From 279c4bf8b938cc07ecb3db9476a36ce9e35376e7 Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Wed, 6 Aug 2025 13:12:20 +0100 Subject: [PATCH] feat: Pull in EKS APIs --- .../v2/api/v1beta2/awsmachine_types.go | 12 + .../awsmanagedclustertemplate_types.go | 56 ++ .../v2/api/v1beta2/network_types.go | 22 +- .../v2/api/v1beta2/tags.go | 6 + .../v2/api/v1beta2/zz_generated.deepcopy.go | 97 +++ .../eks/api/v1beta2/condition_consts.go | 50 ++ .../bootstrap/eks/api/v1beta2/conversion.go | 29 + .../v2/bootstrap/eks/api/v1beta2/doc.go | 21 + .../eks/api/v1beta2/eksconfig_types.go | 347 +++++++++ .../api/v1beta2/eksconfigtemplate_types.go | 56 ++ .../eks/api/v1beta2/groupversion_info.go | 36 + .../eks/api/v1beta2/zz_generated.deepcopy.go | 604 +++++++++++++++ .../v1beta2/awsmanagedcontrolplane_types.go | 361 +++++++++ .../awsmanagedcontrolplanetemplate_types.go | 56 ++ .../eks/api/v1beta2/conditions_consts.go | 60 ++ .../eks/api/v1beta2/conversion.go | 26 + .../v2/controlplane/eks/api/v1beta2/doc.go | 21 + .../eks/api/v1beta2/groupversion_info.go | 36 + .../v2/controlplane/eks/api/v1beta2/types.go | 281 +++++++ .../controlplane/eks/api/v1beta2/validate.go | 99 +++ .../eks/api/v1beta2/zz_generated.deepcopy.go | 702 ++++++++++++++++++ .../v2/iam/api/v1beta1/types.go | 169 +++++ .../iam/api/v1beta1/zz_generated.deepcopy.go | 211 ++++++ api/go.mod | 6 +- api/go.sum | 11 +- go.mod | 3 +- go.sum | 7 +- hack/third-party/capa/go.mod | 74 +- hack/third-party/capa/go.sum | 165 ++-- make/apis.mk | 26 +- make/clusterctl.mk | 14 +- make/dev.mk | 15 +- 32 files changed, 3532 insertions(+), 147 deletions(-) create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmanagedclustertemplate_types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/condition_consts.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/conversion.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/doc.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfig_types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfigtemplate_types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/groupversion_info.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/zz_generated.deepcopy.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplanetemplate_types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conditions_consts.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conversion.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/doc.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/groupversion_info.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/validate.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/zz_generated.deepcopy.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/types.go create mode 100644 api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/zz_generated.deepcopy.go diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go index 213b6fc87..43ac3da2d 100644 --- a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmachine_types.go @@ -29,6 +29,16 @@ const ( // DefaultIgnitionVersion represents default Ignition version generated for machine userdata. DefaultIgnitionVersion = "2.3" + + // DefaultIgnitionStorageType represents the default storage type of Ignition userdata + DefaultIgnitionStorageType = IgnitionStorageTypeOptionClusterObjectStore + + // DefaultMachinePoolIgnitionStorageType represents the default storage type of Ignition userdata for machine pools. + // + // This is only different from DefaultIgnitionStorageType because of backward compatibility. Machine pools used to + // default to store Ignition user data directly on the EC2 instance. Since the choice between remote storage (S3) + // and direct storage was introduced, the default was kept, but might change in newer API versions. + DefaultMachinePoolIgnitionStorageType = IgnitionStorageTypeOptionUnencryptedUserData ) // SecretBackend defines variants for backend secret storage. @@ -64,6 +74,8 @@ const ( ) // AWSMachineSpec defines the desired state of an Amazon EC2 instance. +// +kubebuilder:validation:XValidation:rule="!has(self.capacityReservationId) || !has(self.marketType) || self.marketType != 'Spot'",message="capacityReservationId may not be set when marketType is Spot" +// +kubebuilder:validation:XValidation:rule="!has(self.capacityReservationId) || !has(self.spotMarketOptions)",message="capacityReservationId cannot be set when spotMarketOptions is specified" type AWSMachineSpec struct { // ProviderID is the unique identifier as specified by the cloud provider. ProviderID *string `json:"providerID,omitempty"` diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmanagedclustertemplate_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmanagedclustertemplate_types.go new file mode 100644 index 000000000..266ccf400 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/awsmanagedclustertemplate_types.go @@ -0,0 +1,56 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// AWSManagedClusterTemplateSpec defines the desired state of AWSManagedClusterTemplate. +type AWSManagedClusterTemplateSpec struct { + Template AWSManagedClusterTemplateResource `json:"template"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=awsmanagedclustertemplates,scope=Namespaced,categories=cluster-api,shortName=amct +// +kubebuilder:storageversion + +// AWSManagedClusterTemplate is the Schema for the AWSManagedClusterTemplates API. +type AWSManagedClusterTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec AWSManagedClusterTemplateSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// AWSManagedClusterTemplateList contains a list of AWSManagedClusterTemplates. +type AWSManagedClusterTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AWSManagedClusterTemplate `json:"items"` +} + +func init() { + SchemeBuilder.Register(&AWSManagedClusterTemplate{}, &AWSManagedClusterTemplateList{}) +} + +// AWSManagedClusterTemplateResource describes the data needed to create an AWSManagedCluster from a template. +type AWSManagedClusterTemplateResource struct { + Spec AWSManagedClusterSpec `json:"spec"` +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go index 05a0d9a92..0a27a1c4d 100644 --- a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go @@ -21,8 +21,8 @@ import ( "sort" "time" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" "k8s.io/utils/ptr" ) @@ -207,6 +207,14 @@ type TargetGroupAttribute string var ( // TargetGroupAttributeEnablePreserveClientIP defines the attribute key for enabling preserve client IP. TargetGroupAttributeEnablePreserveClientIP = "preserve_client_ip.enabled" + + // TargetGroupAttributeEnableConnectionTermination defines the attribute key for terminating + // established connections to unhealthy targets. + TargetGroupAttributeEnableConnectionTermination = "target_health_state.unhealthy.connection_termination.enabled" + + // TargetGroupAttributeUnhealthyDrainingIntervalSeconds defines the attribute key for the + // unhealthy target connection draining interval. + TargetGroupAttributeUnhealthyDrainingIntervalSeconds = "target_health_state.unhealthy.draining_interval_seconds" ) // LoadBalancerAttribute defines a set of attributes for a V2 load balancer. @@ -352,6 +360,10 @@ type NetworkSpec struct { // +optional AdditionalControlPlaneIngressRules []IngressRule `json:"additionalControlPlaneIngressRules,omitempty"` + // AdditionalNodeIngressRules is an optional set of ingress rules to add to every node + // +optional + AdditionalNodeIngressRules []IngressRule `json:"additionalNodeIngressRules,omitempty"` + // NodePortIngressRuleCidrBlocks is an optional set of CIDR blocks to allow traffic to nodes' NodePort services. // If none are specified here, all IPs are allowed to connect. // +optional @@ -655,11 +667,11 @@ func (s *SubnetSpec) IsEdgeWavelength() bool { } // SetZoneInfo updates the subnets with zone information. -func (s *SubnetSpec) SetZoneInfo(zones []*ec2.AvailabilityZone) error { - zoneInfo := func(zoneName string) *ec2.AvailabilityZone { +func (s *SubnetSpec) SetZoneInfo(zones []types.AvailabilityZone) error { + zoneInfo := func(zoneName string) *types.AvailabilityZone { for _, zone := range zones { if aws.StringValue(zone.ZoneName) == zoneName { - return zone + return &zone } } return nil @@ -814,7 +826,7 @@ func (s Subnets) GetUniqueZones() []string { } // SetZoneInfo updates the subnets with zone information. -func (s Subnets) SetZoneInfo(zones []*ec2.AvailabilityZone) error { +func (s Subnets) SetZoneInfo(zones []types.AvailabilityZone) error { for i := range s { if err := s[i].SetZoneInfo(zones); err != nil { return err diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/tags.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/tags.go index e6e0ea7e7..45bc371a4 100644 --- a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/tags.go +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/tags.go @@ -195,6 +195,12 @@ const ( // of the bootstrap secret that was used to create the user data for the latest launch // template version. LaunchTemplateBootstrapDataSecret = NameAWSProviderPrefix + "bootstrap-data-secret" + + // LaunchTemplateBootstrapDataHash is the tag we use to store the hash of the raw bootstrap data. + // If bootstrap data is stored in S3, this hash relates to that data, not to the EC2 instance + // user data which only references the S3 object. We store this tag on launch template versions + // so that S3 bootstrap data objects can be deleted when they get outdated. + LaunchTemplateBootstrapDataHash = NameAWSProviderPrefix + "bootstrap-data-hash" ) // ClusterTagKey generates the key for resources associated with a cluster. diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/zz_generated.deepcopy.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/zz_generated.deepcopy.go index a3ef61f24..1bfe5ddc4 100644 --- a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/zz_generated.deepcopy.go +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/zz_generated.deepcopy.go @@ -1043,6 +1043,96 @@ func (in *AWSManagedClusterStatus) DeepCopy() *AWSManagedClusterStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedClusterTemplate) DeepCopyInto(out *AWSManagedClusterTemplate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedClusterTemplate. +func (in *AWSManagedClusterTemplate) DeepCopy() *AWSManagedClusterTemplate { + if in == nil { + return nil + } + out := new(AWSManagedClusterTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSManagedClusterTemplate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedClusterTemplateList) DeepCopyInto(out *AWSManagedClusterTemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AWSManagedClusterTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedClusterTemplateList. +func (in *AWSManagedClusterTemplateList) DeepCopy() *AWSManagedClusterTemplateList { + if in == nil { + return nil + } + out := new(AWSManagedClusterTemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSManagedClusterTemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedClusterTemplateResource) DeepCopyInto(out *AWSManagedClusterTemplateResource) { + *out = *in + out.Spec = in.Spec +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedClusterTemplateResource. +func (in *AWSManagedClusterTemplateResource) DeepCopy() *AWSManagedClusterTemplateResource { + if in == nil { + return nil + } + out := new(AWSManagedClusterTemplateResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedClusterTemplateSpec) DeepCopyInto(out *AWSManagedClusterTemplateSpec) { + *out = *in + out.Template = in.Template +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedClusterTemplateSpec. +func (in *AWSManagedClusterTemplateSpec) DeepCopy() *AWSManagedClusterTemplateSpec { + if in == nil { + return nil + } + out := new(AWSManagedClusterTemplateSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSResourceReference) DeepCopyInto(out *AWSResourceReference) { *out = *in @@ -1754,6 +1844,13 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AdditionalNodeIngressRules != nil { + in, out := &in.AdditionalNodeIngressRules, &out.AdditionalNodeIngressRules + *out = make([]IngressRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodePortIngressRuleCidrBlocks != nil { in, out := &in.NodePortIngressRuleCidrBlocks, &out.NodePortIngressRuleCidrBlocks *out = make([]string, len(*in)) diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/condition_consts.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/condition_consts.go new file mode 100644 index 000000000..e12213c84 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/condition_consts.go @@ -0,0 +1,50 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + +// Conditions and condition Reasons for the EKSConfig object +// FROM: https://github.com/kubernetes-sigs/cluster-api/blob/main/bootstrap/kubeadm/api/v1beta1/condition_consts.go + +const ( + // DataSecretAvailableCondition documents the status of the bootstrap secret generation process. + // + // NOTE: When the DataSecret generation starts the process completes immediately and within the + // same reconciliation, so the user will always see a transition from Wait to Generated without having + // evidence that BootstrapSecret generation is started/in progress. + DataSecretAvailableCondition clusterv1.ConditionType = "DataSecretAvailable" + + // DataSecretGenerationFailedReason (Severity=Warning) documents a EKSConfig controller detecting + // an error while generating a data secret; those kind of errors are usually due to misconfigurations + // and user intervention is required to get them fixed. + DataSecretGenerationFailedReason = "DataSecretGenerationFailed" + + // WaitingForClusterInfrastructureReason (Severity=Info) document a bootstrap secret generation process + // waiting for the cluster infrastructure to be ready. + // + // NOTE: Having the cluster infrastructure ready is a pre-condition for starting to create machines; + // the EKSConfig controller ensure this pre-condition is satisfied. + WaitingForClusterInfrastructureReason = "WaitingForClusterInfrastructure" + + // WaitingForControlPlaneInitializationReason (Severity=Info) documents a bootstrap secret generation process + // waiting for the control plane to be initialized. + // + // NOTE: This is a pre-condition for starting to create machines; + // the EKSConfig controller ensure this pre-condition is satisfied. + WaitingForControlPlaneInitializationReason = "WaitingForControlPlaneInitialization" +) diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/conversion.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/conversion.go new file mode 100644 index 000000000..dc549d543 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/conversion.go @@ -0,0 +1,29 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +// Hub marks EKSConfig as a conversion hub. +func (*EKSConfig) Hub() {} + +// Hub marks EKSConfigList as a conversion hub. +func (*EKSConfigList) Hub() {} + +// Hub marks EKSConfigTemplate as a conversion hub. +func (*EKSConfigTemplate) Hub() {} + +// Hub marks EKSConfigTemplateList as a conversion hub. +func (*EKSConfigTemplateList) Hub() {} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/doc.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/doc.go new file mode 100644 index 000000000..170fae156 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta2 contains API Schema definitions for the Amazon EKS Bootstrap v1beta2 API group. +// +gencrdrefdocs:force //nolint: revive +// +groupName=bootstrap.cluster.x-k8s.io +// +k8s:conversion-gen=sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta1 +package v1beta2 diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfig_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfig_types.go new file mode 100644 index 000000000..a2fce8e2c --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfig_types.go @@ -0,0 +1,347 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" +) + +// EKSConfigSpec defines the desired state of Amazon EKS Bootstrap Configuration. +type EKSConfigSpec struct { + // KubeletExtraArgs passes the specified kubelet args into the Amazon EKS machine bootstrap script + // +optional + KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"` + // ContainerRuntime specify the container runtime to use when bootstrapping EKS. + // +optional + ContainerRuntime *string `json:"containerRuntime,omitempty"` + // DNSClusterIP overrides the IP address to use for DNS queries within the cluster. + // +optional + DNSClusterIP *string `json:"dnsClusterIP,omitempty"` + // DockerConfigJson is used for the contents of the /etc/docker/daemon.json file. Useful if you want a custom config differing from the default one in the AMI. + // This is expected to be a json string. + // +optional + DockerConfigJSON *string `json:"dockerConfigJson,omitempty"` + // APIRetryAttempts is the number of retry attempts for AWS API call. + // +optional + APIRetryAttempts *int `json:"apiRetryAttempts,omitempty"` + // PauseContainer allows customization of the pause container to use. + // +optional + PauseContainer *PauseContainer `json:"pauseContainer,omitempty"` + // UseMaxPods sets --max-pods for the kubelet when true. + // +optional + UseMaxPods *bool `json:"useMaxPods,omitempty"` + // ServiceIPV6Cidr is the ipv6 cidr range of the cluster. If this is specified then + // the ip family will be set to ipv6. + // +optional + ServiceIPV6Cidr *string `json:"serviceIPV6Cidr,omitempty"` + // PreBootstrapCommands specifies extra commands to run before bootstrapping nodes to the cluster + // +optional + PreBootstrapCommands []string `json:"preBootstrapCommands,omitempty"` + // PostBootstrapCommands specifies extra commands to run after bootstrapping nodes to the cluster + // +optional + PostBootstrapCommands []string `json:"postBootstrapCommands,omitempty"` + // BootstrapCommandOverride allows you to override the bootstrap command to use for EKS nodes. + // +optional + BootstrapCommandOverride *string `json:"boostrapCommandOverride,omitempty"` + // Files specifies extra files to be passed to user_data upon creation. + // +optional + Files []File `json:"files,omitempty"` + // DiskSetup specifies options for the creation of partition tables and file systems on devices. + // +optional + DiskSetup *DiskSetup `json:"diskSetup,omitempty"` + // Mounts specifies a list of mount points to be setup. + // +optional + Mounts []MountPoints `json:"mounts,omitempty"` + // Users specifies extra users to add + // +optional + Users []User `json:"users,omitempty"` + // NTP specifies NTP configuration + // +optional + NTP *NTP `json:"ntp,omitempty"` +} + +// PauseContainer contains details of pause container. +type PauseContainer struct { + // AccountNumber is the AWS account number to pull the pause container from. + AccountNumber string `json:"accountNumber"` + // Version is the tag of the pause container to use. + Version string `json:"version"` +} + +// EKSConfigStatus defines the observed state of the Amazon EKS Bootstrap Configuration. +type EKSConfigStatus struct { + // Ready indicates the BootstrapData secret is ready to be consumed + Ready bool `json:"ready,omitempty"` + + // DataSecretName is the name of the secret that stores the bootstrap data script. + // +optional + DataSecretName *string `json:"dataSecretName,omitempty"` + + // FailureReason will be set on non-retryable errors + // +optional + FailureReason string `json:"failureReason,omitempty"` + + // FailureMessage will be set on non-retryable errors + // +optional + FailureMessage string `json:"failureMessage,omitempty"` + + // ObservedGeneration is the latest generation observed by the controller. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // Conditions defines current service state of the EKSConfig. + // +optional + Conditions clusterv1.Conditions `json:"conditions,omitempty"` +} + +// Encoding specifies the cloud-init file encoding. +// +kubebuilder:validation:Enum=base64;gzip;gzip+base64 +type Encoding string + +const ( + // Base64 implies the contents of the file are encoded as base64. + Base64 Encoding = "base64" + // Gzip implies the contents of the file are encoded with gzip. + Gzip Encoding = "gzip" + // GzipBase64 implies the contents of the file are first base64 encoded and then gzip encoded. + GzipBase64 Encoding = "gzip+base64" +) + +// File defines the input for generating write_files in cloud-init. +type File struct { + // Path specifies the full path on disk where to store the file. + Path string `json:"path"` + + // Owner specifies the ownership of the file, e.g. "root:root". + // +optional + Owner string `json:"owner,omitempty"` + + // Permissions specifies the permissions to assign to the file, e.g. "0640". + // +optional + Permissions string `json:"permissions,omitempty"` + + // Encoding specifies the encoding of the file contents. + // +optional + Encoding Encoding `json:"encoding,omitempty"` + + // Append specifies whether to append Content to existing file if Path exists. + // +optional + Append bool `json:"append,omitempty"` + + // Content is the actual content of the file. + // +optional + Content string `json:"content,omitempty"` + + // ContentFrom is a referenced source of content to populate the file. + // +optional + ContentFrom *FileSource `json:"contentFrom,omitempty"` +} + +// FileSource is a union of all possible external source types for file data. +// Only one field may be populated in any given instance. Developers adding new +// sources of data for target systems should add them here. +type FileSource struct { + // Secret represents a secret that should populate this file. + Secret SecretFileSource `json:"secret"` +} + +// SecretFileSource adapts a Secret into a FileSource. +// +// The contents of the target Secret's Data field will be presented +// as files using the keys in the Data field as the file names. +type SecretFileSource struct { + // Name of the secret in the KubeadmBootstrapConfig's namespace to use. + Name string `json:"name"` + + // Key is the key in the secret's data map for this value. + Key string `json:"key"` +} + +// PasswdSource is a union of all possible external source types for passwd data. +// Only one field may be populated in any given instance. Developers adding new +// sources of data for target systems should add them here. +type PasswdSource struct { + // Secret represents a secret that should populate this password. + Secret SecretPasswdSource `json:"secret"` +} + +// SecretPasswdSource adapts a Secret into a PasswdSource. +// +// The contents of the target Secret's Data field will be presented +// as passwd using the keys in the Data field as the file names. +type SecretPasswdSource struct { + // Name of the secret in the KubeadmBootstrapConfig's namespace to use. + Name string `json:"name"` + + // Key is the key in the secret's data map for this value. + Key string `json:"key"` +} + +// User defines the input for a generated user in cloud-init. +type User struct { + // Name specifies the username + Name string `json:"name"` + + // Gecos specifies the gecos to use for the user + // +optional + Gecos *string `json:"gecos,omitempty"` + + // Groups specifies the additional groups for the user + // +optional + Groups *string `json:"groups,omitempty"` + + // HomeDir specifies the home directory to use for the user + // +optional + HomeDir *string `json:"homeDir,omitempty"` + + // Inactive specifies whether to mark the user as inactive + // +optional + Inactive *bool `json:"inactive,omitempty"` + + // Shell specifies the user's shell + // +optional + Shell *string `json:"shell,omitempty"` + + // Passwd specifies a hashed password for the user + // +optional + Passwd *string `json:"passwd,omitempty"` + + // PasswdFrom is a referenced source of passwd to populate the passwd. + // +optional + PasswdFrom *PasswdSource `json:"passwdFrom,omitempty"` + + // PrimaryGroup specifies the primary group for the user + // +optional + PrimaryGroup *string `json:"primaryGroup,omitempty"` + + // LockPassword specifies if password login should be disabled + // +optional + LockPassword *bool `json:"lockPassword,omitempty"` + + // Sudo specifies a sudo role for the user + // +optional + Sudo *string `json:"sudo,omitempty"` + + // SSHAuthorizedKeys specifies a list of ssh authorized keys for the user + // +optional + SSHAuthorizedKeys []string `json:"sshAuthorizedKeys,omitempty"` +} + +// NTP defines input for generated ntp in cloud-init. +type NTP struct { + // Servers specifies which NTP servers to use + // +optional + Servers []string `json:"servers,omitempty"` + + // Enabled specifies whether NTP should be enabled + // +optional + Enabled *bool `json:"enabled,omitempty"` +} + +// DiskSetup defines input for generated disk_setup and fs_setup in cloud-init. +type DiskSetup struct { + // Partitions specifies the list of the partitions to setup. + // +optional + Partitions []Partition `json:"partitions,omitempty"` + + // Filesystems specifies the list of file systems to setup. + // +optional + Filesystems []Filesystem `json:"filesystems,omitempty"` +} + +// Partition defines how to create and layout a partition. +type Partition struct { + // Device is the name of the device. + Device string `json:"device"` + // Layout specifies the device layout. + // If it is true, a single partition will be created for the entire device. + // When layout is false, it means don't partition or ignore existing partitioning. + Layout bool `json:"layout"` + // Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. + // Use with caution. Default is 'false'. + // +optional + Overwrite *bool `json:"overwrite,omitempty"` + // TableType specifies the tupe of partition table. The following are supported: + // 'mbr': default and setups a MS-DOS partition table + // 'gpt': setups a GPT partition table + // +optional + TableType *string `json:"tableType,omitempty"` +} + +// Filesystem defines the file systems to be created. +type Filesystem struct { + // Device specifies the device name + Device string `json:"device"` + // Filesystem specifies the file system type. + Filesystem string `json:"filesystem"` + // Label specifies the file system label to be used. If set to None, no label is used. + Label string `json:"label"` + // Partition specifies the partition to use. The valid options are: "auto|any", "auto", "any", "none", and , where NUM is the actual partition number. + // +optional + Partition *string `json:"partition,omitempty"` + // Overwrite defines whether or not to overwrite any existing filesystem. + // If true, any pre-existing file system will be destroyed. Use with Caution. + // +optional + Overwrite *bool `json:"overwrite,omitempty"` + // ExtraOpts defined extra options to add to the command for creating the file system. + // +optional + ExtraOpts []string `json:"extraOpts,omitempty"` +} + +// MountPoints defines input for generated mounts in cloud-init. +type MountPoints []string + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=eksconfigs,scope=Namespaced,categories=cluster-api,shortName=eksc +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Bootstrap configuration is ready" +// +kubebuilder:printcolumn:name="DataSecretName",type="string",JSONPath=".status.dataSecretName",description="Name of Secret containing bootstrap data" + +// EKSConfig is the schema for the Amazon EKS Machine Bootstrap Configuration API. +type EKSConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec EKSConfigSpec `json:"spec,omitempty"` + Status EKSConfigStatus `json:"status,omitempty"` +} + +// GetConditions returns the observations of the operational state of the EKSConfig resource. +func (r *EKSConfig) GetConditions() clusterv1.Conditions { + return r.Status.Conditions +} + +// SetConditions sets the underlying service state of the EKSConfig to the predescribed clusterv1.Conditions. +func (r *EKSConfig) SetConditions(conditions clusterv1.Conditions) { + r.Status.Conditions = conditions +} + +// +kubebuilder:object:root=true + +// EKSConfigList contains a list of EKSConfig. +type EKSConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []EKSConfig `json:"items"` +} + +func init() { + SchemeBuilder.Register(&EKSConfig{}, &EKSConfigList{}) +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfigtemplate_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfigtemplate_types.go new file mode 100644 index 000000000..262ed5fe8 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/eksconfigtemplate_types.go @@ -0,0 +1,56 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EKSConfigTemplateSpec defines the desired state of templated EKSConfig Amazon EKS Bootstrap Configuration resources. +type EKSConfigTemplateSpec struct { + Template EKSConfigTemplateResource `json:"template"` +} + +// EKSConfigTemplateResource defines the Template structure. +type EKSConfigTemplateResource struct { + Spec EKSConfigSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=eksconfigtemplates,scope=Namespaced,categories=cluster-api,shortName=eksct +// +kubebuilder:storageversion + +// EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template API. +type EKSConfigTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec EKSConfigTemplateSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// EKSConfigTemplateList contains a list of Amazon EKS Bootstrap Configuration Templates. +type EKSConfigTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []EKSConfigTemplate `json:"items"` +} + +func init() { + SchemeBuilder.Register(&EKSConfigTemplate{}, &EKSConfigTemplateList{}) +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/groupversion_info.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/groupversion_info.go new file mode 100644 index 000000000..7c26521b4 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta2 contains API Schema definitions for the Amazon EKS Bootstrap v1beta2 API group +// +kubebuilder:object:generate=true +// +groupName=bootstrap.cluster.x-k8s.io +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects. + GroupVersion = schema.GroupVersion{Group: "bootstrap.cluster.x-k8s.io", Version: "v1beta2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/zz_generated.deepcopy.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 000000000..7b059799a --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/bootstrap/eks/api/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,604 @@ +//go:build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/cluster-api/api/v1beta1" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DiskSetup) DeepCopyInto(out *DiskSetup) { + *out = *in + if in.Partitions != nil { + in, out := &in.Partitions, &out.Partitions + *out = make([]Partition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Filesystems != nil { + in, out := &in.Filesystems, &out.Filesystems + *out = make([]Filesystem, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DiskSetup. +func (in *DiskSetup) DeepCopy() *DiskSetup { + if in == nil { + return nil + } + out := new(DiskSetup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfig) DeepCopyInto(out *EKSConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfig. +func (in *EKSConfig) DeepCopy() *EKSConfig { + if in == nil { + return nil + } + out := new(EKSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EKSConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigList) DeepCopyInto(out *EKSConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]EKSConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigList. +func (in *EKSConfigList) DeepCopy() *EKSConfigList { + if in == nil { + return nil + } + out := new(EKSConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EKSConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigSpec) DeepCopyInto(out *EKSConfigSpec) { + *out = *in + if in.KubeletExtraArgs != nil { + in, out := &in.KubeletExtraArgs, &out.KubeletExtraArgs + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.ContainerRuntime != nil { + in, out := &in.ContainerRuntime, &out.ContainerRuntime + *out = new(string) + **out = **in + } + if in.DNSClusterIP != nil { + in, out := &in.DNSClusterIP, &out.DNSClusterIP + *out = new(string) + **out = **in + } + if in.DockerConfigJSON != nil { + in, out := &in.DockerConfigJSON, &out.DockerConfigJSON + *out = new(string) + **out = **in + } + if in.APIRetryAttempts != nil { + in, out := &in.APIRetryAttempts, &out.APIRetryAttempts + *out = new(int) + **out = **in + } + if in.PauseContainer != nil { + in, out := &in.PauseContainer, &out.PauseContainer + *out = new(PauseContainer) + **out = **in + } + if in.UseMaxPods != nil { + in, out := &in.UseMaxPods, &out.UseMaxPods + *out = new(bool) + **out = **in + } + if in.ServiceIPV6Cidr != nil { + in, out := &in.ServiceIPV6Cidr, &out.ServiceIPV6Cidr + *out = new(string) + **out = **in + } + if in.PreBootstrapCommands != nil { + in, out := &in.PreBootstrapCommands, &out.PreBootstrapCommands + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PostBootstrapCommands != nil { + in, out := &in.PostBootstrapCommands, &out.PostBootstrapCommands + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.BootstrapCommandOverride != nil { + in, out := &in.BootstrapCommandOverride, &out.BootstrapCommandOverride + *out = new(string) + **out = **in + } + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]File, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DiskSetup != nil { + in, out := &in.DiskSetup, &out.DiskSetup + *out = new(DiskSetup) + (*in).DeepCopyInto(*out) + } + if in.Mounts != nil { + in, out := &in.Mounts, &out.Mounts + *out = make([]MountPoints, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = make(MountPoints, len(*in)) + copy(*out, *in) + } + } + } + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = make([]User, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.NTP != nil { + in, out := &in.NTP, &out.NTP + *out = new(NTP) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigSpec. +func (in *EKSConfigSpec) DeepCopy() *EKSConfigSpec { + if in == nil { + return nil + } + out := new(EKSConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigStatus) DeepCopyInto(out *EKSConfigStatus) { + *out = *in + if in.DataSecretName != nil { + in, out := &in.DataSecretName, &out.DataSecretName + *out = new(string) + **out = **in + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make(v1beta1.Conditions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigStatus. +func (in *EKSConfigStatus) DeepCopy() *EKSConfigStatus { + if in == nil { + return nil + } + out := new(EKSConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigTemplate) DeepCopyInto(out *EKSConfigTemplate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigTemplate. +func (in *EKSConfigTemplate) DeepCopy() *EKSConfigTemplate { + if in == nil { + return nil + } + out := new(EKSConfigTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EKSConfigTemplate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigTemplateList) DeepCopyInto(out *EKSConfigTemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]EKSConfigTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigTemplateList. +func (in *EKSConfigTemplateList) DeepCopy() *EKSConfigTemplateList { + if in == nil { + return nil + } + out := new(EKSConfigTemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EKSConfigTemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigTemplateResource) DeepCopyInto(out *EKSConfigTemplateResource) { + *out = *in + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigTemplateResource. +func (in *EKSConfigTemplateResource) DeepCopy() *EKSConfigTemplateResource { + if in == nil { + return nil + } + out := new(EKSConfigTemplateResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EKSConfigTemplateSpec) DeepCopyInto(out *EKSConfigTemplateSpec) { + *out = *in + in.Template.DeepCopyInto(&out.Template) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfigTemplateSpec. +func (in *EKSConfigTemplateSpec) DeepCopy() *EKSConfigTemplateSpec { + if in == nil { + return nil + } + out := new(EKSConfigTemplateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *File) DeepCopyInto(out *File) { + *out = *in + if in.ContentFrom != nil { + in, out := &in.ContentFrom, &out.ContentFrom + *out = new(FileSource) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new File. +func (in *File) DeepCopy() *File { + if in == nil { + return nil + } + out := new(File) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FileSource) DeepCopyInto(out *FileSource) { + *out = *in + out.Secret = in.Secret +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileSource. +func (in *FileSource) DeepCopy() *FileSource { + if in == nil { + return nil + } + out := new(FileSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Filesystem) DeepCopyInto(out *Filesystem) { + *out = *in + if in.Partition != nil { + in, out := &in.Partition, &out.Partition + *out = new(string) + **out = **in + } + if in.Overwrite != nil { + in, out := &in.Overwrite, &out.Overwrite + *out = new(bool) + **out = **in + } + if in.ExtraOpts != nil { + in, out := &in.ExtraOpts, &out.ExtraOpts + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filesystem. +func (in *Filesystem) DeepCopy() *Filesystem { + if in == nil { + return nil + } + out := new(Filesystem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in MountPoints) DeepCopyInto(out *MountPoints) { + { + in := &in + *out = make(MountPoints, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountPoints. +func (in MountPoints) DeepCopy() MountPoints { + if in == nil { + return nil + } + out := new(MountPoints) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NTP) DeepCopyInto(out *NTP) { + *out = *in + if in.Servers != nil { + in, out := &in.Servers, &out.Servers + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NTP. +func (in *NTP) DeepCopy() *NTP { + if in == nil { + return nil + } + out := new(NTP) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Partition) DeepCopyInto(out *Partition) { + *out = *in + if in.Overwrite != nil { + in, out := &in.Overwrite, &out.Overwrite + *out = new(bool) + **out = **in + } + if in.TableType != nil { + in, out := &in.TableType, &out.TableType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Partition. +func (in *Partition) DeepCopy() *Partition { + if in == nil { + return nil + } + out := new(Partition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PasswdSource) DeepCopyInto(out *PasswdSource) { + *out = *in + out.Secret = in.Secret +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswdSource. +func (in *PasswdSource) DeepCopy() *PasswdSource { + if in == nil { + return nil + } + out := new(PasswdSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PauseContainer) DeepCopyInto(out *PauseContainer) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PauseContainer. +func (in *PauseContainer) DeepCopy() *PauseContainer { + if in == nil { + return nil + } + out := new(PauseContainer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretFileSource) DeepCopyInto(out *SecretFileSource) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretFileSource. +func (in *SecretFileSource) DeepCopy() *SecretFileSource { + if in == nil { + return nil + } + out := new(SecretFileSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretPasswdSource) DeepCopyInto(out *SecretPasswdSource) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretPasswdSource. +func (in *SecretPasswdSource) DeepCopy() *SecretPasswdSource { + if in == nil { + return nil + } + out := new(SecretPasswdSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *User) DeepCopyInto(out *User) { + *out = *in + if in.Gecos != nil { + in, out := &in.Gecos, &out.Gecos + *out = new(string) + **out = **in + } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = new(string) + **out = **in + } + if in.HomeDir != nil { + in, out := &in.HomeDir, &out.HomeDir + *out = new(string) + **out = **in + } + if in.Inactive != nil { + in, out := &in.Inactive, &out.Inactive + *out = new(bool) + **out = **in + } + if in.Shell != nil { + in, out := &in.Shell, &out.Shell + *out = new(string) + **out = **in + } + if in.Passwd != nil { + in, out := &in.Passwd, &out.Passwd + *out = new(string) + **out = **in + } + if in.PasswdFrom != nil { + in, out := &in.PasswdFrom, &out.PasswdFrom + *out = new(PasswdSource) + **out = **in + } + if in.PrimaryGroup != nil { + in, out := &in.PrimaryGroup, &out.PrimaryGroup + *out = new(string) + **out = **in + } + if in.LockPassword != nil { + in, out := &in.LockPassword, &out.LockPassword + *out = new(bool) + **out = **in + } + if in.Sudo != nil { + in, out := &in.Sudo, &out.Sudo + *out = new(string) + **out = **in + } + if in.SSHAuthorizedKeys != nil { + in, out := &in.SSHAuthorizedKeys, &out.SSHAuthorizedKeys + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new User. +func (in *User) DeepCopy() *User { + if in == nil { + return nil + } + out := new(User) + in.DeepCopyInto(out) + return out +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go new file mode 100644 index 000000000..bdea2c6de --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go @@ -0,0 +1,361 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + infrav1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2" + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" +) + +const ( + // ManagedControlPlaneFinalizer allows the controller to clean up resources on delete. + ManagedControlPlaneFinalizer = "awsmanagedcontrolplane.controlplane.cluster.x-k8s.io" + + // AWSManagedControlPlaneKind is the Kind of AWSManagedControlPlane. + AWSManagedControlPlaneKind = "AWSManagedControlPlane" +) + +// AWSManagedControlPlaneSpec defines the desired state of an Amazon EKS Cluster. +type AWSManagedControlPlaneSpec struct { //nolint: maligned + // EKSClusterName allows you to specify the name of the EKS cluster in + // AWS. If you don't specify a name then a default name will be created + // based on the namespace and name of the managed control plane. + // +optional + EKSClusterName string `json:"eksClusterName,omitempty"` + + // IdentityRef is a reference to an identity to be used when reconciling the managed control plane. + // If no identity is specified, the default identity for this controller will be used. + // +optional + IdentityRef *infrav1.AWSIdentityReference `json:"identityRef,omitempty"` + + // NetworkSpec encapsulates all things related to AWS network. + NetworkSpec infrav1.NetworkSpec `json:"network,omitempty"` + + // SecondaryCidrBlock is the additional CIDR range to use for pod IPs. + // Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. + // +optional + SecondaryCidrBlock *string `json:"secondaryCidrBlock,omitempty"` + + // The AWS Region the cluster lives in. + Region string `json:"region,omitempty"` + + // Partition is the AWS security partition being used. Defaults to "aws" + // +optional + Partition string `json:"partition,omitempty"` + + // SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) + // +optional + SSHKeyName *string `json:"sshKeyName,omitempty"` + + // Version defines the desired Kubernetes version. If no version number + // is supplied then the latest version of Kubernetes that EKS supports + // will be used. + // +kubebuilder:validation:MinLength:=2 + // +kubebuilder:validation:Pattern:=^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ + // +optional + Version *string `json:"version,omitempty"` + + // RoleName specifies the name of IAM role that gives EKS + // permission to make API calls. If the role is pre-existing + // we will treat it as unmanaged and not delete it on + // deletion. If the EKSEnableIAM feature flag is true + // and no name is supplied then a role is created. + // +kubebuilder:validation:MinLength:=2 + // +optional + RoleName *string `json:"roleName,omitempty"` + + // RoleAdditionalPolicies allows you to attach additional polices to + // the control plane role. You must enable the EKSAllowAddRoles + // feature flag to incorporate these into the created role. + // +optional + RoleAdditionalPolicies *[]string `json:"roleAdditionalPolicies,omitempty"` + + // RolePath sets the path to the role. For more information about paths, see IAM Identifiers + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) + // in the IAM User Guide. + // + // This parameter is optional. If it is not included, it defaults to a slash + // (/). + // +optional + RolePath string `json:"rolePath,omitempty"` + + // RolePermissionsBoundary sets the ARN of the managed policy that is used + // to set the permissions boundary for the role. + // + // A permissions boundary policy defines the maximum permissions that identity-based + // policies can grant to an entity, but does not grant permissions. Permissions + // boundaries do not define the maximum permissions that a resource-based policy + // can grant to an entity. To learn more, see Permissions boundaries for IAM + // entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + // in the IAM User Guide. + // + // For more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) + // in the IAM User Guide. + // +optional + RolePermissionsBoundary string `json:"rolePermissionsBoundary,omitempty"` + + // Logging specifies which EKS Cluster logs should be enabled. Entries for + // each of the enabled logs will be sent to CloudWatch + // +optional + Logging *ControlPlaneLoggingSpec `json:"logging,omitempty"` + + // EncryptionConfig specifies the encryption configuration for the cluster + // +optional + EncryptionConfig *EncryptionConfig `json:"encryptionConfig,omitempty"` + + // AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the + // ones added by default. + // +optional + AdditionalTags infrav1.Tags `json:"additionalTags,omitempty"` + + // IAMAuthenticatorConfig allows the specification of any additional user or role mappings + // for use when generating the aws-iam-authenticator configuration. If this is nil the + // default configuration is still generated for the cluster. + // +optional + IAMAuthenticatorConfig *IAMAuthenticatorConfig `json:"iamAuthenticatorConfig,omitempty"` + + // Endpoints specifies access to this cluster's control plane endpoints + // +optional + EndpointAccess EndpointAccess `json:"endpointAccess,omitempty"` + + // ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + // +optional + ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"` + + // ImageLookupFormat is the AMI naming format to look up machine images when + // a machine does not specify an AMI. When set, this will be used for all + // cluster machines unless a machine specifies a different ImageLookupOrg. + // Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base + // OS and kubernetes version, respectively. The BaseOS will be the value in + // ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as + // defined by the packages produced by kubernetes/release without v as a + // prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default + // image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up + // searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a + // Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See + // also: https://golang.org/pkg/text/template/ + // +optional + ImageLookupFormat string `json:"imageLookupFormat,omitempty"` + + // ImageLookupOrg is the AWS Organization ID to look up machine images when a + // machine does not specify an AMI. When set, this will be used for all + // cluster machines unless a machine specifies a different ImageLookupOrg. + // +optional + ImageLookupOrg string `json:"imageLookupOrg,omitempty"` + + // ImageLookupBaseOS is the name of the base operating system used to look + // up machine images when a machine does not specify an AMI. When set, this + // will be used for all cluster machines unless a machine specifies a + // different ImageLookupBaseOS. + ImageLookupBaseOS string `json:"imageLookupBaseOS,omitempty"` + + // Bastion contains options to configure the bastion host. + // +optional + Bastion infrav1.Bastion `json:"bastion"` + + // TokenMethod is used to specify the method for obtaining a client token for communicating with EKS + // iam-authenticator - obtains a client token using iam-authentictor + // aws-cli - obtains a client token using the AWS CLI + // Defaults to iam-authenticator + // +kubebuilder:default=iam-authenticator + // +kubebuilder:validation:Enum=iam-authenticator;aws-cli + TokenMethod *EKSTokenMethod `json:"tokenMethod,omitempty"` + + // AssociateOIDCProvider can be enabled to automatically create an identity + // provider for the controller for use with IAM roles for service accounts + // +kubebuilder:default=false + AssociateOIDCProvider bool `json:"associateOIDCProvider,omitempty"` + + // Addons defines the EKS addons to enable with the EKS cluster. + // +optional + Addons *[]Addon `json:"addons,omitempty"` + + // IdentityProviderconfig is used to specify the oidc provider config + // to be attached with this eks cluster + // +optional + OIDCIdentityProviderConfig *OIDCIdentityProviderConfig `json:"oidcIdentityProviderConfig,omitempty"` + + // VpcCni is used to set configuration options for the VPC CNI plugin + // +optional + VpcCni VpcCni `json:"vpcCni,omitempty"` + + // BootstrapSelfManagedAddons is used to set configuration options for + // bare EKS cluster without EKS default networking addons + // If you set this value to false when creating a cluster, the default networking add-ons will not be installed + // +kubebuilder:default=true + BootstrapSelfManagedAddons bool `json:"bootstrapSelfManagedAddons,omitempty"` + + // RestrictPrivateSubnets indicates that the EKS control plane should only use private subnets. + // +kubebuilder:default=false + RestrictPrivateSubnets bool `json:"restrictPrivateSubnets,omitempty"` + + // KubeProxy defines managed attributes of the kube-proxy daemonset + KubeProxy KubeProxy `json:"kubeProxy,omitempty"` +} + +// KubeProxy specifies how the kube-proxy daemonset is managed. +type KubeProxy struct { + // Disable set to true indicates that kube-proxy should be disabled. With EKS clusters + // kube-proxy is automatically installed into the cluster. For clusters where you want + // to use kube-proxy functionality that is provided with an alternate CNI, this option + // provides a way to specify that the kube-proxy daemonset should be deleted. You cannot + // set this to true if you are using the Amazon kube-proxy addon. + // +kubebuilder:default=false + Disable bool `json:"disable,omitempty"` +} + +// VpcCni specifies configuration related to the VPC CNI. +type VpcCni struct { + // Disable indicates that the Amazon VPC CNI should be disabled. With EKS clusters the + // Amazon VPC CNI is automatically installed into the cluster. For clusters where you want + // to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI + // should be deleted. You cannot set this to true if you are using the + // Amazon VPC CNI addon. + // +kubebuilder:default=false + Disable bool `json:"disable,omitempty"` + // Env defines a list of environment variables to apply to the `aws-node` DaemonSet + // +optional + Env []corev1.EnvVar `json:"env,omitempty"` +} + +// EndpointAccess specifies how control plane endpoints are accessible. +type EndpointAccess struct { + // Public controls whether control plane endpoints are publicly accessible + // +optional + Public *bool `json:"public,omitempty"` + // PublicCIDRs specifies which blocks can access the public endpoint + // +optional + PublicCIDRs []*string `json:"publicCIDRs,omitempty"` + // Private points VPC-internal control plane access to the private endpoint + // +optional + Private *bool `json:"private,omitempty"` +} + +// EncryptionConfig specifies the encryption configuration for the EKS clsuter. +type EncryptionConfig struct { + // Provider specifies the ARN or alias of the CMK (in AWS KMS) + Provider *string `json:"provider,omitempty"` + // Resources specifies the resources to be encrypted + Resources []*string `json:"resources,omitempty"` +} + +// OIDCProviderStatus holds the status of the AWS OIDC identity provider. +type OIDCProviderStatus struct { + // ARN holds the ARN of the provider + ARN string `json:"arn,omitempty"` + // TrustPolicy contains the boilerplate IAM trust policy to use for IRSA + TrustPolicy string `json:"trustPolicy,omitempty"` +} + +// IdentityProviderStatus holds the status for associated identity provider. +type IdentityProviderStatus struct { + // ARN holds the ARN of associated identity provider + ARN string `json:"arn,omitempty"` + + // Status holds current status of associated identity provider + Status string `json:"status,omitempty"` +} + +// AWSManagedControlPlaneStatus defines the observed state of an Amazon EKS Cluster. +type AWSManagedControlPlaneStatus struct { + // Networks holds details about the AWS networking resources used by the control plane + // +optional + Network infrav1.NetworkStatus `json:"networkStatus,omitempty"` + // FailureDomains specifies a list fo available availability zones that can be used + // +optional + FailureDomains clusterv1.FailureDomains `json:"failureDomains,omitempty"` + // Bastion holds details of the instance that is used as a bastion jump box + // +optional + Bastion *infrav1.Instance `json:"bastion,omitempty"` + // OIDCProvider holds the status of the identity provider for this cluster + // +optional + OIDCProvider OIDCProviderStatus `json:"oidcProvider,omitempty"` + // ExternalManagedControlPlane indicates to cluster-api that the control plane + // is managed by an external service such as AKS, EKS, GKE, etc. + // +kubebuilder:default=true + ExternalManagedControlPlane *bool `json:"externalManagedControlPlane,omitempty"` + // Initialized denotes whether or not the control plane has the + // uploaded kubernetes config-map. + // +optional + Initialized bool `json:"initialized"` + // Ready denotes that the AWSManagedControlPlane API Server is ready to + // receive requests and that the VPC infra is ready. + // +kubebuilder:default=false + Ready bool `json:"ready"` + // ErrorMessage indicates that there is a terminal problem reconciling the + // state, and will be set to a descriptive error message. + // +optional + FailureMessage *string `json:"failureMessage,omitempty"` + // Conditions specifies the cpnditions for the managed control plane + Conditions clusterv1.Conditions `json:"conditions,omitempty"` + // Addons holds the current status of the EKS addons + // +optional + Addons []AddonState `json:"addons,omitempty"` + // IdentityProviderStatus holds the status for + // associated identity provider + // +optional + IdentityProviderStatus IdentityProviderStatus `json:"identityProviderStatus,omitempty"` + // Version represents the minimum Kubernetes version for the control plane machines + // in the cluster. + // +optional + Version *string `json:"version,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=awsmanagedcontrolplanes,shortName=awsmcp,scope=Namespaced,categories=cluster-api +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels.cluster\\.x-k8s\\.io/cluster-name",description="Cluster to which this AWSManagedControl belongs" +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Control plane infrastructure is ready for worker nodes" +// +kubebuilder:printcolumn:name="VPC",type="string",JSONPath=".spec.network.vpc.id",description="AWS VPC the control plane is using" +// +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint.host",description="API Endpoint",priority=1 +// +kubebuilder:printcolumn:name="Bastion IP",type="string",JSONPath=".status.bastion.publicIp",description="Bastion IP address for breakglass access" + +// AWSManagedControlPlane is the schema for the Amazon EKS Managed Control Plane API. +type AWSManagedControlPlane struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec AWSManagedControlPlaneSpec `json:"spec,omitempty"` + Status AWSManagedControlPlaneStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// AWSManagedControlPlaneList contains a list of Amazon EKS Managed Control Planes. +type AWSManagedControlPlaneList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AWSManagedControlPlane `json:"items"` +} + +// GetConditions returns the control planes conditions. +func (r *AWSManagedControlPlane) GetConditions() clusterv1.Conditions { + return r.Status.Conditions +} + +// SetConditions sets the status conditions for the AWSManagedControlPlane. +func (r *AWSManagedControlPlane) SetConditions(conditions clusterv1.Conditions) { + r.Status.Conditions = conditions +} + +func init() { + SchemeBuilder.Register(&AWSManagedControlPlane{}, &AWSManagedControlPlaneList{}) +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplanetemplate_types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplanetemplate_types.go new file mode 100644 index 000000000..3c1b4109b --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/awsmanagedcontrolplanetemplate_types.go @@ -0,0 +1,56 @@ +/* +Copyright 2025 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// AWSManagedControlPlaneTemplateSpec defines the desired state of AWSManagedControlPlaneTemplate. +type AWSManagedControlPlaneTemplateSpec struct { + Template AWSManagedControlPlaneTemplateResource `json:"template"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=awsmanagedcontrolplanetemplates,scope=Namespaced,categories=cluster-api,shortName=awmcpt +// +kubebuilder:storageversion + +// AWSManagedControlPlaneTemplate is the Schema for the AWSManagedControlPlaneTemplates API. +type AWSManagedControlPlaneTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec AWSManagedControlPlaneTemplateSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// AWSManagedControlPlaneTemplateList contains a list of AWSManagedControlPlaneTemplates. +type AWSManagedControlPlaneTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AWSManagedControlPlaneTemplate `json:"items"` +} + +func init() { + SchemeBuilder.Register(&AWSManagedControlPlaneTemplate{}, &AWSManagedControlPlaneTemplateList{}) +} + +// AWSManagedControlPlaneTemplateResource describes the data needed to create an AWSManagedCluster from a template. +type AWSManagedControlPlaneTemplateResource struct { + Spec AWSManagedControlPlaneSpec `json:"spec"` +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conditions_consts.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conditions_consts.go new file mode 100644 index 000000000..fc8fa6672 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conditions_consts.go @@ -0,0 +1,60 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + +const ( + // EKSControlPlaneReadyCondition condition reports on the successful reconciliation of eks control plane. + EKSControlPlaneReadyCondition clusterv1.ConditionType = "EKSControlPlaneReady" + // EKSControlPlaneCreatingCondition condition reports on whether the eks + // control plane is creating. + EKSControlPlaneCreatingCondition clusterv1.ConditionType = "EKSControlPlaneCreating" + // EKSControlPlaneUpdatingCondition condition reports on whether the eks + // control plane is updating. + EKSControlPlaneUpdatingCondition clusterv1.ConditionType = "EKSControlPlaneUpdating" + // EKSControlPlaneReconciliationFailedReason used to report failures while reconciling EKS control plane. + EKSControlPlaneReconciliationFailedReason = "EKSControlPlaneReconciliationFailed" +) + +const ( + // IAMControlPlaneRolesReadyCondition condition reports on the successful reconciliation of eks control plane iam roles. + IAMControlPlaneRolesReadyCondition clusterv1.ConditionType = "IAMControlPlaneRolesReady" + // IAMControlPlaneRolesReconciliationFailedReason used to report failures while reconciling EKS control plane iam roles. + IAMControlPlaneRolesReconciliationFailedReason = "IAMControlPlaneRolesReconciliationFailed" +) + +const ( + // IAMAuthenticatorConfiguredCondition condition reports on the successful reconciliation of aws-iam-authenticator config. + IAMAuthenticatorConfiguredCondition clusterv1.ConditionType = "IAMAuthenticatorConfigured" + // IAMAuthenticatorConfigurationFailedReason used to report failures while reconciling the aws-iam-authenticator config. + IAMAuthenticatorConfigurationFailedReason = "IAMAuthenticatorConfigurationFailed" +) + +const ( + // EKSAddonsConfiguredCondition condition reports on the successful reconciliation of EKS addons. + EKSAddonsConfiguredCondition clusterv1.ConditionType = "EKSAddonsConfigured" + // EKSAddonsConfiguredFailedReason used to report failures while reconciling the EKS addons. + EKSAddonsConfiguredFailedReason = "EKSAddonsConfiguredFailed" +) + +const ( + // EKSIdentityProviderConfiguredCondition condition reports on the successful association of identity provider config. + EKSIdentityProviderConfiguredCondition clusterv1.ConditionType = "EKSIdentityProviderConfigured" + // EKSIdentityProviderConfiguredFailedReason used to report failures while reconciling the identity provider config association. + EKSIdentityProviderConfiguredFailedReason = "EKSIdentityProviderConfiguredFailed" +) diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conversion.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conversion.go new file mode 100644 index 000000000..2d2266167 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/conversion.go @@ -0,0 +1,26 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +// Hub marks AWSManagedControlPlane as a conversion hub. +func (*AWSManagedControlPlane) Hub() {} + +// Hub marks AWSManagedControlPlaneList as a conversion hub. +func (*AWSManagedControlPlaneList) Hub() {} + +// Hub marks AWSManagedControlPlaneSpec as a conversion hub. +func (*AWSManagedControlPlaneSpec) Hub() {} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/doc.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/doc.go new file mode 100644 index 000000000..8409bb024 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta2 contains API Schema definitions for the controlplane v1beta2 API group +// +gencrdrefdocs:force +// +groupName=controlplane.cluster.x-k8s.io +// +k8s:defaulter-gen=TypeMeta +package v1beta2 diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/groupversion_info.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/groupversion_info.go new file mode 100644 index 000000000..9fc822708 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta2 contains API Schema definitions for the controlplane v1beta2 API group +// +kubebuilder:object:generate=true +// +groupName=controlplane.cluster.x-k8s.io +package v1beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects. + GroupVersion = schema.GroupVersion{Group: "controlplane.cluster.x-k8s.io", Version: "v1beta2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme. + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/types.go new file mode 100644 index 000000000..52f4383fa --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/types.go @@ -0,0 +1,281 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + "fmt" + + ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + infrav1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2" + iamv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1" +) + +// ControlPlaneLoggingSpec defines what EKS control plane logs that should be enabled. +type ControlPlaneLoggingSpec struct { + // APIServer indicates if the Kubernetes API Server log (kube-apiserver) shoulkd be enabled + // +kubebuilder:default=false + APIServer bool `json:"apiServer"` + // Audit indicates if the Kubernetes API audit log should be enabled + // +kubebuilder:default=false + Audit bool `json:"audit"` + // Authenticator indicates if the iam authenticator log should be enabled + // +kubebuilder:default=false + Authenticator bool `json:"authenticator"` + // ControllerManager indicates if the controller manager (kube-controller-manager) log should be enabled + // +kubebuilder:default=false + ControllerManager bool `json:"controllerManager"` + // Scheduler indicates if the Kubernetes scheduler (kube-scheduler) log should be enabled + // +kubebuilder:default=false + Scheduler bool `json:"scheduler"` +} + +// IsLogEnabled returns true if the log is enabled. +func (s *ControlPlaneLoggingSpec) IsLogEnabled(logName string) bool { + if s == nil { + return false + } + + switch ekstypes.LogType(logName) { + case ekstypes.LogTypeApi: + return s.APIServer + case ekstypes.LogTypeAudit: + return s.Audit + case ekstypes.LogTypeAuthenticator: + return s.Authenticator + case ekstypes.LogTypeControllerManager: + return s.ControllerManager + case ekstypes.LogTypeScheduler: + return s.Scheduler + default: + return false + } +} + +// EKSTokenMethod defines the method for obtaining a client token to use when connecting to EKS. +type EKSTokenMethod string + +var ( + // EKSTokenMethodIAMAuthenticator indicates that IAM autenticator will be used to get a token. + EKSTokenMethodIAMAuthenticator = EKSTokenMethod("iam-authenticator") + + // EKSTokenMethodAWSCli indicates that the AWS CLI will be used to get a token + // Version 1.16.156 or greater is required of the AWS CLI. + EKSTokenMethodAWSCli = EKSTokenMethod("aws-cli") +) + +var ( + // DefaultEKSControlPlaneRole is the name of the default IAM role to use for the EKS control plane + // if no other role is supplied in the spec and if iam role creation is not enabled. The default + // can be created using clusterawsadm or created manually. + DefaultEKSControlPlaneRole = fmt.Sprintf("eks-controlplane%s", iamv1.DefaultNameSuffix) +) + +// IAMAuthenticatorConfig represents an aws-iam-authenticator configuration. +type IAMAuthenticatorConfig struct { + // RoleMappings is a list of role mappings + // +optional + RoleMappings []RoleMapping `json:"mapRoles,omitempty"` + // UserMappings is a list of user mappings + // +optional + UserMappings []UserMapping `json:"mapUsers,omitempty"` +} + +// KubernetesMapping represents the kubernetes RBAC mapping. +type KubernetesMapping struct { + // UserName is a kubernetes RBAC user subject + UserName string `json:"username"` + // Groups is a list of kubernetes RBAC groups + Groups []string `json:"groups"` +} + +// RoleMapping represents a mapping from a IAM role to Kubernetes users and groups. +type RoleMapping struct { + // RoleARN is the AWS ARN for the role to map + // +kubebuilder:validation:MinLength:=31 + RoleARN string `json:"rolearn"` + // KubernetesMapping holds the RBAC details for the mapping + KubernetesMapping `json:",inline"` +} + +// UserMapping represents a mapping from an IAM user to Kubernetes users and groups. +type UserMapping struct { + // UserARN is the AWS ARN for the user to map + // +kubebuilder:validation:MinLength:=31 + UserARN string `json:"userarn"` + // KubernetesMapping holds the RBAC details for the mapping + KubernetesMapping `json:",inline"` +} + +// Addon represents a EKS addon. +type Addon struct { + // Name is the name of the addon + // +kubebuilder:validation:MinLength:=2 + // +kubebuilder:validation:Required + Name string `json:"name"` + // Version is the version of the addon to use + Version string `json:"version"` + // Configuration of the EKS addon + // +optional + Configuration string `json:"configuration,omitempty"` + // ConflictResolution is used to declare what should happen if there + // are parameter conflicts. Defaults to none + // +kubebuilder:default=overwrite + // +kubebuilder:validation:Enum=overwrite;none + ConflictResolution *AddonResolution `json:"conflictResolution,omitempty"` + // ServiceAccountRoleArn is the ARN of an IAM role to bind to the addons service account + // +optional + ServiceAccountRoleArn *string `json:"serviceAccountRoleARN,omitempty"` +} + +// AddonResolution defines the method for resolving parameter conflicts. +type AddonResolution string + +var ( + // AddonResolutionOverwrite indicates that if there are parameter conflicts then + // resolution will be accomplished via overwriting. + AddonResolutionOverwrite = AddonResolution("overwrite") + + // AddonResolutionNone indicates that if there are parameter conflicts then + // resolution will not be done and an error will be reported. + AddonResolutionNone = AddonResolution("none") +) + +// AddonStatus defines the status for an addon. +type AddonStatus string + +var ( + // AddonStatusCreating is a status to indicate the addon is creating. + AddonStatusCreating = "creating" + + // AddonStatusActive is a status to indicate the addon is active. + AddonStatusActive = "active" + + // AddonStatusCreateFailed is a status to indicate the addon failed creation. + AddonStatusCreateFailed = "create_failed" + + // AddonStatusUpdating is a status to indicate the addon is updating. + AddonStatusUpdating = "updating" + + // AddonStatusDeleting is a status to indicate the addon is deleting. + AddonStatusDeleting = "deleting" + + // AddonStatusDeleteFailed is a status to indicate the addon failed deletion. + AddonStatusDeleteFailed = "delete_failed" + + // AddonStatusDegraded is a status to indicate the addon is in a degraded state. + AddonStatusDegraded = "degraded" +) + +// AddonState represents the state of an addon. +type AddonState struct { + // Name is the name of the addon + Name string `json:"name"` + // Version is the version of the addon to use + Version string `json:"version"` + // ARN is the AWS ARN of the addon + ARN string `json:"arn"` + // ServiceAccountRoleArn is the ARN of the IAM role used for the service account + ServiceAccountRoleArn *string `json:"serviceAccountRoleARN,omitempty"` + // CreatedAt is the date and time the addon was created at + CreatedAt metav1.Time `json:"createdAt,omitempty"` + // ModifiedAt is the date and time the addon was last modified + ModifiedAt metav1.Time `json:"modifiedAt,omitempty"` + // Status is the status of the addon + Status *string `json:"status,omitempty"` + // Issues is a list of issue associated with the addon + Issues []AddonIssue `json:"issues,omitempty"` +} + +// AddonIssue represents an issue with an addon. +type AddonIssue struct { + // Code is the issue code + Code *string `json:"code,omitempty"` + // Message is the textual description of the issue + Message *string `json:"message,omitempty"` + // ResourceIDs is a list of resource ids for the issue + ResourceIDs []string `json:"resourceIds,omitempty"` +} + +const ( + // SecurityGroupCluster is the security group for communication between EKS + // control plane and managed node groups. + SecurityGroupCluster = infrav1.SecurityGroupRole("cluster") +) + +// OIDCIdentityProviderConfig represents the configuration for an OIDC identity provider. +type OIDCIdentityProviderConfig struct { + // This is also known as audience. The ID for the client application that makes + // authentication requests to the OpenID identity provider. + // +kubebuilder:validation:Required + ClientID string `json:"clientId,omitempty"` + + // The JWT claim that the provider uses to return your groups. + // +optional + GroupsClaim *string `json:"groupsClaim,omitempty"` + + // The prefix that is prepended to group claims to prevent clashes with existing + // names (such as system: groups). For example, the valueoidc: will create group + // names like oidc:engineering and oidc:infra. + // +optional + GroupsPrefix *string `json:"groupsPrefix,omitempty"` + + // The name of the OIDC provider configuration. + // + // IdentityProviderConfigName is a required field + // +kubebuilder:validation:Required + IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"` + + // The URL of the OpenID identity provider that allows the API server to discover + // public signing keys for verifying tokens. The URL must begin with https:// + // and should correspond to the iss claim in the provider's OIDC ID tokens. + // Per the OIDC standard, path components are allowed but query parameters are + // not. Typically the URL consists of only a hostname, like https://server.example.org + // or https://example.com. This URL should point to the level below .well-known/openid-configuration + // and must be publicly accessible over the internet. + // + // +kubebuilder:validation:Required + IssuerURL string `json:"issuerUrl,omitempty"` + + // The key value pairs that describe required claims in the identity token. + // If set, each claim is verified to be present in the token with a matching + // value. For the maximum number of claims that you can require, see Amazon + // EKS service quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) + // in the Amazon EKS User Guide. + // +optional + RequiredClaims map[string]string `json:"requiredClaims,omitempty"` + + // The JSON Web Token (JWT) claim to use as the username. The default is sub, + // which is expected to be a unique identifier of the end user. You can choose + // other claims, such as email or name, depending on the OpenID identity provider. + // Claims other than email are prefixed with the issuer URL to prevent naming + // clashes with other plug-ins. + // +optional + UsernameClaim *string `json:"usernameClaim,omitempty"` + + // The prefix that is prepended to username claims to prevent clashes with existing + // names. If you do not provide this field, and username is a value other than + // email, the prefix defaults to issuerurl#. You can use the value - to disable + // all prefixing. + // +optional + UsernamePrefix *string `json:"usernamePrefix,omitempty"` + + // tags to apply to oidc identity provider association + // +optional + Tags infrav1.Tags `json:"tags,omitempty"` +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/validate.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/validate.go new file mode 100644 index 000000000..0579247ed --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/validate.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta2 + +import ( + "strings" + + "github.com/aws/aws-sdk-go/aws/arn" + "github.com/pkg/errors" +) + +// Errors for validation of Amazon EKS nodes that are registered with the control plane. +var ( + ErrRoleARNRequired = errors.New("rolearn is required") + ErrUserARNRequired = errors.New("userarn is required") + ErrUserNameRequired = errors.New("username is required") + ErrGroupsRequired = errors.New("groups are required") + ErrIsNotARN = errors.New("supplied value is not a ARN") + ErrIsNotRoleARN = errors.New("supplied ARN is not a role ARN") + ErrIsNotUserARN = errors.New("supplied ARN is not a user ARN") +) + +// Validate will return nil is there are no errors with the role mapping. +func (r *RoleMapping) Validate() []error { + errs := []error{} + + if strings.TrimSpace(r.RoleARN) == "" { + errs = append(errs, ErrRoleARNRequired) + } + if strings.TrimSpace(r.UserName) == "" { + errs = append(errs, ErrUserNameRequired) + } + if len(r.Groups) == 0 { + errs = append(errs, ErrGroupsRequired) + } + + if !arn.IsARN(r.RoleARN) { + errs = append(errs, ErrIsNotARN) + } else { + parsedARN, err := arn.Parse(r.RoleARN) + if err != nil { + errs = append(errs, err) + } else if !strings.Contains(parsedARN.Resource, "role/") { + errs = append(errs, ErrIsNotRoleARN) + } + } + + if len(errs) == 0 { + return nil + } + + return errs +} + +// Validate will return nil is there are no errors with the user mapping. +func (u *UserMapping) Validate() []error { + errs := []error{} + + if strings.TrimSpace(u.UserARN) == "" { + errs = append(errs, ErrUserARNRequired) + } + if strings.TrimSpace(u.UserName) == "" { + errs = append(errs, ErrUserNameRequired) + } + if len(u.Groups) == 0 { + errs = append(errs, ErrGroupsRequired) + } + + if !arn.IsARN(u.UserARN) { + errs = append(errs, ErrIsNotARN) + } else { + parsedARN, err := arn.Parse(u.UserARN) + if err != nil { + errs = append(errs, err) + } else if !strings.Contains(parsedARN.Resource, "user/") { + errs = append(errs, ErrIsNotUserARN) + } + } + + if len(errs) == 0 { + return nil + } + + return errs +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/zz_generated.deepcopy.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/zz_generated.deepcopy.go new file mode 100644 index 000000000..5923b8127 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2/zz_generated.deepcopy.go @@ -0,0 +1,702 @@ +//go:build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta2 + +import ( + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + apiv1beta2 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2" + "sigs.k8s.io/cluster-api/api/v1beta1" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlane) DeepCopyInto(out *AWSManagedControlPlane) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlane. +func (in *AWSManagedControlPlane) DeepCopy() *AWSManagedControlPlane { + if in == nil { + return nil + } + out := new(AWSManagedControlPlane) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSManagedControlPlane) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneList) DeepCopyInto(out *AWSManagedControlPlaneList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AWSManagedControlPlane, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneList. +func (in *AWSManagedControlPlaneList) DeepCopy() *AWSManagedControlPlaneList { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSManagedControlPlaneList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneSpec) DeepCopyInto(out *AWSManagedControlPlaneSpec) { + *out = *in + if in.IdentityRef != nil { + in, out := &in.IdentityRef, &out.IdentityRef + *out = new(apiv1beta2.AWSIdentityReference) + **out = **in + } + in.NetworkSpec.DeepCopyInto(&out.NetworkSpec) + if in.SecondaryCidrBlock != nil { + in, out := &in.SecondaryCidrBlock, &out.SecondaryCidrBlock + *out = new(string) + **out = **in + } + if in.SSHKeyName != nil { + in, out := &in.SSHKeyName, &out.SSHKeyName + *out = new(string) + **out = **in + } + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } + if in.RoleName != nil { + in, out := &in.RoleName, &out.RoleName + *out = new(string) + **out = **in + } + if in.RoleAdditionalPolicies != nil { + in, out := &in.RoleAdditionalPolicies, &out.RoleAdditionalPolicies + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } + if in.Logging != nil { + in, out := &in.Logging, &out.Logging + *out = new(ControlPlaneLoggingSpec) + **out = **in + } + if in.EncryptionConfig != nil { + in, out := &in.EncryptionConfig, &out.EncryptionConfig + *out = new(EncryptionConfig) + (*in).DeepCopyInto(*out) + } + if in.AdditionalTags != nil { + in, out := &in.AdditionalTags, &out.AdditionalTags + *out = make(apiv1beta2.Tags, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.IAMAuthenticatorConfig != nil { + in, out := &in.IAMAuthenticatorConfig, &out.IAMAuthenticatorConfig + *out = new(IAMAuthenticatorConfig) + (*in).DeepCopyInto(*out) + } + in.EndpointAccess.DeepCopyInto(&out.EndpointAccess) + out.ControlPlaneEndpoint = in.ControlPlaneEndpoint + in.Bastion.DeepCopyInto(&out.Bastion) + if in.TokenMethod != nil { + in, out := &in.TokenMethod, &out.TokenMethod + *out = new(EKSTokenMethod) + **out = **in + } + if in.Addons != nil { + in, out := &in.Addons, &out.Addons + *out = new([]Addon) + if **in != nil { + in, out := *in, *out + *out = make([]Addon, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + if in.OIDCIdentityProviderConfig != nil { + in, out := &in.OIDCIdentityProviderConfig, &out.OIDCIdentityProviderConfig + *out = new(OIDCIdentityProviderConfig) + (*in).DeepCopyInto(*out) + } + in.VpcCni.DeepCopyInto(&out.VpcCni) + out.KubeProxy = in.KubeProxy +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneSpec. +func (in *AWSManagedControlPlaneSpec) DeepCopy() *AWSManagedControlPlaneSpec { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneStatus) DeepCopyInto(out *AWSManagedControlPlaneStatus) { + *out = *in + in.Network.DeepCopyInto(&out.Network) + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = make(v1beta1.FailureDomains, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + } + if in.Bastion != nil { + in, out := &in.Bastion, &out.Bastion + *out = new(apiv1beta2.Instance) + (*in).DeepCopyInto(*out) + } + out.OIDCProvider = in.OIDCProvider + if in.ExternalManagedControlPlane != nil { + in, out := &in.ExternalManagedControlPlane, &out.ExternalManagedControlPlane + *out = new(bool) + **out = **in + } + if in.FailureMessage != nil { + in, out := &in.FailureMessage, &out.FailureMessage + *out = new(string) + **out = **in + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make(v1beta1.Conditions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Addons != nil { + in, out := &in.Addons, &out.Addons + *out = make([]AddonState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.IdentityProviderStatus = in.IdentityProviderStatus + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneStatus. +func (in *AWSManagedControlPlaneStatus) DeepCopy() *AWSManagedControlPlaneStatus { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneTemplate) DeepCopyInto(out *AWSManagedControlPlaneTemplate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneTemplate. +func (in *AWSManagedControlPlaneTemplate) DeepCopy() *AWSManagedControlPlaneTemplate { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSManagedControlPlaneTemplate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneTemplateList) DeepCopyInto(out *AWSManagedControlPlaneTemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AWSManagedControlPlaneTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneTemplateList. +func (in *AWSManagedControlPlaneTemplateList) DeepCopy() *AWSManagedControlPlaneTemplateList { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneTemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AWSManagedControlPlaneTemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneTemplateResource) DeepCopyInto(out *AWSManagedControlPlaneTemplateResource) { + *out = *in + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneTemplateResource. +func (in *AWSManagedControlPlaneTemplateResource) DeepCopy() *AWSManagedControlPlaneTemplateResource { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneTemplateResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSManagedControlPlaneTemplateSpec) DeepCopyInto(out *AWSManagedControlPlaneTemplateSpec) { + *out = *in + in.Template.DeepCopyInto(&out.Template) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneTemplateSpec. +func (in *AWSManagedControlPlaneTemplateSpec) DeepCopy() *AWSManagedControlPlaneTemplateSpec { + if in == nil { + return nil + } + out := new(AWSManagedControlPlaneTemplateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Addon) DeepCopyInto(out *Addon) { + *out = *in + if in.ConflictResolution != nil { + in, out := &in.ConflictResolution, &out.ConflictResolution + *out = new(AddonResolution) + **out = **in + } + if in.ServiceAccountRoleArn != nil { + in, out := &in.ServiceAccountRoleArn, &out.ServiceAccountRoleArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Addon. +func (in *Addon) DeepCopy() *Addon { + if in == nil { + return nil + } + out := new(Addon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddonIssue) DeepCopyInto(out *AddonIssue) { + *out = *in + if in.Code != nil { + in, out := &in.Code, &out.Code + *out = new(string) + **out = **in + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + if in.ResourceIDs != nil { + in, out := &in.ResourceIDs, &out.ResourceIDs + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonIssue. +func (in *AddonIssue) DeepCopy() *AddonIssue { + if in == nil { + return nil + } + out := new(AddonIssue) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddonState) DeepCopyInto(out *AddonState) { + *out = *in + if in.ServiceAccountRoleArn != nil { + in, out := &in.ServiceAccountRoleArn, &out.ServiceAccountRoleArn + *out = new(string) + **out = **in + } + in.CreatedAt.DeepCopyInto(&out.CreatedAt) + in.ModifiedAt.DeepCopyInto(&out.ModifiedAt) + if in.Status != nil { + in, out := &in.Status, &out.Status + *out = new(string) + **out = **in + } + if in.Issues != nil { + in, out := &in.Issues, &out.Issues + *out = make([]AddonIssue, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonState. +func (in *AddonState) DeepCopy() *AddonState { + if in == nil { + return nil + } + out := new(AddonState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControlPlaneLoggingSpec) DeepCopyInto(out *ControlPlaneLoggingSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneLoggingSpec. +func (in *ControlPlaneLoggingSpec) DeepCopy() *ControlPlaneLoggingSpec { + if in == nil { + return nil + } + out := new(ControlPlaneLoggingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EncryptionConfig) DeepCopyInto(out *EncryptionConfig) { + *out = *in + if in.Provider != nil { + in, out := &in.Provider, &out.Provider + *out = new(string) + **out = **in + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfig. +func (in *EncryptionConfig) DeepCopy() *EncryptionConfig { + if in == nil { + return nil + } + out := new(EncryptionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EndpointAccess) DeepCopyInto(out *EndpointAccess) { + *out = *in + if in.Public != nil { + in, out := &in.Public, &out.Public + *out = new(bool) + **out = **in + } + if in.PublicCIDRs != nil { + in, out := &in.PublicCIDRs, &out.PublicCIDRs + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Private != nil { + in, out := &in.Private, &out.Private + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointAccess. +func (in *EndpointAccess) DeepCopy() *EndpointAccess { + if in == nil { + return nil + } + out := new(EndpointAccess) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IAMAuthenticatorConfig) DeepCopyInto(out *IAMAuthenticatorConfig) { + *out = *in + if in.RoleMappings != nil { + in, out := &in.RoleMappings, &out.RoleMappings + *out = make([]RoleMapping, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UserMappings != nil { + in, out := &in.UserMappings, &out.UserMappings + *out = make([]UserMapping, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAMAuthenticatorConfig. +func (in *IAMAuthenticatorConfig) DeepCopy() *IAMAuthenticatorConfig { + if in == nil { + return nil + } + out := new(IAMAuthenticatorConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityProviderStatus) DeepCopyInto(out *IdentityProviderStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderStatus. +func (in *IdentityProviderStatus) DeepCopy() *IdentityProviderStatus { + if in == nil { + return nil + } + out := new(IdentityProviderStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeProxy) DeepCopyInto(out *KubeProxy) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxy. +func (in *KubeProxy) DeepCopy() *KubeProxy { + if in == nil { + return nil + } + out := new(KubeProxy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesMapping) DeepCopyInto(out *KubernetesMapping) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesMapping. +func (in *KubernetesMapping) DeepCopy() *KubernetesMapping { + if in == nil { + return nil + } + out := new(KubernetesMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderConfig) DeepCopyInto(out *OIDCIdentityProviderConfig) { + *out = *in + if in.GroupsClaim != nil { + in, out := &in.GroupsClaim, &out.GroupsClaim + *out = new(string) + **out = **in + } + if in.GroupsPrefix != nil { + in, out := &in.GroupsPrefix, &out.GroupsPrefix + *out = new(string) + **out = **in + } + if in.RequiredClaims != nil { + in, out := &in.RequiredClaims, &out.RequiredClaims + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.UsernameClaim != nil { + in, out := &in.UsernameClaim, &out.UsernameClaim + *out = new(string) + **out = **in + } + if in.UsernamePrefix != nil { + in, out := &in.UsernamePrefix, &out.UsernamePrefix + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(apiv1beta2.Tags, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderConfig. +func (in *OIDCIdentityProviderConfig) DeepCopy() *OIDCIdentityProviderConfig { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. +func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { + if in == nil { + return nil + } + out := new(OIDCProviderStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RoleMapping) DeepCopyInto(out *RoleMapping) { + *out = *in + in.KubernetesMapping.DeepCopyInto(&out.KubernetesMapping) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapping. +func (in *RoleMapping) DeepCopy() *RoleMapping { + if in == nil { + return nil + } + out := new(RoleMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserMapping) DeepCopyInto(out *UserMapping) { + *out = *in + in.KubernetesMapping.DeepCopyInto(&out.KubernetesMapping) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserMapping. +func (in *UserMapping) DeepCopy() *UserMapping { + if in == nil { + return nil + } + out := new(UserMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VpcCni) DeepCopyInto(out *VpcCni) { + *out = *in + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VpcCni. +func (in *VpcCni) DeepCopy() *VpcCni { + if in == nil { + return nil + } + out := new(VpcCni) + in.DeepCopyInto(out) + return out +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/types.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/types.go new file mode 100644 index 000000000..eb21e2a30 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/types.go @@ -0,0 +1,169 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the iam v1beta1 API group. +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +groupName=iam.aws.infrastructure.cluster.x-k8s.io +// +gencrdrefdocs:force +package v1beta1 + +import ( + "encoding/json" + + "github.com/pkg/errors" +) + +type ( + // Effect defines an AWS IAM effect. + Effect string + + // ConditionOperator defines an AWS condition operator. + ConditionOperator string + + // PrincipalType defines an AWS principle type. + PrincipalType string +) + +const ( + + // Any is the AWS IAM policy grammar wildcard. + Any = "*" + + // CurrentVersion is the latest version of the AWS IAM policy grammar. + CurrentVersion = "2012-10-17" + + // EffectAllow is the Allow effect in an AWS IAM policy statement entry. + EffectAllow Effect = "Allow" + + // EffectDeny is the Deny effect in an AWS IAM policy statement entry. + EffectDeny Effect = "Deny" + + // PrincipalAWS is the identity type covering AWS ARNs. + PrincipalAWS PrincipalType = "AWS" + + // PrincipalFederated is the identity type covering federated identities. + PrincipalFederated PrincipalType = "Federated" + + // PrincipalService is the identity type covering AWS services. + PrincipalService PrincipalType = "Service" + + // StringEquals is an AWS IAM policy condition operator. + StringEquals ConditionOperator = "StringEquals" + + // StringNotEquals is an AWS IAM policy condition operator. + StringNotEquals ConditionOperator = "StringNotEquals" + + // StringEqualsIgnoreCase is an AWS IAM policy condition operator. + StringEqualsIgnoreCase ConditionOperator = "StringEqualsIgnoreCase" + + // StringLike is an AWS IAM policy condition operator. + StringLike ConditionOperator = "StringLike" + + // StringNotLike is an AWS IAM policy condition operator. + StringNotLike ConditionOperator = "StringNotLike" + + // DefaultNameSuffix is the default suffix appended to all AWS IAM roles created by clusterawsadm. + DefaultNameSuffix = ".cluster-api-provider-aws.sigs.k8s.io" +) + +// PolicyDocument represents an AWS IAM policy document, and can be +// converted into JSON using "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/converters". +type PolicyDocument struct { + Version string `json:"Version,omitempty"` + Statement Statements `json:"Statement,omitempty"` + ID string `json:"Id,omitempty"` +} + +// StatementEntry represents each "statement" block in an AWS IAM policy document. +type StatementEntry struct { + Sid string `json:",omitempty"` + Principal Principals `json:",omitempty"` + NotPrincipal Principals `json:",omitempty"` + Effect Effect `json:"Effect"` + Action Actions `json:"Action"` + Resource Resources `json:",omitempty"` + Condition Conditions `json:"Condition,omitempty"` +} + +// Statements is the list of StatementEntries. +type Statements []StatementEntry + +// Principals is the map of all identities a statement entry refers to. +type Principals map[PrincipalType]PrincipalID + +// Actions is the list of actions. +type Actions []string + +// UnmarshalJSON is an Actions Unmarshaler. +func (actions *Actions) UnmarshalJSON(data []byte) error { + var ids []string + if err := json.Unmarshal(data, &ids); err == nil { + *actions = Actions(ids) + return nil + } + var id string + if err := json.Unmarshal(data, &id); err != nil { + return errors.Wrap(err, "couldn't unmarshal as either []string or string") + } + *actions = []string{id} + return nil +} + +// Resources is the list of resources. +type Resources []string + +// PrincipalID represents the list of all identities, such as ARNs. +type PrincipalID []string + +// UnmarshalJSON defines an Unmarshaler for a PrincipalID. +func (identityID *PrincipalID) UnmarshalJSON(data []byte) error { + var ids []string + if err := json.Unmarshal(data, &ids); err == nil { + *identityID = PrincipalID(ids) + return nil + } + var id string + if err := json.Unmarshal(data, &id); err != nil { + return errors.Wrap(err, "couldn't unmarshal as either []string or string") + } + *identityID = []string{id} + return nil +} + +// Conditions is the map of all conditions in the statement entry. +type Conditions map[ConditionOperator]interface{} + +// DeepCopyInto copies the receiver, writing into out. in must be non-nil. +func (in Conditions) DeepCopyInto(out *Conditions) { + { + in := &in + *out = make(Conditions, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy copies the receiver, creating a new Conditions. +func (in Conditions) DeepCopy() Conditions { + if in == nil { + return nil + } + out := new(Conditions) + in.DeepCopyInto(out) + return *out +} diff --git a/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/zz_generated.deepcopy.go b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 000000000..b9b8d6251 --- /dev/null +++ b/api/external/sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,211 @@ +//go:build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import () + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in Actions) DeepCopyInto(out *Actions) { + { + in := &in + *out = make(Actions, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Actions. +func (in Actions) DeepCopy() Actions { + if in == nil { + return nil + } + out := new(Actions) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyDocument) DeepCopyInto(out *PolicyDocument) { + *out = *in + if in.Statement != nil { + in, out := &in.Statement, &out.Statement + *out = make(Statements, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyDocument. +func (in *PolicyDocument) DeepCopy() *PolicyDocument { + if in == nil { + return nil + } + out := new(PolicyDocument) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in PrincipalID) DeepCopyInto(out *PrincipalID) { + { + in := &in + *out = make(PrincipalID, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrincipalID. +func (in PrincipalID) DeepCopy() PrincipalID { + if in == nil { + return nil + } + out := new(PrincipalID) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in Principals) DeepCopyInto(out *Principals) { + { + in := &in + *out = make(Principals, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = make(PrincipalID, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Principals. +func (in Principals) DeepCopy() Principals { + if in == nil { + return nil + } + out := new(Principals) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in Resources) DeepCopyInto(out *Resources) { + { + in := &in + *out = make(Resources, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Resources. +func (in Resources) DeepCopy() Resources { + if in == nil { + return nil + } + out := new(Resources) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatementEntry) DeepCopyInto(out *StatementEntry) { + *out = *in + if in.Principal != nil { + in, out := &in.Principal, &out.Principal + *out = make(Principals, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = make(PrincipalID, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + if in.NotPrincipal != nil { + in, out := &in.NotPrincipal, &out.NotPrincipal + *out = make(Principals, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = make(PrincipalID, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + if in.Action != nil { + in, out := &in.Action, &out.Action + *out = make(Actions, len(*in)) + copy(*out, *in) + } + if in.Resource != nil { + in, out := &in.Resource, &out.Resource + *out = make(Resources, len(*in)) + copy(*out, *in) + } + out.Condition = in.Condition.DeepCopy() +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatementEntry. +func (in *StatementEntry) DeepCopy() *StatementEntry { + if in == nil { + return nil + } + out := new(StatementEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in Statements) DeepCopyInto(out *Statements) { + { + in := &in + *out = make(Statements, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Statements. +func (in Statements) DeepCopy() Statements { + if in == nil { + return nil + } + out := new(Statements) + in.DeepCopyInto(out) + return *out +} diff --git a/api/go.mod b/api/go.mod index 8fe36b658..bd10c0675 100644 --- a/api/go.mod +++ b/api/go.mod @@ -11,10 +11,13 @@ replace github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/c require ( github.com/aws/aws-sdk-go v1.55.8 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.240.0 + github.com/aws/aws-sdk-go-v2/service/eks v1.69.0 github.com/blang/semver/v4 v4.0.0 github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common v0.7.0 github.com/nutanix-cloud-native/prism-go-client v0.5.3 github.com/onsi/gomega v1.38.0 + github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.10.0 k8s.io/api v0.32.8 k8s.io/apiextensions-apiserver v0.32.8 @@ -25,6 +28,7 @@ require ( ) require ( + github.com/aws/smithy-go v1.22.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -43,14 +47,12 @@ require ( github.com/google/go-cmp v0.7.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect diff --git a/api/go.sum b/api/go.sum index 249f42ff4..e89d5c1c3 100644 --- a/api/go.sum +++ b/api/go.sum @@ -1,5 +1,11 @@ github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ= github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.240.0 h1:/NUzag+6BGBNvM7FEHDsDK8itSgWEUVhmC2HDBR8NrM= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.240.0/go.mod h1:HDxGArx3/bUnkoFsuvTNIxEj/cR3f+IgsVh1B7Pvay8= +github.com/aws/aws-sdk-go-v2/service/eks v1.69.0 h1:eiZOCsKGl0D7M3FSeSJwJbsikxowCMVz513WDFCe6HY= +github.com/aws/aws-sdk-go-v2/service/eks v1.69.0/go.mod h1:u3CDoNUAkSIGKNiA6LfQtApPmHPGRuAjikx3ObM5XBs= +github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= +github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -56,8 +62,6 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -180,9 +184,6 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/api v0.32.8 h1:PhuKPnqsaXYuwmLXRLAmdDJ9EZ2R2kEbOZTq4UE3lGc= diff --git a/go.mod b/go.mod index 753b70a88..002870e94 100644 --- a/go.mod +++ b/go.mod @@ -65,6 +65,8 @@ require ( github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.55.8 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.240.0 // indirect + github.com/aws/smithy-go v1.22.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -110,7 +112,6 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.8 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.18.0 // indirect diff --git a/go.sum b/go.sum index 218b88190..d723b1354 100644 --- a/go.sum +++ b/go.sum @@ -35,6 +35,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ= github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.240.0 h1:/NUzag+6BGBNvM7FEHDsDK8itSgWEUVhmC2HDBR8NrM= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.240.0/go.mod h1:HDxGArx3/bUnkoFsuvTNIxEj/cR3f+IgsVh1B7Pvay8= +github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw= +github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -182,8 +186,6 @@ github.com/jhump/protoreflect v1.14.0 h1:MBbQK392K3u8NTLbKOCIi3XdI+y+c6yt5oMq0X3 github.com/jhump/protoreflect v1.14.0/go.mod h1:JytZfP5d0r8pVNLZvai7U/MCuTWITgrI4tTg7puQFKI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -444,7 +446,6 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/hack/third-party/capa/go.mod b/hack/third-party/capa/go.mod index f2dcf23ca..c8e110732 100644 --- a/hack/third-party/capa/go.mod +++ b/hack/third-party/capa/go.mod @@ -3,36 +3,37 @@ module github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/external/capa -go 1.22.0 +go 1.23.0 -toolchain go1.24.1 +toolchain go1.24.4 -require sigs.k8s.io/cluster-api-provider-aws/v2 v2.8.4 +require sigs.k8s.io/cluster-api-provider-aws/v2 v2.8.2-0.20250804162141-49f7c868cca0 require ( - github.com/aws/aws-sdk-go v1.55.5 // indirect + github.com/aws/aws-sdk-go v1.55.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ec2 v1.233.0 // indirect + github.com/aws/smithy-go v1.22.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.1 // indirect + github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.11 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect - github.com/google/go-cmp v0.6.0 // indirect + github.com/google/go-cmp v0.7.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/imdario/mergo v0.3.16 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -44,31 +45,34 @@ require ( github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect + github.com/spf13/cobra v1.9.1 // indirect + github.com/spf13/pflag v1.0.6 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/net v0.33.0 // indirect - golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect - golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.35.1 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect + golang.org/x/net v0.38.0 // indirect + golang.org/x/oauth2 v0.28.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect + golang.org/x/time v0.8.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect + google.golang.org/protobuf v1.36.5 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.31.3 // indirect - k8s.io/apiextensions-apiserver v0.31.3 // indirect - k8s.io/apimachinery v0.31.3 // indirect - k8s.io/client-go v0.31.3 // indirect - k8s.io/component-base v0.31.3 // indirect + k8s.io/api v0.32.3 // indirect + k8s.io/apiextensions-apiserver v0.32.3 // indirect + k8s.io/apimachinery v0.32.3 // indirect + k8s.io/client-go v0.32.3 // indirect + k8s.io/component-base v0.32.3 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect - sigs.k8s.io/cluster-api v1.9.4 // indirect - sigs.k8s.io/controller-runtime v0.19.4 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/cluster-api v1.10.2 // indirect + sigs.k8s.io/controller-runtime v0.20.4 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/hack/third-party/capa/go.sum b/hack/third-party/capa/go.sum index 6f3bafadc..316845dba 100644 --- a/hack/third-party/capa/go.sum +++ b/hack/third-party/capa/go.sum @@ -1,67 +1,78 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= -github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= -github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= +github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.36.5 h1:0OF9RiEMEdDdZEMqF9MRjevyxAQcf6gY+E7vwBILFj0= +github.com/aws/aws-sdk-go-v2 v1.36.5/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 h1:SsytQyTMHMDPspp+spo7XwXTP44aJZZAC7fBV2C5+5s= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36/go.mod h1:Q1lnJArKRXkenyog6+Y+zr7WDpk4e6XlR6gs20bbeNo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 h1:i2vNHQiXUvKhs3quBR6aqlgJaiaexz/aNvdCktW/kAM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36/go.mod h1:UdyGa7Q91id/sdyHPwth+043HhmP6yP9MBHgbZM0xo8= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.233.0 h1:VxmOsv7MswuKQcSEIurxe4RK9tC6zYnosw9vBvv74lA= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.233.0/go.mod h1:35jGWx7ECvCwTsApqicFYzZ7JFEnBc6oHUuOQ3xIS54= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2 h1:vX70Z4lNSr7XsioU0uJq5yvxgI50sB66MvD+V/3buS4= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2/go.mod h1:xnCC3vFBfOKpU6PcsCKL2ktgBTZfOwTGxj6V8/X3IS4= +github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw= +github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= -github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= +github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= -github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= +github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -82,10 +93,10 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y= -github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0= +github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM= +github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU= +github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -101,8 +112,11 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace h1:9PNP1jnUjRhfmGMlkXHjYPishpcw4jpSt/V/xYY3FMA= -github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= +github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= +github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= @@ -111,6 +125,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -120,48 +138,48 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= +golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= +golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= -gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= +gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -169,36 +187,33 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= -k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= -k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= -k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= -k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= -k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ= -k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU= +k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls= +k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k= +k8s.io/apiextensions-apiserver v0.32.3 h1:4D8vy+9GWerlErCwVIbcQjsWunF9SUGNu7O7hiQTyPY= +k8s.io/apiextensions-apiserver v0.32.3/go.mod h1:8YwcvVRMVzw0r1Stc7XfGAzB/SIVLunqApySV5V7Dss= +k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U= +k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU= +k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY= +k8s.io/component-base v0.32.3 h1:98WJvvMs3QZ2LYHBzvltFSeJjEx7t5+8s71P7M74u8k= +k8s.io/component-base v0.32.3/go.mod h1:LWi9cR+yPAv7cu2X9rZanTiFKB2kHA+JjmhkKjCZRpI= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/cluster-api v1.9.4 h1:pa2Ho50F9Js/Vv/Jy11TcpmGiqY2ukXCoDj/dY25Y7M= -sigs.k8s.io/cluster-api v1.9.4/go.mod h1:9DjpPCxJJo7/mH+KceINNJHr9c5X9S9HEp2B8JG3Uv8= -sigs.k8s.io/cluster-api-provider-aws/v2 v2.8.4 h1:Qhedvgjob/4dObhNdI3zK6Ekp6MdQP8ce4vF/p0TXlw= -sigs.k8s.io/cluster-api-provider-aws/v2 v2.8.4/go.mod h1:ubZXYyieYt+I4jQFJ47J9Hq4W3zPernTWXlIfIZnB3Y= -sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= -sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/cluster-api v1.10.2 h1:xfvtNu4Fy/41grL0ryH5xSKQjpJEWdO8HiV2lPCCozQ= +sigs.k8s.io/cluster-api v1.10.2/go.mod h1:/b9Un5Imprib6S7ZOcJitC2ep/5wN72b0pXpMQFfbTw= +sigs.k8s.io/cluster-api-provider-aws/v2 v2.8.2-0.20250804162141-49f7c868cca0 h1:b/qKmChjjltKZe+bME3HjkLB3d7MYvkTOpJvfZFj7tc= +sigs.k8s.io/cluster-api-provider-aws/v2 v2.8.2-0.20250804162141-49f7c868cca0/go.mod h1:TfLaTwrn9vmNwdzs2Wrz6u8yv18L8xAuoAzOlLgvyQA= +sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= +sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/make/apis.mk b/make/apis.mk index 8b4067eb3..8b2f9de37 100644 --- a/make/apis.mk +++ b/make/apis.mk @@ -22,16 +22,13 @@ # Add third-party CAPI provider types below PROVIDER_MODULE_capa := sigs.k8s.io/cluster-api-provider-aws/v2 -PROVIDER_API_PATH_capa := api -PROVIDER_API_VERSION_capa := v1beta2 +PROVIDER_API_PATHS_capa := api/v1beta2 controlplane/eks/api/v1beta2 bootstrap/eks/api/v1beta2 iam/api/v1beta1 PROVIDER_MODULE_caaph := sigs.k8s.io/cluster-api-addon-provider-helm -PROVIDER_API_PATH_caaph := api -PROVIDER_API_VERSION_caaph := v1alpha1 +PROVIDER_API_PATHS_caaph := api/v1alpha1 PROVIDER_MODULE_capx := github.com/nutanix-cloud-native/cluster-api-provider-nutanix -PROVIDER_API_PATH_capx := api -PROVIDER_API_VERSION_capx := v1beta1 +PROVIDER_API_PATHS_capx := api/v1beta1 # Add third-party CAPI provider types above @@ -42,19 +39,22 @@ apis.sync: $(addprefix api.sync.,capa caaph capx) mod-tidy.api go-fix.api .PHONY: api.sync.% api.sync.%: ## Syncs a third-party CAPI provider's API types api.sync.%: PROVIDER_MODULE_DIR=$(REPO_ROOT)/hack/third-party/$* -api.sync.%: PROVIDER_API_DIR=api/external/$(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH_$*)/$(PROVIDER_API_VERSION_$*)/ -api.sync.%: ; $(info $(M) syncing external API: $(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH_$*)/$(PROVIDER_API_VERSION_$*)) +api.sync.%: cd $(PROVIDER_MODULE_DIR) && go mod tidy - mkdir -p $(PROVIDER_API_DIR) + $(foreach PROVIDER_API_PATH,$(PROVIDER_API_PATHS_$*), \ + echo 'syncing external API: $(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH)'; \ + mkdir -p api/external/$(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH)/; \ rsync \ --recursive --delete --times --links --verbose --prune-empty-dirs \ --exclude='*webhook*.go' \ --exclude='*test.go' \ --exclude='s3bucket.go' \ - $$(cd $(PROVIDER_MODULE_DIR) && GOWORK=off go list -m -f '{{ .Dir }}' $(PROVIDER_MODULE_$*))/$(PROVIDER_API_PATH_$*)/$(PROVIDER_API_VERSION_$*)/*.go \ - $(PROVIDER_API_DIR) - find $(PROVIDER_API_DIR) -type d -exec chmod 0755 {} \; - find $(PROVIDER_API_DIR) -type f -exec chmod 0644 {} \; + $$(cd $(PROVIDER_MODULE_DIR) && GOWORK=off go list -m -f '{{ .Dir }}' $(PROVIDER_MODULE_$*))/$(PROVIDER_API_PATH)/*.go \ + api/external/$(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH)/; \ + find api/external/$(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH)/ -type d -exec chmod 0755 {} \; ; \ + find api/external/$(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH)/ -type f -exec chmod 0644 {} \; ; \ + sed -i 's|"$(PROVIDER_MODULE_$*)/|"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/$(PROVIDER_MODULE_$*)/|' api/external/$(PROVIDER_MODULE_$*)/$(PROVIDER_API_PATH)/*.go; \ + ) .PHONY: coredns.sync coredns.sync: ## Syncs the Kubernetes version to CoreDNS version mapping used in the cluster upgrade diff --git a/make/clusterctl.mk b/make/clusterctl.mk index cb95fb003..de250353f 100644 --- a/make/clusterctl.mk +++ b/make/clusterctl.mk @@ -3,7 +3,8 @@ export CAPI_VERSION := $(shell GOWORK=off go list -m -f '{{ .Version }}' sigs.k8s.io/cluster-api) export CAPD_VERSION := $(shell GOWORK=off go list -m -f '{{ .Version }}' sigs.k8s.io/cluster-api/test) -export CAPA_VERSION := $(shell cd hack/third-party/capa && GOWORK=off go list -m -f '{{ .Version }}' sigs.k8s.io/cluster-api-provider-aws/v2) +# export CAPA_VERSION := $(shell cd hack/third-party/capa && GOWORK=off go list -m -f '{{ .Version }}' sigs.k8s.io/cluster-api-provider-aws/v2) +export CAPA_VERSION := v2.8.4 export CAPX_VERSION := $(shell cd hack/third-party/capx && GOWORK=off go list -m -f '{{ .Version }}' github.com/nutanix-cloud-native/cluster-api-provider-nutanix) export CAAPH_VERSION := $(shell cd hack/third-party/caaph && GOWORK=off go list -m -f '{{ .Version }}' sigs.k8s.io/cluster-api-addon-provider-helm) @@ -13,6 +14,7 @@ clusterctl.init: env CLUSTER_TOPOLOGY=true \ EXP_RUNTIME_SDK=true \ EXP_MACHINE_POOL=true \ + CAPA_EKS=true \ AWS_B64ENCODED_CREDENTIALS=$$(clusterctl-aws bootstrap credentials encode-as-profile) \ NUTANIX_ENDPOINT="" NUTANIX_PASSWORD="" NUTANIX_USER="" \ clusterctl init \ @@ -23,7 +25,17 @@ clusterctl.init: --infrastructure docker:$(CAPD_VERSION),aws:$(CAPA_VERSION),nutanix:$(CAPX_VERSION) \ --addon helm:$(CAAPH_VERSION) \ --wait-providers + kubectl apply --server-side --force-conflicts \ + -k 'https://github.com/jimmidyson/cluster-api-provider-aws/config/crd?ref=$(CAPA_VERSION)-eksclusterclass' + kubectl set image -n capa-system deployment/capa-controller-manager \ + manager=ghcr.io/jimmidyson/cluster-api-aws/cluster-api-aws-controller:$(CAPA_VERSION)-eksclusterclass .PHONY: clusterctl.delete clusterctl.delete: clusterctl delete --kubeconfig=$(KIND_KUBECONFIG) --all + +.PHONY: capa.update-credentials-secret +capa.update-credentials-secret: + kubectl patch secret capa-manager-bootstrap-credentials -n capa-system -p="{\"data\":{\"credentials\": \"$$(clusterctl-aws bootstrap credentials encode-as-profile)\"}}" + kubectl rollout restart deployment capa-controller-manager -n capa-system + kubectl rollout status deployment capa-controller-manager -n capa-system diff --git a/make/dev.mk b/make/dev.mk index 57974e495..66f6cd033 100644 --- a/make/dev.mk +++ b/make/dev.mk @@ -15,14 +15,15 @@ endif dev.run-on-kind: SNAPSHOT_VERSION = $(shell gojq -r '.version+"-"+.runtime.goarch' dist/metadata.json) dev.run-on-kind: kind load docker-image --name $(KIND_CLUSTER_NAME) \ - ko.local/cluster-api-runtime-extensions-nutanix:$(SNAPSHOT_VERSION) \ - ghcr.io/nutanix-cloud-native/cluster-api-runtime-extensions-helm-chart-bundle-initializer:$(SNAPSHOT_VERSION) + ko.local/cluster-api-runtime-extensions-nutanix:$(SNAPSHOT_VERSION) \ + ghcr.io/nutanix-cloud-native/cluster-api-runtime-extensions-helm-chart-bundle-initializer:$(SNAPSHOT_VERSION) helm upgrade --install cluster-api-runtime-extensions-nutanix ./charts/cluster-api-runtime-extensions-nutanix \ - --set-string image.repository=ko.local/cluster-api-runtime-extensions-nutanix \ - --set-string image.tag=$(SNAPSHOT_VERSION) \ - --set-string helmRepository.images.bundleInitializer.tag=$(SNAPSHOT_VERSION) \ - --set extraArgs.feature-gates="$(CAREN_FEATURE_GATES)" \ - --wait --wait-for-jobs + --set-string image.repository=ko.local/cluster-api-runtime-extensions-nutanix \ + --set-string image.tag=$(SNAPSHOT_VERSION) \ + --set-string helmRepository.images.bundleInitializer.tag=$(SNAPSHOT_VERSION) \ + --set extraArgs.feature-gates="$(CAREN_FEATURE_GATES)" \ + --set extraArgs.v=5 \ + --wait --wait-for-jobs kubectl rollout restart deployment cluster-api-runtime-extensions-nutanix kubectl rollout restart deployment helm-repository kubectl rollout status deployment cluster-api-runtime-extensions-nutanix