_types.go index d00b87ef8..3e8d72e00 100755 --- a/apis/identityplatform/v1beta1/zz_oauthidpconfig_types.go +++ b/apis/identityplatform/v1beta1/zz_oauthidpconfig_types.go @@ -15,6 +15,12 @@ import ( type OAuthIdPConfigInitParameters struct { + // The client id of an OAuth client. + ClientIDSecretRef v1.SecretKeySelector `json:"clientIdSecretRef" tf:"-"` + + // The client secret of the OAuth client, to enable OIDC code flow. + ClientSecretSecretRef *v1.SecretKeySelector `json:"clientSecretSecretRef,omitempty" tf:"-"` + // Human friendly display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` diff --git a/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_terraformed.go b/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_terraformed.go index 468a56bdb..a6166cf1b 100755 --- a/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_terraformed.go +++ b/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *TenantDefaultSupportedIdPConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this TenantDefaultSupportedIdPConfig func (tr *TenantDefaultSupportedIdPConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"client_id": "spec.forProvider.clientIdSecretRef", "client_secret": "spec.forProvider.clientSecretSecretRef"} + return map[string]string{"client_id": "clientIdSecretRef", "client_secret": "clientSecretSecretRef"} } // GetObservation of this TenantDefaultSupportedIdPConfig diff --git a/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_types.go b/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_types.go index 2b3a9394f..513f26c08 100755 --- a/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_types.go +++ b/apis/identityplatform/v1beta1/zz_tenantdefaultsupportedidpconfig_types.go @@ -15,6 +15,12 @@ import ( type TenantDefaultSupportedIdPConfigInitParameters struct { + // OAuth client ID + ClientIDSecretRef v1.SecretKeySelector `json:"clientIdSecretRef" tf:"-"` + + // OAuth client secret + ClientSecretSecretRef v1.SecretKeySelector `json:"clientSecretSecretRef" tf:"-"` + // If this IDP allows the user to sign in Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` diff --git a/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_terraformed.go b/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_terraformed.go index 9b5841eb1..8c79c2409 100755 --- a/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_terraformed.go +++ b/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *TenantOAuthIdPConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this TenantOAuthIdPConfig func (tr *TenantOAuthIdPConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"client_id": "spec.forProvider.clientIdSecretRef", "client_secret": "spec.forProvider.clientSecretSecretRef"} + return map[string]string{"client_id": "clientIdSecretRef", "client_secret": "clientSecretSecretRef"} } // GetObservation of this TenantOAuthIdPConfig diff --git a/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_types.go b/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_types.go index 5908d4e37..2eaadd0cf 100755 --- a/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_types.go +++ b/apis/identityplatform/v1beta1/zz_tenantoauthidpconfig_types.go @@ -15,6 +15,12 @@ import ( type TenantOAuthIdPConfigInitParameters struct { + // The client id of an OAuth client. + ClientIDSecretRef v1.SecretKeySelector `json:"clientIdSecretRef" tf:"-"` + + // The client secret of the OAuth client, to enable OIDC code flow. + ClientSecretSecretRef *v1.SecretKeySelector `json:"clientSecretSecretRef,omitempty" tf:"-"` + // Human friendly display name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` diff --git a/apis/identityplatform/v1beta2/zz_generated.deepcopy.go b/apis/identityplatform/v1beta2/zz_generated.deepcopy.go index 76e33b299..e14aac6c6 100644 --- a/apis/identityplatform/v1beta2/zz_generated.deepcopy.go +++ b/apis/identityplatform/v1beta2/zz_generated.deepcopy.go @@ -221,6 +221,11 @@ func (in *HashConfigParameters) DeepCopy() *HashConfigParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdPCertificatesInitParameters) DeepCopyInto(out *IdPCertificatesInitParameters) { *out = *in + if in.X509CertificateSecretRef != nil { + in, out := &in.X509CertificateSecretRef, &out.X509CertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdPCertificatesInitParameters. @@ -271,6 +276,11 @@ func (in *IdPCertificatesParameters) DeepCopy() *IdPCertificatesParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdPConfigIdPCertificatesInitParameters) DeepCopyInto(out *IdPConfigIdPCertificatesInitParameters) { *out = *in + if in.X509CertificateSecretRef != nil { + in, out := &in.X509CertificateSecretRef, &out.X509CertificateSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdPConfigIdPCertificatesInitParameters. @@ -324,7 +334,9 @@ func (in *IdPConfigInitParameters) DeepCopyInto(out *IdPConfigInitParameters) { if in.IdPCertificates != nil { in, out := &in.IdPCertificates, &out.IdPCertificates *out = make([]IdPCertificatesInitParameters, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.IdPEntityID != nil { in, out := &in.IdPEntityID, &out.IdPEntityID @@ -1275,7 +1287,9 @@ func (in *TenantInboundSAMLConfigIdPConfigInitParameters) DeepCopyInto(out *Tena if in.IdPCertificates != nil { in, out := &in.IdPCertificates, &out.IdPCertificates *out = make([]IdPConfigIdPCertificatesInitParameters, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.IdPEntityID != nil { in, out := &in.IdPEntityID, &out.IdPEntityID diff --git a/apis/identityplatform/v1beta2/zz_inboundsamlconfig_terraformed.go b/apis/identityplatform/v1beta2/zz_inboundsamlconfig_terraformed.go index fa1e6268f..ebb31a066 100755 --- a/apis/identityplatform/v1beta2/zz_inboundsamlconfig_terraformed.go +++ b/apis/identityplatform/v1beta2/zz_inboundsamlconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *InboundSAMLConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this InboundSAMLConfig func (tr *InboundSAMLConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"idp_config[*].idp_certificates[*].x509_certificate": "spec.forProvider.idpConfig[*].idpCertificates[*].x509CertificateSecretRef"} + return map[string]string{"idp_config[*].idp_certificates[*].x509_certificate": "idpConfig[*].idpCertificates[*].x509CertificateSecretRef"} } // GetObservation of this InboundSAMLConfig diff --git a/apis/identityplatform/v1beta2/zz_inboundsamlconfig_types.go b/apis/identityplatform/v1beta2/zz_inboundsamlconfig_types.go index 0c7413c73..99730a87a 100755 --- a/apis/identityplatform/v1beta2/zz_inboundsamlconfig_types.go +++ b/apis/identityplatform/v1beta2/zz_inboundsamlconfig_types.go @@ -14,6 +14,10 @@ import ( ) type IdPCertificatesInitParameters struct { + + // (Output) + // The x509 certificate + X509CertificateSecretRef *v1.SecretKeySelector `json:"x509CertificateSecretRef,omitempty" tf:"-"` } type IdPCertificatesObservation struct { diff --git a/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_terraformed.go b/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_terraformed.go index 954eb4cc8..391afb190 100755 --- a/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_terraformed.go +++ b/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *TenantInboundSAMLConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this TenantInboundSAMLConfig func (tr *TenantInboundSAMLConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"idp_config[*].idp_certificates[*].x509_certificate": "spec.forProvider.idpConfig[*].idpCertificates[*].x509CertificateSecretRef"} + return map[string]string{"idp_config[*].idp_certificates[*].x509_certificate": "idpConfig[*].idpCertificates[*].x509CertificateSecretRef"} } // GetObservation of this TenantInboundSAMLConfig diff --git a/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_types.go b/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_types.go index 7ca741acb..5268989f5 100755 --- a/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_types.go +++ b/apis/identityplatform/v1beta2/zz_tenantinboundsamlconfig_types.go @@ -14,6 +14,10 @@ import ( ) type IdPConfigIdPCertificatesInitParameters struct { + + // (Output) + // The x509 certificate + X509CertificateSecretRef *v1.SecretKeySelector `json:"x509CertificateSecretRef,omitempty" tf:"-"` } type IdPConfigIdPCertificatesObservation struct { diff --git a/apis/kms/v1beta1/zz_generated.deepcopy.go b/apis/kms/v1beta1/zz_generated.deepcopy.go index 08f668174..61c353294 100644 --- a/apis/kms/v1beta1/zz_generated.deepcopy.go +++ b/apis/kms/v1beta1/zz_generated.deepcopy.go @@ -1997,6 +1997,11 @@ func (in *SecretCiphertext) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretCiphertextInitParameters) DeepCopyInto(out *SecretCiphertextInitParameters) { *out = *in + if in.AdditionalAuthenticatedDataSecretRef != nil { + in, out := &in.AdditionalAuthenticatedDataSecretRef, &out.AdditionalAuthenticatedDataSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.CryptoKey != nil { in, out := &in.CryptoKey, &out.CryptoKey *out = new(string) diff --git a/apis/kms/v1beta1/zz_secretciphertext_terraformed.go b/apis/kms/v1beta1/zz_secretciphertext_terraformed.go index 198425f09..2ea6773fa 100755 --- a/apis/kms/v1beta1/zz_secretciphertext_terraformed.go +++ b/apis/kms/v1beta1/zz_secretciphertext_terraformed.go @@ -21,7 +21,7 @@ func (mg *SecretCiphertext) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this SecretCiphertext func (tr *SecretCiphertext) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"additional_authenticated_data": "spec.forProvider.additionalAuthenticatedDataSecretRef"} + return map[string]string{"additional_authenticated_data": "additionalAuthenticatedDataSecretRef"} } // GetObservation of this SecretCiphertext diff --git a/apis/kms/v1beta1/zz_secretciphertext_types.go b/apis/kms/v1beta1/zz_secretciphertext_types.go index 40a1e7e12..72bf9be0c 100755 --- a/apis/kms/v1beta1/zz_secretciphertext_types.go +++ b/apis/kms/v1beta1/zz_secretciphertext_types.go @@ -15,6 +15,10 @@ import ( type SecretCiphertextInitParameters struct { + // The additional authenticated data used for integrity checks during encryption and decryption. + // Note: This property is sensitive and will not be displayed in the plan. + AdditionalAuthenticatedDataSecretRef *v1.SecretKeySelector `json:"additionalAuthenticatedDataSecretRef,omitempty" tf:"-"` + // The full name of the CryptoKey that will be used to encrypt the provided plaintext. // Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}' // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/kms/v1beta2.CryptoKey diff --git a/apis/monitoring/v1beta2/zz_generated.deepcopy.go b/apis/monitoring/v1beta2/zz_generated.deepcopy.go index 50bbc0fc8..230108c62 100644 --- a/apis/monitoring/v1beta2/zz_generated.deepcopy.go +++ b/apis/monitoring/v1beta2/zz_generated.deepcopy.go @@ -673,6 +673,7 @@ func (in *AlertStrategyParameters) DeepCopy() *AlertStrategyParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthInfoInitParameters) DeepCopyInto(out *AuthInfoInitParameters) { *out = *in + out.PasswordSecretRef = in.PasswordSecretRef if in.Username != nil { in, out := &in.Username, &out.Username *out = new(string) @@ -4941,7 +4942,7 @@ func (in *NotificationChannelInitParameters) DeepCopyInto(out *NotificationChann if in.SensitiveLabels != nil { in, out := &in.SensitiveLabels, &out.SensitiveLabels *out = new(SensitiveLabelsInitParameters) - **out = **in + (*in).DeepCopyInto(*out) } if in.Type != nil { in, out := &in.Type, &out.Type @@ -6290,6 +6291,21 @@ func (in *SLOStatus) DeepCopy() *SLOStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SensitiveLabelsInitParameters) DeepCopyInto(out *SensitiveLabelsInitParameters) { *out = *in + if in.AuthTokenSecretRef != nil { + in, out := &in.AuthTokenSecretRef, &out.AuthTokenSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } + if in.ServiceKeySecretRef != nil { + in, out := &in.ServiceKeySecretRef, &out.ServiceKeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SensitiveLabelsInitParameters. diff --git a/apis/monitoring/v1beta2/zz_notificationchannel_terraformed.go b/apis/monitoring/v1beta2/zz_notificationchannel_terraformed.go index f185cb03c..6f0c803c1 100755 --- a/apis/monitoring/v1beta2/zz_notificationchannel_terraformed.go +++ b/apis/monitoring/v1beta2/zz_notificationchannel_terraformed.go @@ -21,7 +21,7 @@ func (mg *NotificationChannel) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this NotificationChannel func (tr *NotificationChannel) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"sensitive_labels[*].auth_token": "spec.forProvider.sensitiveLabels[*].authTokenSecretRef", "sensitive_labels[*].password": "spec.forProvider.sensitiveLabels[*].passwordSecretRef", "sensitive_labels[*].service_key": "spec.forProvider.sensitiveLabels[*].serviceKeySecretRef"} + return map[string]string{"sensitive_labels[*].auth_token": "sensitiveLabels[*].authTokenSecretRef", "sensitive_labels[*].password": "sensitiveLabels[*].passwordSecretRef", "sensitive_labels[*].service_key": "sensitiveLabels[*].serviceKeySecretRef"} } // GetObservation of this NotificationChannel diff --git a/apis/monitoring/v1beta2/zz_notificationchannel_types.go b/apis/monitoring/v1beta2/zz_notificationchannel_types.go index e097a129c..982161836 100755 --- a/apis/monitoring/v1beta2/zz_notificationchannel_types.go +++ b/apis/monitoring/v1beta2/zz_notificationchannel_types.go @@ -172,6 +172,18 @@ type NotificationChannelParameters struct { } type SensitiveLabelsInitParameters struct { + + // An authorization token for a notification channel. Channel types that support this field include: slack + // Note: This property is sensitive and will not be displayed in the plan. + AuthTokenSecretRef *v1.SecretKeySelector `json:"authTokenSecretRef,omitempty" tf:"-"` + + // An password for a notification channel. Channel types that support this field include: webhook_basicauth + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef *v1.SecretKeySelector `json:"passwordSecretRef,omitempty" tf:"-"` + + // An servicekey token for a notification channel. Channel types that support this field include: pagerduty + // Note: This property is sensitive and will not be displayed in the plan. + ServiceKeySecretRef *v1.SecretKeySelector `json:"serviceKeySecretRef,omitempty" tf:"-"` } type SensitiveLabelsObservation struct { diff --git a/apis/monitoring/v1beta2/zz_uptimecheckconfig_terraformed.go b/apis/monitoring/v1beta2/zz_uptimecheckconfig_terraformed.go index 0a95a495d..e463309f0 100755 --- a/apis/monitoring/v1beta2/zz_uptimecheckconfig_terraformed.go +++ b/apis/monitoring/v1beta2/zz_uptimecheckconfig_terraformed.go @@ -21,7 +21,7 @@ func (mg *UptimeCheckConfig) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this UptimeCheckConfig func (tr *UptimeCheckConfig) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"http_check[*].auth_info[*].password": "spec.forProvider.httpCheck[*].authInfo[*].passwordSecretRef"} + return map[string]string{"http_check[*].auth_info[*].password": "httpCheck[*].authInfo[*].passwordSecretRef"} } // GetObservation of this UptimeCheckConfig diff --git a/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go b/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go index f368e9b6b..481b9baf9 100755 --- a/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go +++ b/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go @@ -47,6 +47,10 @@ type AcceptedResponseStatusCodesParameters struct { type AuthInfoInitParameters struct { + // The password to authenticate. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` + // The username to authenticate. Username *string `json:"username,omitempty" tf:"username,omitempty"` } @@ -61,7 +65,7 @@ type AuthInfoParameters struct { // The password to authenticate. // Note: This property is sensitive and will not be displayed in the plan. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional PasswordSecretRef v1.SecretKeySelector `json:"passwordSecretRef" tf:"-"` // The username to authenticate. diff --git a/apis/oslogin/v1beta1/zz_generated.deepcopy.go b/apis/oslogin/v1beta1/zz_generated.deepcopy.go index de01a8c29..9639a26a4 100644 --- a/apis/oslogin/v1beta1/zz_generated.deepcopy.go +++ b/apis/oslogin/v1beta1/zz_generated.deepcopy.go @@ -47,6 +47,7 @@ func (in *SSHPublicKeyInitParameters) DeepCopyInto(out *SSHPublicKeyInitParamete *out = new(string) **out = **in } + out.KeySecretRef = in.KeySecretRef if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/oslogin/v1beta1/zz_sshpublickey_terraformed.go b/apis/oslogin/v1beta1/zz_sshpublickey_terraformed.go index 37b33e151..a14ad2cf2 100755 --- a/apis/oslogin/v1beta1/zz_sshpublickey_terraformed.go +++ b/apis/oslogin/v1beta1/zz_sshpublickey_terraformed.go @@ -21,7 +21,7 @@ func (mg *SSHPublicKey) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this SSHPublicKey func (tr *SSHPublicKey) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"key": "spec.forProvider.keySecretRef"} + return map[string]string{"key": "keySecretRef"} } // GetObservation of this SSHPublicKey diff --git a/apis/oslogin/v1beta1/zz_sshpublickey_types.go b/apis/oslogin/v1beta1/zz_sshpublickey_types.go index 916c72614..be7eb32d9 100755 --- a/apis/oslogin/v1beta1/zz_sshpublickey_types.go +++ b/apis/oslogin/v1beta1/zz_sshpublickey_types.go @@ -18,6 +18,9 @@ type SSHPublicKeyInitParameters struct { // An expiration time in microseconds since epoch. ExpirationTimeUsec *string `json:"expirationTimeUsec,omitempty" tf:"expiration_time_usec,omitempty"` + // Public key text in SSH format, defined by RFC4253 section 6.6. + KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` + // The project ID of the Google Cloud Platform project. Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/privateca/v1beta2/zz_certificate_terraformed.go b/apis/privateca/v1beta2/zz_certificate_terraformed.go index 3e87ef76d..421606e84 100755 --- a/apis/privateca/v1beta2/zz_certificate_terraformed.go +++ b/apis/privateca/v1beta2/zz_certificate_terraformed.go @@ -21,7 +21,7 @@ func (mg *Certificate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Certificate func (tr *Certificate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"config[*].public_key[*].key": "spec.forProvider.config[*].publicKey[*].keySecretRef"} + return map[string]string{"config[*].public_key[*].key": "config[*].publicKey[*].keySecretRef"} } // GetObservation of this Certificate diff --git a/apis/privateca/v1beta2/zz_certificate_types.go b/apis/privateca/v1beta2/zz_certificate_types.go index 22038e50c..d4a6e950b 100755 --- a/apis/privateca/v1beta2/zz_certificate_types.go +++ b/apis/privateca/v1beta2/zz_certificate_types.go @@ -367,6 +367,9 @@ type ConfigPublicKeyInitParameters struct { // The format of the public key. Currently, only PEM format is supported. // Possible values are: KEY_TYPE_UNSPECIFIED, PEM. Format *string `json:"format,omitempty" tf:"format,omitempty"` + + // Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string. + KeySecretRef *v1.SecretKeySelector `json:"keySecretRef,omitempty" tf:"-"` } type ConfigPublicKeyObservation struct { diff --git a/apis/privateca/v1beta2/zz_generated.deepcopy.go b/apis/privateca/v1beta2/zz_generated.deepcopy.go index 5a6b05472..291d1ef43 100644 --- a/apis/privateca/v1beta2/zz_generated.deepcopy.go +++ b/apis/privateca/v1beta2/zz_generated.deepcopy.go @@ -3604,6 +3604,11 @@ func (in *ConfigPublicKeyInitParameters) DeepCopyInto(out *ConfigPublicKeyInitPa *out = new(string) **out = **in } + if in.KeySecretRef != nil { + in, out := &in.KeySecretRef, &out.KeySecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigPublicKeyInitParameters. diff --git a/apis/secretmanager/v1beta1/zz_generated.deepcopy.go b/apis/secretmanager/v1beta1/zz_generated.deepcopy.go index 71a48453b..d5434f8ba 100644 --- a/apis/secretmanager/v1beta1/zz_generated.deepcopy.go +++ b/apis/secretmanager/v1beta1/zz_generated.deepcopy.go @@ -1286,6 +1286,7 @@ func (in *SecretVersionInitParameters) DeepCopyInto(out *SecretVersionInitParame *out = new(string) **out = **in } + out.SecretDataSecretRef = in.SecretDataSecretRef if in.SecretRef != nil { in, out := &in.SecretRef, &out.SecretRef *out = new(v1.Reference) diff --git a/apis/secretmanager/v1beta1/zz_secretversion_terraformed.go b/apis/secretmanager/v1beta1/zz_secretversion_terraformed.go index ae458ebad..080fc0436 100755 --- a/apis/secretmanager/v1beta1/zz_secretversion_terraformed.go +++ b/apis/secretmanager/v1beta1/zz_secretversion_terraformed.go @@ -21,7 +21,7 @@ func (mg *SecretVersion) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this SecretVersion func (tr *SecretVersion) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"secret_data": "spec.forProvider.secretDataSecretRef"} + return map[string]string{"secret_data": "secretDataSecretRef"} } // GetObservation of this SecretVersion diff --git a/apis/secretmanager/v1beta1/zz_secretversion_types.go b/apis/secretmanager/v1beta1/zz_secretversion_types.go index c9e976381..dd0171ff6 100755 --- a/apis/secretmanager/v1beta1/zz_secretversion_types.go +++ b/apis/secretmanager/v1beta1/zz_secretversion_types.go @@ -31,6 +31,9 @@ type SecretVersionInitParameters struct { // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.ExtractResourceID() Secret *string `json:"secret,omitempty" tf:"secret,omitempty"` + // The secret data. Must be no larger than 64KiB. + SecretDataSecretRef v1.SecretKeySelector `json:"secretDataSecretRef" tf:"-"` + // Reference to a Secret in secretmanager to populate secret. // +kubebuilder:validation:Optional SecretRef *v1.Reference `json:"secretRef,omitempty" tf:"-"` diff --git a/apis/sql/v1beta1/zz_generated.deepcopy.go b/apis/sql/v1beta1/zz_generated.deepcopy.go index b3cf348a8..491b52c7d 100644 --- a/apis/sql/v1beta1/zz_generated.deepcopy.go +++ b/apis/sql/v1beta1/zz_generated.deepcopy.go @@ -3689,6 +3689,11 @@ func (in *SourceRepresentationInstanceInitParameters) DeepCopyInto(out *SourceRe *out = new(string) **out = **in } + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) diff --git a/apis/sql/v1beta1/zz_sourcerepresentationinstance_terraformed.go b/apis/sql/v1beta1/zz_sourcerepresentationinstance_terraformed.go index 9afd6499b..9fb4a7b8a 100755 --- a/apis/sql/v1beta1/zz_sourcerepresentationinstance_terraformed.go +++ b/apis/sql/v1beta1/zz_sourcerepresentationinstance_terraformed.go @@ -21,7 +21,7 @@ func (mg *SourceRepresentationInstance) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this SourceRepresentationInstance func (tr *SourceRepresentationInstance) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"password": "spec.forProvider.passwordSecretRef"} + return map[string]string{"password": "passwordSecretRef"} } // GetObservation of this SourceRepresentationInstance diff --git a/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go b/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go index 25f88d001..e8c967df6 100755 --- a/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go +++ b/apis/sql/v1beta1/zz_sourcerepresentationinstance_types.go @@ -34,6 +34,10 @@ type SourceRepresentationInstanceInitParameters struct { // The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. Host *string `json:"host,omitempty" tf:"host,omitempty"` + // The password for the replication user account. + // Note: This property is sensitive and will not be displayed in the plan. + PasswordSecretRef *v1.SecretKeySelector `json:"passwordSecretRef,omitempty" tf:"-"` + // The externally accessible port for the source database server. // Defaults to 3306. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` diff --git a/apis/sql/v1beta2/zz_databaseinstance_terraformed.go b/apis/sql/v1beta2/zz_databaseinstance_terraformed.go index dee4f6d61..afe20c0c5 100755 --- a/apis/sql/v1beta2/zz_databaseinstance_terraformed.go +++ b/apis/sql/v1beta2/zz_databaseinstance_terraformed.go @@ -21,7 +21,7 @@ func (mg *DatabaseInstance) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this DatabaseInstance func (tr *DatabaseInstance) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"replica_configuration[*].password": "spec.forProvider.replicaConfiguration[*].passwordSecretRef", "root_password": "spec.forProvider.rootPasswordSecretRef", "server_ca_cert[*]": "status.atProvider.serverCaCert[*]"} + return map[string]string{"replica_configuration[*].password": "replicaConfiguration[*].passwordSecretRef", "root_password": "rootPasswordSecretRef", "server_ca_cert[*]": "status.atProvider.serverCaCert[*]"} } // GetObservation of this DatabaseInstance diff --git a/apis/sql/v1beta2/zz_databaseinstance_types.go b/apis/sql/v1beta2/zz_databaseinstance_types.go index 176d874d8..a563b65dc 100755 --- a/apis/sql/v1beta2/zz_databaseinstance_types.go +++ b/apis/sql/v1beta2/zz_databaseinstance_types.go @@ -385,6 +385,9 @@ type DatabaseInstanceInitParameters struct { // block during resource creation/update will trigger the restore action after the resource is created/updated. RestoreBackupContext *RestoreBackupContextInitParameters `json:"restoreBackupContext,omitempty" tf:"restore_backup_context,omitempty"` + // Initial root password. Can be updated. Required for MS SQL Server. + RootPasswordSecretRef *v1.SecretKeySelector `json:"rootPasswordSecretRef,omitempty" tf:"-"` + // The settings to use for the database. The // configuration is detailed below. Required if clone is not set. Settings *SettingsInitParameters `json:"settings,omitempty" tf:"settings,omitempty"` @@ -1018,6 +1021,9 @@ type ReplicaConfigurationInitParameters struct { // heartbeats. MasterHeartbeatPeriod *float64 `json:"masterHeartbeatPeriod,omitempty" tf:"master_heartbeat_period,omitempty"` + // Password for the replication connection. + PasswordSecretRef *v1.SecretKeySelector `json:"passwordSecretRef,omitempty" tf:"-"` + // Permissible ciphers for use in SSL encryption. SSLCipher *string `json:"sslCipher,omitempty" tf:"ssl_cipher,omitempty"` diff --git a/apis/sql/v1beta2/zz_generated.deepcopy.go b/apis/sql/v1beta2/zz_generated.deepcopy.go index a19d8b931..ec1e01362 100644 --- a/apis/sql/v1beta2/zz_generated.deepcopy.go +++ b/apis/sql/v1beta2/zz_generated.deepcopy.go @@ -801,6 +801,11 @@ func (in *DatabaseInstanceInitParameters) DeepCopyInto(out *DatabaseInstanceInit *out = new(RestoreBackupContextInitParameters) (*in).DeepCopyInto(*out) } + if in.RootPasswordSecretRef != nil { + in, out := &in.RootPasswordSecretRef, &out.RootPasswordSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.Settings != nil { in, out := &in.Settings, &out.Settings *out = new(SettingsInitParameters) @@ -2123,6 +2128,11 @@ func (in *ReplicaConfigurationInitParameters) DeepCopyInto(out *ReplicaConfigura *out = new(float64) **out = **in } + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.SSLCipher != nil { in, out := &in.SSLCipher, &out.SSLCipher *out = new(string) @@ -3190,6 +3200,11 @@ func (in *UserInitParameters) DeepCopyInto(out *UserInitParameters) { *out = new(PasswordPolicyInitParameters) (*in).DeepCopyInto(*out) } + if in.PasswordSecretRef != nil { + in, out := &in.PasswordSecretRef, &out.PasswordSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/sql/v1beta2/zz_user_terraformed.go b/apis/sql/v1beta2/zz_user_terraformed.go index 5fa09df31..0eab197eb 100755 --- a/apis/sql/v1beta2/zz_user_terraformed.go +++ b/apis/sql/v1beta2/zz_user_terraformed.go @@ -21,7 +21,7 @@ func (mg *User) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this User func (tr *User) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"password": "spec.forProvider.passwordSecretRef"} + return map[string]string{"password": "passwordSecretRef"} } // GetObservation of this User diff --git a/apis/sql/v1beta2/zz_user_types.go b/apis/sql/v1beta2/zz_user_types.go index d21410071..a053e8264 100755 --- a/apis/sql/v1beta2/zz_user_types.go +++ b/apis/sql/v1beta2/zz_user_types.go @@ -118,6 +118,12 @@ type UserInitParameters struct { PasswordPolicy *PasswordPolicyInitParameters `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"` + // The password for the user. Can be updated. For Postgres + // instances this is a Required field, unless type is set to either CLOUD_IAM_USER + // or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER + // and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. + PasswordSecretRef *v1.SecretKeySelector `json:"passwordSecretRef,omitempty" tf:"-"` + // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/storage/v1beta2/zz_bucketobject_terraformed.go b/apis/storage/v1beta2/zz_bucketobject_terraformed.go index 2cb554988..b51788a92 100755 --- a/apis/storage/v1beta2/zz_bucketobject_terraformed.go +++ b/apis/storage/v1beta2/zz_bucketobject_terraformed.go @@ -21,7 +21,7 @@ func (mg *BucketObject) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this BucketObject func (tr *BucketObject) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"customer_encryption[*].encryption_key": "spec.forProvider.customerEncryption[*].encryptionKeySecretRef"} + return map[string]string{"customer_encryption[*].encryption_key": "customerEncryption[*].encryptionKeySecretRef"} } // GetObservation of this BucketObject diff --git a/apis/storage/v1beta2/zz_bucketobject_types.go b/apis/storage/v1beta2/zz_bucketobject_types.go index 67404834d..24b8047b4 100755 --- a/apis/storage/v1beta2/zz_bucketobject_types.go +++ b/apis/storage/v1beta2/zz_bucketobject_types.go @@ -250,6 +250,9 @@ type CustomerEncryptionInitParameters struct { // Encryption algorithm. Default: AES256 EncryptionAlgorithm *string `json:"encryptionAlgorithm,omitempty" tf:"encryption_algorithm,omitempty"` + + // Base64 encoded Customer-Supplied Encryption Key. + EncryptionKeySecretRef v1.SecretKeySelector `json:"encryptionKeySecretRef" tf:"-"` } type CustomerEncryptionObservation struct { @@ -265,7 +268,7 @@ type CustomerEncryptionParameters struct { EncryptionAlgorithm *string `json:"encryptionAlgorithm,omitempty" tf:"encryption_algorithm,omitempty"` // Base64 encoded Customer-Supplied Encryption Key. - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional EncryptionKeySecretRef v1.SecretKeySelector `json:"encryptionKeySecretRef" tf:"-"` } diff --git a/apis/storage/v1beta2/zz_generated.deepcopy.go b/apis/storage/v1beta2/zz_generated.deepcopy.go index 9d88e2972..46ae5c3a8 100644 --- a/apis/storage/v1beta2/zz_generated.deepcopy.go +++ b/apis/storage/v1beta2/zz_generated.deepcopy.go @@ -2014,6 +2014,7 @@ func (in *CustomerEncryptionInitParameters) DeepCopyInto(out *CustomerEncryption *out = new(string) **out = **in } + out.EncryptionKeySecretRef = in.EncryptionKeySecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerEncryptionInitParameters. diff --git a/go.mod b/go.mod index 7f8a6bcac..2dce08515 100644 --- a/go.mod +++ b/go.mod @@ -179,3 +179,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) + +replace github.com/crossplane/upjet => github.com/ulucinar/upbound-upjet v0.0.0-20240530235240-f4f87bab8535 diff --git a/go.sum b/go.sum index e41f1ba91..3976fdedd 100644 --- a/go.sum +++ b/go.sum @@ -73,8 +73,6 @@ github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876f github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57/go.mod h1:Pz2tdGVMF6KDGzHZOkvKro0nKc8EzK0sb/nSA7pH4Dc= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 h1:HigXs5tEQxWz0fcj8hzbU2UAZgEM7wPe0XRFOsrtF8Y= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= -github.com/crossplane/upjet v1.4.0-rc.0.0.20240515193317-92d1af84d242 h1:ylmj67qVNh+AIDK+CH8BiXu41PlGSKBzAwMZApDEOds= -github.com/crossplane/upjet v1.4.0-rc.0.0.20240515193317-92d1af84d242/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= @@ -388,6 +386,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= +github.com/ulucinar/upbound-upjet v0.0.0-20240530235240-f4f87bab8535 h1:D/tIcJSNk7idLCeCU4ZWRwhVwpVXruAlDn0iQG2Qvjc= +github.com/ulucinar/upbound-upjet v0.0.0-20240530235240-f4f87bab8535/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= diff --git a/package/crds/alloydb.gcp.upbound.io_clusters.yaml b/package/crds/alloydb.gcp.upbound.io_clusters.yaml index 5bc26c2d5..1d518a3b0 100644 --- a/package/crds/alloydb.gcp.upbound.io_clusters.yaml +++ b/package/crds/alloydb.gcp.upbound.io_clusters.yaml @@ -2148,8 +2148,6 @@ spec: user: description: The database username. type: string - required: - - passwordSecretRef type: object labels: additionalProperties: @@ -2709,9 +2707,30 @@ spec: Initial user to setup during cluster creation. Structure is documented below. properties: + passwordSecretRef: + description: |- + The initial password for the user. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object user: description: The database username. type: string + required: + - passwordSecretRef type: object labels: additionalProperties: diff --git a/package/crds/appengine.gcp.upbound.io_applications.yaml b/package/crds/appengine.gcp.upbound.io_applications.yaml index c271b2727..125e30cc1 100644 --- a/package/crds/appengine.gcp.upbound.io_applications.yaml +++ b/package/crds/appengine.gcp.upbound.io_applications.yaml @@ -807,8 +807,6 @@ spec: - name - namespace type: object - required: - - oauth2ClientSecretSecretRef type: object locationId: description: |- @@ -949,6 +947,27 @@ spec: description: OAuth2 client ID to use for the authentication flow. type: string + oauth2ClientSecretSecretRef: + description: |- + OAuth2 client secret to use for the authentication flow. + The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - oauth2ClientSecretSecretRef type: object locationId: description: |- diff --git a/package/crds/bigquery.gcp.upbound.io_connections.yaml b/package/crds/bigquery.gcp.upbound.io_connections.yaml index b92529d25..467d02316 100644 --- a/package/crds/bigquery.gcp.upbound.io_connections.yaml +++ b/package/crds/bigquery.gcp.upbound.io_connections.yaml @@ -1762,8 +1762,6 @@ spec: type: string type: object type: object - required: - - passwordSecretRef type: object database: description: Database name. @@ -2153,6 +2151,25 @@ spec: Cloud SQL properties. Structure is documented below. properties: + passwordSecretRef: + description: |- + Password for database. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object username: description: Username for database. type: string @@ -2230,6 +2247,8 @@ spec: type: string type: object type: object + required: + - passwordSecretRef type: object database: description: Database name. diff --git a/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml b/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml index 0c82ec566..4fb63fa44 100644 --- a/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml @@ -1158,8 +1158,6 @@ spec: - name - namespace type: object - required: - - secretAccessKeySecretRef type: object serviceAccountName: description: |- @@ -1363,6 +1361,28 @@ spec: Credentials may not be specified in both locations and will cause an error. Changing from one location to a different credential configuration in the config will require an apply to update state. Structure is documented below. + properties: + secretAccessKeySecretRef: + description: |- + The Secret Access Key of the AWS account transferring data from. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - secretAccessKeySecretRef type: object serviceAccountName: description: |- @@ -1695,8 +1715,6 @@ spec: - name - namespace type: object - required: - - secretAccessKeySecretRef type: object serviceAccountName: description: |- diff --git a/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml b/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml index cdc9458c2..ce7d2b4ba 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml @@ -939,11 +939,69 @@ spec: certificates before they expire remains the user's responsibility. Structure is documented below. properties: + certificatePemSecretRef: + description: |- + The certificate chain in PEM-encoded form. + Leaf certificate comes first, followed by intermediate ones if any. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object pemCertificate: description: |- The certificate chain in PEM-encoded form. Leaf certificate comes first, followed by intermediate ones if any. type: string + pemPrivateKeySecretRef: + description: |- + The private key of the leaf certificate in PEM-encoded form. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + privateKeyPemSecretRef: + description: |- + The private key of the leaf certificate in PEM-encoded form. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object type: object managementPolicies: diff --git a/package/crds/compute.gcp.upbound.io_backendbucketsignedurlkeys.yaml b/package/crds/compute.gcp.upbound.io_backendbucketsignedurlkeys.yaml index 910bd1aba..b808f55e9 100644 --- a/package/crds/compute.gcp.upbound.io_backendbucketsignedurlkeys.yaml +++ b/package/crds/compute.gcp.upbound.io_backendbucketsignedurlkeys.yaml @@ -274,6 +274,26 @@ spec: type: string type: object type: object + keyValueSecretRef: + description: |- + 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object name: description: Name of the signed URL key. type: string @@ -282,6 +302,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + required: + - keyValueSecretRef type: object managementPolicies: default: diff --git a/package/crds/compute.gcp.upbound.io_backendservices.yaml b/package/crds/compute.gcp.upbound.io_backendservices.yaml index ab97d371d..650d5ca70 100644 --- a/package/crds/compute.gcp.upbound.io_backendservices.yaml +++ b/package/crds/compute.gcp.upbound.io_backendservices.yaml @@ -3359,8 +3359,6 @@ spec: - name - namespace type: object - required: - - oauth2ClientSecretSecretRef type: object loadBalancingScheme: description: |- @@ -4185,6 +4183,27 @@ spec: oauth2ClientId: description: OAuth2 Client ID for IAP type: string + oauth2ClientSecretSecretRef: + description: |- + OAuth2 Client Secret for IAP + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - oauth2ClientSecretSecretRef type: object loadBalancingScheme: description: |- diff --git a/package/crds/compute.gcp.upbound.io_backendservicesignedurlkeys.yaml b/package/crds/compute.gcp.upbound.io_backendservicesignedurlkeys.yaml index 7a34f97bd..f08844e3f 100644 --- a/package/crds/compute.gcp.upbound.io_backendservicesignedurlkeys.yaml +++ b/package/crds/compute.gcp.upbound.io_backendservicesignedurlkeys.yaml @@ -274,6 +274,26 @@ spec: type: string type: object type: object + keyValueSecretRef: + description: |- + 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object name: description: Name of the signed URL key. type: string @@ -282,6 +302,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + required: + - keyValueSecretRef type: object managementPolicies: default: diff --git a/package/crds/compute.gcp.upbound.io_disks.yaml b/package/crds/compute.gcp.upbound.io_disks.yaml index 602b00930..7d847f109 100644 --- a/package/crds/compute.gcp.upbound.io_disks.yaml +++ b/package/crds/compute.gcp.upbound.io_disks.yaml @@ -1694,6 +1694,47 @@ spec: The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. type: string + rawKeySecretRef: + description: |- + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + rsaEncryptedKeySecretRef: + description: |- + Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object enableConfidentialCompute: description: |- diff --git a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml index a4ec90053..0883e964b 100644 --- a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml @@ -2506,6 +2506,24 @@ spec: A unique name for the resource, required by GCE. Changing this forces a new resource to be created. type: string + diskEncryptionKeyRawSecretRef: + description: A SecretKeySelector is a reference to a secret + key in an arbitrary namespace. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object initializeParams: properties: enableConfidentialCompute: diff --git a/package/crds/compute.gcp.upbound.io_instances.yaml b/package/crds/compute.gcp.upbound.io_instances.yaml index ea8b4fca1..1e7434174 100644 --- a/package/crds/compute.gcp.upbound.io_instances.yaml +++ b/package/crds/compute.gcp.upbound.io_instances.yaml @@ -4077,6 +4077,27 @@ spec: Name with which the attached disk will be accessible under /dev/disk/by-id/google-* type: string + diskEncryptionKeyRawSecretRef: + description: |- + A 256-bit [customer-supplied encryption key] + (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption), + encoded in RFC 4648 base64 + to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object kmsKeySelfLink: description: |- The self_link of the encryption key that is @@ -4111,6 +4132,28 @@ spec: Name with which attached disk will be accessible. On the instance, this device will be /dev/disk/by-id/google-{{device_name}}. type: string + diskEncryptionKeyRawSecretRef: + description: |- + A 256-bit [customer-supplied encryption key] + (https://cloud.google.com/compute/docs/disks/customer-supplied-encryption), + encoded in RFC 4648 base64 + to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw + may be set. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object initializeParams: description: |- Parameters for a new disk that will be created diff --git a/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml b/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml index 5745cb128..21fa63f41 100644 --- a/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml +++ b/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml @@ -3087,8 +3087,6 @@ spec: - name - namespace type: object - required: - - oauth2ClientSecretSecretRef type: object loadBalancingScheme: description: is set to INTERNAL_MANAGED @@ -3832,6 +3830,27 @@ spec: oauth2ClientId: description: OAuth2 Client ID for IAP type: string + oauth2ClientSecretSecretRef: + description: |- + OAuth2 Client Secret for IAP + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - oauth2ClientSecretSecretRef type: object loadBalancingScheme: description: is set to INTERNAL_MANAGED diff --git a/package/crds/compute.gcp.upbound.io_regiondisks.yaml b/package/crds/compute.gcp.upbound.io_regiondisks.yaml index e97d7b1e6..2c7a387b3 100644 --- a/package/crds/compute.gcp.upbound.io_regiondisks.yaml +++ b/package/crds/compute.gcp.upbound.io_regiondisks.yaml @@ -1558,6 +1558,26 @@ spec: description: The name of the encryption key that is stored in Google Cloud KMS. type: string + rawKeySecretRef: + description: |- + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object guestOsFeatures: description: |- diff --git a/package/crds/compute.gcp.upbound.io_regionsslcertificates.yaml b/package/crds/compute.gcp.upbound.io_regionsslcertificates.yaml index 667925dda..ec37972de 100644 --- a/package/crds/compute.gcp.upbound.io_regionsslcertificates.yaml +++ b/package/crds/compute.gcp.upbound.io_regionsslcertificates.yaml @@ -142,14 +142,57 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + certificateSecretRef: + description: |- + The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object description: description: An optional description of this resource. type: string + privateKeySecretRef: + description: |- + The write-only private key in PEM format. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + required: + - certificateSecretRef + - privateKeySecretRef type: object managementPolicies: default: diff --git a/package/crds/compute.gcp.upbound.io_routerpeers.yaml b/package/crds/compute.gcp.upbound.io_routerpeers.yaml index 35522e978..a101dea16 100644 --- a/package/crds/compute.gcp.upbound.io_routerpeers.yaml +++ b/package/crds/compute.gcp.upbound.io_routerpeers.yaml @@ -1758,8 +1758,6 @@ spec: following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. type: string - required: - - keySecretRef type: object peerAsn: description: |- @@ -2291,6 +2289,24 @@ spec: type: string md5AuthenticationKey: properties: + keySecretRef: + description: A SecretKeySelector is a reference to a secret + key in an arbitrary namespace. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object name: description: |- Name of this BGP peer. The name must be 1-63 characters long, @@ -2300,6 +2316,8 @@ spec: following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. type: string + required: + - keySecretRef type: object peerAsn: description: |- diff --git a/package/crds/compute.gcp.upbound.io_snapshots.yaml b/package/crds/compute.gcp.upbound.io_snapshots.yaml index dc30f9ed5..c696dca24 100644 --- a/package/crds/compute.gcp.upbound.io_snapshots.yaml +++ b/package/crds/compute.gcp.upbound.io_snapshots.yaml @@ -1108,6 +1108,26 @@ spec: The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. type: string + rawKeySecretRef: + description: |- + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object sourceDisk: description: A reference to the disk used to create this snapshot. @@ -1124,6 +1144,26 @@ spec: The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used. type: string + rawKeySecretRef: + description: |- + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object sourceDiskRef: description: Reference to a Disk in compute to populate sourceDisk. diff --git a/package/crds/compute.gcp.upbound.io_sslcertificates.yaml b/package/crds/compute.gcp.upbound.io_sslcertificates.yaml index c535c0235..f964fd8b4 100644 --- a/package/crds/compute.gcp.upbound.io_sslcertificates.yaml +++ b/package/crds/compute.gcp.upbound.io_sslcertificates.yaml @@ -135,14 +135,57 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + certificateSecretRef: + description: |- + The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object description: description: An optional description of this resource. type: string + privateKeySecretRef: + description: |- + The write-only private key in PEM format. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + required: + - certificateSecretRef + - privateKeySecretRef type: object managementPolicies: default: diff --git a/package/crds/compute.gcp.upbound.io_vpntunnels.yaml b/package/crds/compute.gcp.upbound.io_vpntunnels.yaml index b103742e8..c3844b7ba 100644 --- a/package/crds/compute.gcp.upbound.io_vpntunnels.yaml +++ b/package/crds/compute.gcp.upbound.io_vpntunnels.yaml @@ -709,6 +709,26 @@ spec: type: string type: object type: object + sharedSecretSecretRef: + description: |- + Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object targetVpnGateway: description: |- URL of the Target VPN gateway with which this VPN tunnel is @@ -876,6 +896,8 @@ spec: type: string type: object type: object + required: + - sharedSecretSecretRef type: object managementPolicies: default: diff --git a/package/crds/datalossprevention.gcp.upbound.io_deidentifytemplates.yaml b/package/crds/datalossprevention.gcp.upbound.io_deidentifytemplates.yaml index 503294c9b..14b958ff9 100644 --- a/package/crds/datalossprevention.gcp.upbound.io_deidentifytemplates.yaml +++ b/package/crds/datalossprevention.gcp.upbound.io_deidentifytemplates.yaml @@ -15646,8 +15646,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object surrogateInfoType: @@ -15775,8 +15773,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object type: object @@ -15890,8 +15886,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object customAlphabet: @@ -16049,8 +16043,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object lowerBoundDays: @@ -19061,6 +19053,31 @@ spec: description: |- Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Structure is documented below. + properties: + keySecretRef: + description: |- + A 128/192/256 bit key. + A base64-encoded string. + properties: + key: + description: The key + to select. + type: string + name: + description: Name + of the secret. + type: string + namespace: + description: Namespace + of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - keySecretRef type: object type: object surrogateInfoType: @@ -19165,6 +19182,31 @@ spec: description: |- Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Structure is documented below. + properties: + keySecretRef: + description: |- + A 128/192/256 bit key. + A base64-encoded string. + properties: + key: + description: The key + to select. + type: string + name: + description: Name + of the secret. + type: string + namespace: + description: Namespace + of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - keySecretRef type: object type: object type: object @@ -19255,6 +19297,31 @@ spec: description: |- Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Structure is documented below. + properties: + keySecretRef: + description: |- + A 128/192/256 bit key. + A base64-encoded string. + properties: + key: + description: The key + to select. + type: string + name: + description: Name + of the secret. + type: string + namespace: + description: Namespace + of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - keySecretRef type: object type: object customAlphabet: @@ -19389,6 +19456,31 @@ spec: description: |- Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Structure is documented below. + properties: + keySecretRef: + description: |- + A 128/192/256 bit key. + A base64-encoded string. + properties: + key: + description: The key + to select. + type: string + name: + description: Name + of the secret. + type: string + namespace: + description: Namespace + of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - keySecretRef type: object type: object lowerBoundDays: @@ -22594,8 +22686,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object surrogateInfoType: @@ -22723,8 +22813,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object type: object @@ -22838,8 +22926,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object customAlphabet: @@ -22997,8 +23083,6 @@ spec: - name - namespace type: object - required: - - keySecretRef type: object type: object lowerBoundDays: diff --git a/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml b/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml index b016a91fb..3caa4806a 100644 --- a/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml +++ b/package/crds/datastream.gcp.upbound.io_connectionprofiles.yaml @@ -1789,8 +1789,6 @@ spec: username: description: Username for the MySQL connection. type: string - required: - - passwordSecretRef type: object oracleProfile: description: |- @@ -1834,8 +1832,6 @@ spec: username: description: Username for the Oracle connection. type: string - required: - - passwordSecretRef type: object postgresqlProfile: description: |- @@ -2097,8 +2093,6 @@ spec: type: string type: object type: object - required: - - passwordSecretRef type: object privateConnectivity: description: |- @@ -2221,9 +2215,47 @@ spec: hostname: description: Hostname for the SSH tunnel. type: string + passwordSecretRef: + description: |- + SSH password. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object port: description: Port for the SSH tunnel. type: number + privateKeySecretRef: + description: |- + SSH private key. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object username: description: Username for the SSH tunnel. type: string @@ -2257,6 +2289,25 @@ spec: hostname: description: Hostname for the MySQL connection. type: string + passwordSecretRef: + description: |- + Password for the MySQL connection. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object port: description: Port for the MySQL connection. type: number @@ -2264,10 +2315,76 @@ spec: description: |- SSL configuration for the MySQL connection. Structure is documented below. + properties: + caCertificateSecretRef: + description: |- + PEM-encoded certificate of the CA that signed the source database + server's certificate. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientCertificateSecretRef: + description: |- + PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientKeySecretRef: + description: |- + PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object username: description: Username for the MySQL connection. type: string + required: + - passwordSecretRef type: object oracleProfile: description: |- @@ -2286,12 +2403,33 @@ spec: hostname: description: Hostname for the Oracle connection. type: string + passwordSecretRef: + description: |- + Password for the Oracle connection. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object port: description: Port for the Oracle connection. type: number username: description: Username for the Oracle connection. type: string + required: + - passwordSecretRef type: object postgresqlProfile: description: |- @@ -2454,6 +2592,25 @@ spec: type: string type: object type: object + passwordSecretRef: + description: |- + Password for the PostgreSQL connection. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object port: description: Port for the PostgreSQL connection. type: number @@ -2534,6 +2691,8 @@ spec: type: string type: object type: object + required: + - passwordSecretRef type: object privateConnectivity: description: |- diff --git a/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml b/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml index b86120c6d..1afbcc737 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml @@ -1153,6 +1153,25 @@ spec: Settings of integration with GitHub. Structure is documented below. properties: + accessTokenSecretRef: + description: |- + The access token used to authenticate the access to the GitHub repository. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object branches: description: A list of branches configured to be used from Dialogflow. diff --git a/package/crds/identityplatform.gcp.upbound.io_defaultsupportedidpconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_defaultsupportedidpconfigs.yaml index 957c9671d..79b05df41 100644 --- a/package/crds/identityplatform.gcp.upbound.io_defaultsupportedidpconfigs.yaml +++ b/package/crds/identityplatform.gcp.upbound.io_defaultsupportedidpconfigs.yaml @@ -134,6 +134,40 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + clientIdSecretRef: + description: OAuth client ID + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSecretRef: + description: OAuth client secret + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object enabled: description: If this IDP allows the user to sign in type: boolean @@ -145,6 +179,9 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + required: + - clientIdSecretRef + - clientSecretSecretRef type: object managementPolicies: default: diff --git a/package/crds/identityplatform.gcp.upbound.io_inboundsamlconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_inboundsamlconfigs.yaml index 388ce7619..3109b26e6 100644 --- a/package/crds/identityplatform.gcp.upbound.io_inboundsamlconfigs.yaml +++ b/package/crds/identityplatform.gcp.upbound.io_inboundsamlconfigs.yaml @@ -729,6 +729,26 @@ spec: The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below. items: + properties: + x509CertificateSecretRef: + description: |- + (Output) + The x509 certificate + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object type: array idpEntityId: diff --git a/package/crds/identityplatform.gcp.upbound.io_oauthidpconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_oauthidpconfigs.yaml index 54c709629..0592d0b5b 100644 --- a/package/crds/identityplatform.gcp.upbound.io_oauthidpconfigs.yaml +++ b/package/crds/identityplatform.gcp.upbound.io_oauthidpconfigs.yaml @@ -139,6 +139,41 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + clientIdSecretRef: + description: The client id of an OAuth client. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSecretRef: + description: The client secret of the OAuth client, to enable + OIDC code flow. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object displayName: description: Human friendly display name. type: string @@ -156,6 +191,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + required: + - clientIdSecretRef type: object managementPolicies: default: diff --git a/package/crds/identityplatform.gcp.upbound.io_tenantdefaultsupportedidpconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_tenantdefaultsupportedidpconfigs.yaml index 939af0d9c..732eb5072 100644 --- a/package/crds/identityplatform.gcp.upbound.io_tenantdefaultsupportedidpconfigs.yaml +++ b/package/crds/identityplatform.gcp.upbound.io_tenantdefaultsupportedidpconfigs.yaml @@ -214,6 +214,40 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + clientIdSecretRef: + description: OAuth client ID + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSecretRef: + description: OAuth client secret + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object enabled: description: If this IDP allows the user to sign in type: boolean @@ -305,6 +339,9 @@ spec: type: string type: object type: object + required: + - clientIdSecretRef + - clientSecretSecretRef type: object managementPolicies: default: diff --git a/package/crds/identityplatform.gcp.upbound.io_tenantinboundsamlconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_tenantinboundsamlconfigs.yaml index de890cf6d..7b05b1237 100644 --- a/package/crds/identityplatform.gcp.upbound.io_tenantinboundsamlconfigs.yaml +++ b/package/crds/identityplatform.gcp.upbound.io_tenantinboundsamlconfigs.yaml @@ -976,6 +976,26 @@ spec: The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. Structure is documented below. items: + properties: + x509CertificateSecretRef: + description: |- + (Output) + The x509 certificate + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object type: array idpEntityId: diff --git a/package/crds/identityplatform.gcp.upbound.io_tenantoauthidpconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_tenantoauthidpconfigs.yaml index e00a6f860..697f46f58 100644 --- a/package/crds/identityplatform.gcp.upbound.io_tenantoauthidpconfigs.yaml +++ b/package/crds/identityplatform.gcp.upbound.io_tenantoauthidpconfigs.yaml @@ -219,6 +219,41 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + clientIdSecretRef: + description: The client id of an OAuth client. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSecretRef: + description: The client secret of the OAuth client, to enable + OIDC code flow. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object displayName: description: Human friendly display name. type: string @@ -316,6 +351,8 @@ spec: type: string type: object type: object + required: + - clientIdSecretRef type: object managementPolicies: default: diff --git a/package/crds/kms.gcp.upbound.io_secretciphertexts.yaml b/package/crds/kms.gcp.upbound.io_secretciphertexts.yaml index 9baa6cb52..dd1f91c98 100644 --- a/package/crds/kms.gcp.upbound.io_secretciphertexts.yaml +++ b/package/crds/kms.gcp.upbound.io_secretciphertexts.yaml @@ -190,6 +190,25 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + additionalAuthenticatedDataSecretRef: + description: |- + The additional authenticated data used for integrity checks during encryption and decryption. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object cryptoKey: description: |- The full name of the CryptoKey that will be used to encrypt the provided plaintext. diff --git a/package/crds/monitoring.gcp.upbound.io_notificationchannels.yaml b/package/crds/monitoring.gcp.upbound.io_notificationchannels.yaml index 70d4a5296..f3d10fa00 100644 --- a/package/crds/monitoring.gcp.upbound.io_notificationchannels.yaml +++ b/package/crds/monitoring.gcp.upbound.io_notificationchannels.yaml @@ -952,6 +952,64 @@ spec: Credentials may not be specified in both locations and will cause an error. Changing from one location to a different credential configuration in the config will require an apply to update state. Structure is documented below. + properties: + authTokenSecretRef: + description: |- + An authorization token for a notification channel. Channel types that support this field include: slack + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + passwordSecretRef: + description: |- + An password for a notification channel. Channel types that support this field include: webhook_basicauth + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + serviceKeySecretRef: + description: |- + An servicekey token for a notification channel. Channel types that support this field include: pagerduty + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object type: description: The type of the notification channel. This field diff --git a/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml b/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml index ce2022e05..6f8c424ec 100644 --- a/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml +++ b/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml @@ -1702,8 +1702,6 @@ spec: username: description: The username to authenticate. type: string - required: - - passwordSecretRef type: object body: description: The request body associated with the HTTP POST @@ -2140,9 +2138,30 @@ spec: The authentication information. Optional when creating an HTTP check; defaults to empty. Structure is documented below. properties: + passwordSecretRef: + description: |- + The password to authenticate. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object username: description: The username to authenticate. type: string + required: + - passwordSecretRef type: object body: description: The request body associated with the HTTP POST diff --git a/package/crds/oslogin.gcp.upbound.io_sshpublickeys.yaml b/package/crds/oslogin.gcp.upbound.io_sshpublickeys.yaml index a19e32475..f7f601724 100644 --- a/package/crds/oslogin.gcp.upbound.io_sshpublickeys.yaml +++ b/package/crds/oslogin.gcp.upbound.io_sshpublickeys.yaml @@ -117,12 +117,32 @@ spec: expirationTimeUsec: description: An expiration time in microseconds since epoch. type: string + keySecretRef: + description: Public key text in SSH format, defined by RFC4253 + section 6.6. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object project: description: The project ID of the Google Cloud Platform project. type: string user: description: The user email. type: string + required: + - keySecretRef type: object managementPolicies: default: diff --git a/package/crds/privateca.gcp.upbound.io_certificates.yaml b/package/crds/privateca.gcp.upbound.io_certificates.yaml index 62ccf5beb..6087a044e 100644 --- a/package/crds/privateca.gcp.upbound.io_certificates.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificates.yaml @@ -3468,6 +3468,29 @@ spec: The format of the public key. Currently, only PEM format is supported. Possible values are: KEY_TYPE_UNSPECIFIED, PEM. type: string + keySecretRef: + description: Required. A public key. When this is specified + in a request, the padding and encoding can be any of + the options described by the respective 'KeyType' value. + When this is generated by the service, it will always + be an RFC 5280 SubjectPublicKeyInfo structure containing + an algorithm identifier and a key. A base64-encoded + string. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object type: object subjectConfig: description: |- diff --git a/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml b/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml index fbbb83839..c5adcdcb9 100644 --- a/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml +++ b/package/crds/secretmanager.gcp.upbound.io_secretversions.yaml @@ -212,6 +212,23 @@ spec: secret: description: Secret Manager secret resource type: string + secretDataSecretRef: + description: The secret data. Must be no larger than 64KiB. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object secretRef: description: Reference to a Secret in secretmanager to populate secret. @@ -288,6 +305,8 @@ spec: type: string type: object type: object + required: + - secretDataSecretRef type: object managementPolicies: default: diff --git a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml index 6642fd349..a057a3f34 100644 --- a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml @@ -3077,6 +3077,23 @@ spec: Time in ms between replication heartbeats. type: number + passwordSecretRef: + description: Password for the replication connection. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object sslCipher: description: Permissible ciphers for use in SSL encryption. type: string @@ -3106,6 +3123,24 @@ spec: description: The full project ID of the source instance.` type: string type: object + rootPasswordSecretRef: + description: Initial root password. Can be updated. Required for + MS SQL Server. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object settings: description: |- The settings to use for the database. The diff --git a/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml b/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml index e94d34a9c..dc5d82726 100644 --- a/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_sourcerepresentationinstances.yaml @@ -182,6 +182,25 @@ spec: or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. type: string + passwordSecretRef: + description: |- + The password for the replication user account. + Note: This property is sensitive and will not be displayed in the plan. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object port: description: |- The externally accessible port for the source database server. diff --git a/package/crds/sql.gcp.upbound.io_users.yaml b/package/crds/sql.gcp.upbound.io_users.yaml index b588ca44f..4b786dae0 100644 --- a/package/crds/sql.gcp.upbound.io_users.yaml +++ b/package/crds/sql.gcp.upbound.io_users.yaml @@ -998,6 +998,27 @@ spec: period. type: string type: object + passwordSecretRef: + description: |- + The password for the user. Can be updated. For Postgres + instances this is a Required field, unless type is set to either CLOUD_IAM_USER + or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER + and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object project: description: |- The ID of the project in which the resource belongs. If it diff --git a/package/crds/storage.gcp.upbound.io_bucketobjects.yaml b/package/crds/storage.gcp.upbound.io_bucketobjects.yaml index 84741d2a2..7e89c5c2c 100644 --- a/package/crds/storage.gcp.upbound.io_bucketobjects.yaml +++ b/package/crds/storage.gcp.upbound.io_bucketobjects.yaml @@ -979,8 +979,6 @@ spec: - name - namespace type: object - required: - - encryptionKeySecretRef type: object detectMd5Hash: description: 'MD5 hash of the data, encoded using base64. This @@ -1159,6 +1157,25 @@ spec: encryptionAlgorithm: description: 'Encryption algorithm. Default: AES256' type: string + encryptionKeySecretRef: + description: Base64 encoded Customer-Supplied Encryption Key. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - encryptionKeySecretRef type: object detectMd5Hash: description: 'MD5 hash of the data, encoded using base64. This From a2af467da6eeab7d4460f7cb95443676cd7e465f Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Tue, 4 Jun 2024 15:26:19 +0300 Subject: [PATCH 2/4] Remove manual MaxItems sync configurations - We are introducing a schema traverser in upjet that's capable of synching the MaxItems constraints from the Go resource schema to the JSON schema. So we switch from manual configuration to automatic constraint syncing (for now, only MaxItems constraints are synced). - We would like to get rid of the JSON schema completely with a major version bump. - Automatic syncing will also help with the new resources as we will not need to consider syncing the MaxItems constraints on their fields. Signed-off-by: Alper Rifat Ulucinar --- config/cloudcomposer/config.go | 8 -------- config/compute/config.go | 3 --- config/container/config.go | 25 ------------------------- config/kms/config.go | 23 ----------------------- 4 files changed, 59 deletions(-) diff --git a/config/cloudcomposer/config.go b/config/cloudcomposer/config.go index 59c03f7ac..1b337c3ff 100644 --- a/config/cloudcomposer/config.go +++ b/config/cloudcomposer/config.go @@ -5,8 +5,6 @@ package composer import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/crossplane/upjet/pkg/config" ) @@ -30,12 +28,6 @@ func Configure(p *config.Provider) { TerraformName: "google_compute_subnetwork", } - r.TerraformResource.Schema["config"].Elem.(*schema.Resource). - Schema["node_config"].Elem.(*schema.Resource). - Schema["ip_allocation_policy"].MaxItems = 1 - - r.AddSingletonListConversion("config[*].node_config[*].ip_allocation_policy", "config[*].nodeConfig[*].ipAllocationPolicy") - r.MarkAsRequired("region") }) } diff --git a/config/compute/config.go b/config/compute/config.go index 041de8420..2a08d0324 100644 --- a/config/compute/config.go +++ b/config/compute/config.go @@ -187,9 +187,6 @@ func Configure(p *config.Provider) { //nolint: gocyclo Schema["initialize_params"].Elem.(*schema.Resource). Schema["labels"].Elem = schema.TypeString r.TerraformResource.Schema["metadata"].Elem = schema.TypeString - r.TerraformResource.Schema["service_account"].MaxItems = 1 - - r.AddSingletonListConversion("service_account", "service_account") r.References["network_interface.network"] = config.Reference{ TerraformName: "google_compute_network", diff --git a/config/container/config.go b/config/container/config.go index f17f66142..2b2c537e3 100644 --- a/config/container/config.go +++ b/config/container/config.go @@ -8,7 +8,6 @@ import ( "encoding/base64" "net/url" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "github.com/crossplane/upjet/pkg/config" @@ -127,22 +126,6 @@ func Configure(p *config.Provider) { //nolint:gocyclo Extractor: common.PathSelfLinkExtractor, } - gaNodePool := r.TerraformResource.Schema["node_pool"].Elem.(*schema.Resource). - Schema["node_config"].Elem.(*schema.Resource). - Schema["guest_accelerator"].Elem.(*schema.Resource) - gaNodePool.Schema["gpu_driver_installation_config"].MaxItems = 1 - gaNodePool.Schema["gpu_sharing_config"].MaxItems = 1 - - gaNodeConfig := r.TerraformResource.Schema["node_config"].Elem.(*schema.Resource). - Schema["guest_accelerator"].Elem.(*schema.Resource) - gaNodeConfig.Schema["gpu_driver_installation_config"].MaxItems = 1 - gaNodeConfig.Schema["gpu_sharing_config"].MaxItems = 1 - - r.AddSingletonListConversion("node_pool[*].node_config[*].guest_accelerator[*].gpu_sharing_config", "nodePool[*].nodeConfig[*].guestAccelerator[*].gpuSharingConfig") - r.AddSingletonListConversion("node_pool[*].node_config[*].guest_accelerator[*].gpu_driver_installation_config", "nodePool[*].nodeConfig[*].guestAccelerator[*].gpuDriverInstallationConfig") - r.AddSingletonListConversion("node_config[*].guest_accelerator[*].gpu_sharing_config", "nodeConfig[*].guestAccelerator[*].gpuSharingConfig") - r.AddSingletonListConversion("node_config[*].guest_accelerator[*].gpu_driver_installation_config", "nodeConfig[*].guestAccelerator[*].gpuDriverInstallationConfig") - config.MarkAsRequired(r.TerraformResource, "location") }) @@ -158,14 +141,6 @@ func Configure(p *config.Provider) { //nolint:gocyclo Extractor: common.ExtractResourceIDFuncPath, } - gaNodeConfig := r.TerraformResource.Schema["node_config"].Elem.(*schema.Resource). - Schema["guest_accelerator"].Elem.(*schema.Resource) - gaNodeConfig.Schema["gpu_driver_installation_config"].MaxItems = 1 - gaNodeConfig.Schema["gpu_sharing_config"].MaxItems = 1 - - r.AddSingletonListConversion("node_config[*].guest_accelerator[*].gpu_sharing_config", "nodeConfig[*].guestAccelerator[*].gpuSharingConfig") - r.AddSingletonListConversion("node_config[*].guest_accelerator[*].gpu_driver_installation_config", "nodeConfig[*].guestAccelerator[*].gpuDriverInstallationConfig") - r.TerraformCustomDiff = func(diff *terraform.InstanceDiff, _ *terraform.InstanceState, _ *terraform.ResourceConfig) (*terraform.InstanceDiff, error) { if diff == nil || diff.Destroy { return diff, nil diff --git a/config/kms/config.go b/config/kms/config.go index eebf01cef..98e4f0b66 100644 --- a/config/kms/config.go +++ b/config/kms/config.go @@ -5,10 +5,7 @@ package kms import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/crossplane/upjet/pkg/config" - "github.com/crossplane/upjet/pkg/config/conversion" "github.com/upbound/provider-gcp/config/common" ) @@ -42,24 +39,4 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("google_kms_secret_ciphertext", func(r *config.Resource) { r.TerraformResource.Schema["plaintext"].Sensitive = false }) - - p.AddResourceConfigurator("google_kms_crypto_key_version", func(r *config.Resource) { - attestation := r.TerraformResource.Schema["attestation"].Elem.(*schema.Resource) - attestation.Schema["cert_chains"].MaxItems = 1 - attestation.Schema["external_protection_level_options"].MaxItems = 1 - - r.Version = "v1beta2" - r.PreviousVersions = []string{common.VersionV1Beta1} - // we would like to set the storage version to v1beta1 to facilitate - // downgrades. - r.SetCRDStorageVersion("v1beta1") - r.ControllerReconcileVersion = "v1beta1" - r.Conversions = []conversion.Conversion{ - conversion.NewIdentityConversionExpandPaths(conversion.AllVersions, conversion.AllVersions, conversion.DefaultPathPrefixes(), r.CRDListConversionPaths()...), - conversion.NewSingletonListConversion("v1beta1", "v1beta2", conversion.DefaultPathPrefixes(), r.CRDListConversionPaths(), conversion.ToEmbeddedObject), - conversion.NewSingletonListConversion("v1beta2", "v1beta1", conversion.DefaultPathPrefixes(), r.CRDListConversionPaths(), conversion.ToSingletonList)} - - r.AddSingletonListConversion("attestation[*].cert_chains", "attestation[*].certChains") - r.AddSingletonListConversion("attestation[*].external_protection_level_options", "attestation[*].externalProtectionLevelOptions") - }) } From 46b1b34e5e9cdd65edb737e1978dcf519fae6bfe Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Tue, 4 Jun 2024 15:33:00 +0300 Subject: [PATCH 3/4] Use the maxItemsSync schema traverser to sync the MaxItems constraints from the Go resource schema to the JSON schema. Signed-off-by: Alper Rifat Ulucinar --- config/provider.go | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/config/provider.go b/config/provider.go index 928c1a7ab..ef4ba1eeb 100644 --- a/config/provider.go +++ b/config/provider.go @@ -12,6 +12,7 @@ import ( ujconfig "github.com/crossplane/upjet/pkg/config" "github.com/crossplane/upjet/pkg/config/conversion" "github.com/crossplane/upjet/pkg/registry/reference" + "github.com/crossplane/upjet/pkg/schema/traverser" conversiontfjson "github.com/crossplane/upjet/pkg/types/conversion/tfjson" "github.com/crossplane/upjet/pkg/types/name" tfjson "github.com/hashicorp/terraform-json" @@ -157,15 +158,21 @@ func getProviderSchema(s string) (*schema.Provider, error) { // GetProvider returns provider configuration func GetProvider(_ context.Context, generationProvider bool) (*ujconfig.Provider, error) { - var p *schema.Provider - var err error + sdkProvider := provider.Provider() + if generationProvider { - p, err = getProviderSchema(providerSchema) - } else { - p = provider.Provider() - } - if err != nil { - return nil, errors.Wrapf(err, "cannot get the Terraform provider schema with generation mode set to %t", generationProvider) + p, err := getProviderSchema(providerSchema) + if err != nil { + return nil, errors.Wrap(err, "cannot read the Terraform SDK provider from the JSON schema for code generation") + } + if err := traverser.TFResourceSchema(sdkProvider.ResourcesMap).TraverseTFSchemas(traverser.NewMaxItemsSync(p.ResourcesMap)); err != nil { + return nil, errors.Wrap(err, "cannot sync the MaxItems constraints between the Go schema and the JSON schema") + } + // use the JSON schema to temporarily prevent float64->int64 + // conversions in the CRD APIs. + // We would like to convert to int64s with the next major release of + // the provider. + sdkProvider = p } pc := ujconfig.NewProvider([]byte(providerSchema), resourcePrefix, modulePath, providerMetadata, @@ -185,7 +192,7 @@ func GetProvider(_ context.Context, generationProvider bool) (*ujconfig.Provider ujconfig.WithSkipList(skipList), ujconfig.WithFeaturesPackage("internal/features"), ujconfig.WithMainTemplate(hack.MainTemplate), - ujconfig.WithTerraformProvider(p), + ujconfig.WithTerraformProvider(sdkProvider), ujconfig.WithSchemaTraversers(&ujconfig.SingletonListEmbedder{}), ) From d141ae6254b508cd23b33f2e81f5bf51bc3bcdd7 Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Wed, 12 Jun 2024 16:03:32 +0300 Subject: [PATCH 4/4] Update upjet to commit 37c7f4e91d57 Signed-off-by: Alper Rifat Ulucinar --- config/provider.go | 2 +- go.mod | 6 +++--- go.sum | 8 ++++++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/config/provider.go b/config/provider.go index ef4ba1eeb..b3389cab4 100644 --- a/config/provider.go +++ b/config/provider.go @@ -165,7 +165,7 @@ func GetProvider(_ context.Context, generationProvider bool) (*ujconfig.Provider if err != nil { return nil, errors.Wrap(err, "cannot read the Terraform SDK provider from the JSON schema for code generation") } - if err := traverser.TFResourceSchema(sdkProvider.ResourcesMap).TraverseTFSchemas(traverser.NewMaxItemsSync(p.ResourcesMap)); err != nil { + if err := traverser.TFResourceSchema(sdkProvider.ResourcesMap).Traverse(traverser.NewMaxItemsSync(p.ResourcesMap)); err != nil { return nil, errors.Wrap(err, "cannot sync the MaxItems constraints between the Go schema and the JSON schema") } // use the JSON schema to temporarily prevent float64->int64 diff --git a/go.mod b/go.mod index 2dce08515..2133aa23c 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( dario.cat/mergo v1.0.0 github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57 github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 - github.com/crossplane/upjet v1.4.0-rc.0.0.20240515193317-92d1af84d242 + github.com/crossplane/upjet v1.4.1-0.20240612123927-37c7f4e91d57 github.com/hashicorp/terraform-json v0.18.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14 @@ -33,6 +33,7 @@ require ( github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/agext/levenshtein v1.2.3 // indirect + github.com/alecthomas/kingpin/v2 v2.4.0 // indirect github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect github.com/antchfx/htmlquery v1.2.4 // indirect @@ -136,6 +137,7 @@ require ( github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + github.com/xhit/go-str2duration/v2 v2.1.0 // indirect github.com/yuin/goldmark v1.4.13 // indirect github.com/zclconf/go-cty v1.14.1 // indirect github.com/zclconf/go-cty-yaml v1.0.3 // indirect @@ -179,5 +181,3 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) - -replace github.com/crossplane/upjet => github.com/ulucinar/upbound-upjet v0.0.0-20240530235240-f4f87bab8535 diff --git a/go.sum b/go.sum index 3976fdedd..3b5a55ced 100644 --- a/go.sum +++ b/go.sum @@ -25,6 +25,8 @@ github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjA github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY= +github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/kong v0.2.16/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -73,6 +75,8 @@ github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876f github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57/go.mod h1:Pz2tdGVMF6KDGzHZOkvKro0nKc8EzK0sb/nSA7pH4Dc= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 h1:HigXs5tEQxWz0fcj8hzbU2UAZgEM7wPe0XRFOsrtF8Y= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= +github.com/crossplane/upjet v1.4.1-0.20240612123927-37c7f4e91d57 h1:hyKXccOb8BepVJj79KsvwYsid5Lhlr2DojO29Sqi+rw= +github.com/crossplane/upjet v1.4.1-0.20240612123927-37c7f4e91d57/go.mod h1:wkdZf/Cvhr6PI30VdHIOjg4dX39Z5uijqnLWFk5PbGM= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= @@ -386,8 +390,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= -github.com/ulucinar/upbound-upjet v0.0.0-20240530235240-f4f87bab8535 h1:D/tIcJSNk7idLCeCU4ZWRwhVwpVXruAlDn0iQG2Qvjc= -github.com/ulucinar/upbound-upjet v0.0.0-20240530235240-f4f87bab8535/go.mod h1:3pDVtCgyBc5f2Zx4K5HEPxxhjndmOc5CHCJNpIivK/g= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= @@ -399,6 +401,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAh github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=