Skip to content

Commit

Permalink
Update to ACK runtime v0.39.0, code-generator v0.39.1 (#10)
Browse files Browse the repository at this point in the history 
### Update to ACK runtime `v0.39.0`, code-generator `v0.39.1`

----------

* ACK code-generator `v0.39.1` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.39.1)
* ACK runtime `v0.39.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.39.0)

----------

NOTE:
This PR increments the release version of service controller from `v0.0.5` to `v0.0.6`

Once this PR is merged, release `v0.0.6` will be automatically created for `ram-controller`

**Please close this PR, if you do not want the new patch release for `ram-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building ram-controller ====
Copying common custom resource definitions into ram
Building Kubernetes API objects for ram
Generating deepcopy code for ram
Generating custom resource definitions for ram
Building service controller for ram
Generating RBAC manifests for ram
Running gofmt against generated code for ram
Updating additional GitHub repository maintenance files
==== building ram-controller release artifacts ====
Building release artifacts for ram-v0.0.6
Generating common custom resource definitions
Generating custom resource definitions for ram
Generating RBAC manifests for ram
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
  • Loading branch information
@ack-bot
ack-bot authored Oct 15, 2024
1 parent 9d0b855 commit d3e64cb
Show file tree
Hide file tree
Showing 18 changed files with 129 additions and 271 deletions.
8 changes: 4 additions & 4 deletions apis/v1alpha1/ack-generate-metadata.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ack_generate_info:
build_date: "2024-09-23T21:53:56Z"
build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc
go_version: go1.23.0
version: v0.38.1
build_date: "2024-10-15T18:17:27Z"
build_hash: ab15f9206796e9660c51695fab0ff07a09ea28e2
go_version: go1.23.2
version: v0.39.1-2-gab15f92
api_directory_checksum: 40345cfd6c95d741d814c140367949d9e3e9b811
api_version: v1alpha1
aws_sdk_go_version: v1.49.0
Expand Down
2 changes: 1 addition & 1 deletion config/controller/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ kind: Kustomization
images:
- name: controller
newName: public.ecr.aws/aws-controllers-k8s/ram-controller
newTag: 0.0.5
newTag: 0.0.6
14 changes: 1 addition & 13 deletions config/crd/bases/ram.services.k8s.aws_permissions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.2
name: permissions.ram.services.k8s.aws
spec:
group: ram.services.k8s.aws
Expand Down Expand Up @@ -49,25 +49,21 @@ spec:
A string in JSON format string that contains the following elements of a
resource-based policy:
* Effect: must be set to ALLOW.
* Action: specifies the actions that are allowed by this customer managed
permission. The list must contain only actions that are supported by the
specified resource type. For a list of all actions supported by each resource
type, see Actions, resources, and condition keys for Amazon Web Services
services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
in the Identity and Access Management User Guide.
* Condition: (optional) specifies conditional parameters that must evaluate
to true when a user attempts an action for that action to be allowed.
For more information about the Condition element, see IAM policies: Condition
element (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html)
in the Identity and Access Management User Guide.
This template can't include either the Resource or Principal elements. Those
are both filled in by RAM when it instantiates the resource-based policy
on each resource shared using this managed permission. The Resource comes
Expand All @@ -79,7 +75,6 @@ spec:
Specifies the name of the resource type that this customer managed permission
applies to.
The format is <service-code>:<resource-type> and is not case sensitive. For
example, to specify an Amazon EC2 Subnet, you can use the string ec2:subnet.
To see the list of valid values for this parameter, query the ListResourceTypes
Expand All @@ -96,7 +91,6 @@ spec:
help you secure your resources. For more information, see Controlling access
to Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html).
For more information about tags, see Tagging Amazon Web Services resources
(https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the Amazon
Web Services General Reference Guide.
Expand Down Expand Up @@ -129,7 +123,6 @@ spec:
when it has verified that an "adopted" resource (a resource where the
ARN annotation was set by the Kubernetes user on the CR) exists and
matches the supplied CR's Spec field values.
TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse
https://github.com/aws/aws-controllers-k8s/issues/270
type: string
ownerAccountID:
Expand Down Expand Up @@ -194,14 +187,12 @@ spec:
Indicates what features are available for this resource share. This parameter
can have one of the following values:
* STANDARD – A resource share that supports all functionality. These
resource shares are visible to all principals you share the resource share
with. You can modify these resource shares in RAM using the console or
APIs. This resource share might have been created by RAM, or it might
have been CREATED_FROM_POLICY and then promoted.
* CREATED_FROM_POLICY – The customer manually shared a resource by attaching
a resource-based policy. That policy did not match any existing managed
permissions, so RAM created this customer managed permission automatically
Expand All @@ -210,7 +201,6 @@ spec:
created it. You can't modify it in RAM unless you promote it. For more
information, see PromoteResourceShareCreatedFromPolicy.
* PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY,
but the customer ran the PromoteResourceShareCreatedFromPolicy and that
operation is still in progress. This value changes to STANDARD when complete.
Expand All @@ -228,12 +218,10 @@ spec:
description: |-
The type of managed permission. This can be one of the following values:
* AWS_MANAGED – Amazon Web Services created and manages this managed
permission. You can associate it with your resource shares, but you can't
modify it.
* CUSTOMER_MANAGED – You, or another principal in your account created
this managed permission. You can associate it with your resource shares
and create new versions that have different permissions.
Expand Down
17 changes: 2 additions & 15 deletions config/crd/bases/ram.services.k8s.aws_resourceshares.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.2
name: resourceshares.ram.services.k8s.aws
spec:
group: ram.services.k8s.aws
Expand Down Expand Up @@ -40,7 +40,6 @@ spec:
description: |-
ResourceShareSpec defines the desired state of ResourceShare.
Describes a resource share in RAM.
properties:
allowExternalPrincipals:
Expand Down Expand Up @@ -68,7 +67,7 @@ spec:
items:
description: "AWSResourceReferenceWrapper provides a wrapper around
*AWSResourceReference\ntype to provide more user friendly syntax
for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t
for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t
\ name: my-api"
properties:
from:
Expand All @@ -88,27 +87,20 @@ spec:
Specifies a list of one or more principals to associate with the resource
share.
You can include the following values:
* An Amazon Web Services account ID, for example: 123456789012
* An Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
* An ARN of an organizational unit (OU) in Organizations, for example:
organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
* An ARN of an IAM role, for example: iam::123456789012:role/rolename
* An ARN of an IAM user, for example: iam::123456789012user/username
Not all resource types can be shared with IAM roles and users. For more information,
see Sharing with IAM roles and users (https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types)
in the Resource Access Manager User Guide.
Expand Down Expand Up @@ -141,7 +133,6 @@ spec:
help you secure your resources. For more information, see Controlling access
to Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html).
For more information about tags, see Tagging Amazon Web Services resources
(https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the Amazon
Web Services General Reference Guide.
Expand Down Expand Up @@ -172,7 +163,6 @@ spec:
when it has verified that an "adopted" resource (a resource where the
ARN annotation was set by the Kubernetes user on the CR) exists and
matches the supplied CR's Spec field values.
TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse
https://github.com/aws/aws-controllers-k8s/issues/270
type: string
ownerAccountID:
Expand Down Expand Up @@ -232,14 +222,12 @@ spec:
Indicates what features are available for this resource share. This parameter
can have one of the following values:
* STANDARD – A resource share that supports all functionality. These
resource shares are visible to all principals you share the resource share
with. You can modify these resource shares in RAM using the console or
APIs. This resource share might have been created by RAM, or it might
have been CREATED_FROM_POLICY and then promoted.
* CREATED_FROM_POLICY – The customer manually shared a resource by attaching
a resource-based policy. That policy did not match any existing managed
permissions, so RAM created this customer managed permission automatically
Expand All @@ -248,7 +236,6 @@ spec:
created it. You can't modify it in RAM unless you promote it. For more
information, see PromoteResourceShareCreatedFromPolicy.
* PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY,
but the customer ran the PromoteResourceShareCreatedFromPolicy and that
operation is still in progress. This value changes to STANDARD when complete.
Expand Down
7 changes: 1 addition & 6 deletions config/crd/common/bases/services.k8s.aws_adoptedresources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.2
name: adoptedresources.services.k8s.aws
spec:
group: services.k8s.aws
Expand Down Expand Up @@ -78,11 +78,9 @@ spec:
automatically converts this to an arbitrary string-string map.
https://github.com/kubernetes-sigs/controller-tools/issues/385
Active discussion about inclusion of this field in the spec is happening in this PR:
https://github.com/kubernetes-sigs/controller-tools/pull/395
Until this is allowed, or if it never is, we will produce a subset of the object meta
that contains only the fields which the user is allowed to modify in the metadata.
properties:
Expand All @@ -105,13 +103,11 @@ spec:
and may be truncated by the length of the suffix required to make the value
unique on the server.
If this field is specified and the generated name exists, the server will
NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
ServerTimeout indicating a unique name could not be found in the time allotted, and the client
should retry (optionally after the time indicated in the Retry-After header).
Applied only if Name is not specified.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
type: string
Expand Down Expand Up @@ -140,7 +136,6 @@ spec:
Not all objects are required to be scoped to a namespace - the value of this field for
those objects will be empty.
Must be a DNS_LABEL.
Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/namespaces
Expand Down
2 changes: 1 addition & 1 deletion config/crd/common/bases/services.k8s.aws_fieldexports.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.2
name: fieldexports.services.k8s.aws
spec:
group: services.k8s.aws
Expand Down
50 changes: 3 additions & 47 deletions config/rbac/cluster-role-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ rules:
- ""
resources:
- configmaps
- secrets
verbs:
- get
- list
Expand All @@ -21,38 +22,10 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- patch
- watch
- apiGroups:
- ram.services.k8s.aws
resources:
- permissions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ram.services.k8s.aws
resources:
- permissions/status
verbs:
- get
- patch
- update
- apiGroups:
- ram.services.k8s.aws
resources:
- resourceshares
verbs:
- create
Expand All @@ -65,6 +38,7 @@ rules:
- apiGroups:
- ram.services.k8s.aws
resources:
- permissions/status
- resourceshares/status
verbs:
- get
Expand All @@ -74,25 +48,6 @@ rules:
- services.k8s.aws
resources:
- adoptedresources
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- services.k8s.aws
resources:
- adoptedresources/status
verbs:
- get
- patch
- update
- apiGroups:
- services.k8s.aws
resources:
- fieldexports
verbs:
- create
Expand All @@ -105,6 +60,7 @@ rules:
- apiGroups:
- services.k8s.aws
resources:
- adoptedresources/status
- fieldexports/status
verbs:
- get
Expand Down
Loading

0 comments on commit d3e64cb

Please sign in to comment.