openmcp-project · guewa · Aug 8, 2025 · Aug 8, 2025 · Aug 8, 2025
diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go
@@ -45,6 +45,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ControlPlaneConfig{},
 		&WorkerConfig{},
 		&WorkerStatus{},
+		&WorkloadIdentityConfig{},
+		&BackupBucketConfig{},
 	)
 	return nil
 }
diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_backupbucket.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_backupbucket.go
@@ -0,0 +1,52 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Gardener contributors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// RetentionType defines the level at which immutability properties are applied on objects.
+type RetentionType string
+
+// ModeType defines the type of object lock mode for immutability settings.
+type ModeType string
+
+const (
+	// BucketLevelImmutability sets the immutability feature on the bucket level.
+	BucketLevelImmutability RetentionType = "bucket"
+	// ComplianceMode sets the "compliance" mode immutability.
+	ComplianceMode ModeType = "compliance"
+	// GovernanceMode sets the "governance" mode immutability.
+	GovernanceMode ModeType = "governance"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// BackupBucketConfig represents the configuration for a backup bucket.
+type BackupBucketConfig struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// Immutability defines the immutability configuration for the backup bucket.
+	// +optional
+	Immutability *ImmutableConfig `json:"immutability,omitempty"`
+}
+
+// ImmutableConfig represents the immutability configuration for a backup bucket.
+type ImmutableConfig struct {
+	// RetentionType specifies the type of retention for the backup bucket.
+	// Currently allowed value is:
+	// - "bucket": retention policy applies on the entire bucket.
+	RetentionType RetentionType `json:"retentionType"`
+
+	// RetentionPeriod specifies the immutability retention period for the backup bucket.
+	// S3 only supports immutability durations in days or years, therefore this field must be set as multiple of 24h.
+	RetentionPeriod metav1.Duration `json:"retentionPeriod"`
+
+	// S3 provides two retention modes that apply different levels of protection to objects:
+	// Allowed values are: "governance" or "compliance" mode.
+	Mode ModeType `json:"mode"`
+}
diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_workloadidentity.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/types_workloadidentity.go
@@ -0,0 +1,20 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// WorkloadIdentityConfig contains configuration settings for workload identity.
+type WorkloadIdentityConfig struct {
+	metav1.TypeMeta
+
+	// RoleARN is the identifier of the role that the workload identity will assume.
+	RoleARN string `json:"roleARN,omitempty"`
+}
diff --git a/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go b/api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/zz_generated.deepcopy.go
diff --git a/api/external/gardener/pkg/apis/authentication/v1alpha1/register.go b/api/external/gardener/pkg/apis/authentication/v1alpha1/register.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
 //
 // SPDX-License-Identifier: Apache-2.0
 package v1alpha1

diff --git a/api/external/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go b/api/external/gardener/pkg/apis/authentication/v1alpha1/types_adminkubeconfigrequest.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -16,6 +16,7 @@ type AdminKubeconfigRequest struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object metadata.
 	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
 	// Spec is the specification of the AdminKubeconfigRequest.
 	Spec AdminKubeconfigRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
 	// Status is the status of the AdminKubeconfigRequest.

diff --git a/api/external/gardener/pkg/apis/authentication/v1alpha1/types_viewerkubeconfigrequest.go b/api/external/gardener/pkg/apis/authentication/v1alpha1/types_viewerkubeconfigrequest.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -16,6 +16,7 @@ type ViewerKubeconfigRequest struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object metadata.
 	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
 	// Spec is the specification of the ViewerKubeconfigRequest.
 	Spec ViewerKubeconfigRequestSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
 	// Status is the status of the ViewerKubeconfigRequest.

diff --git a/api/external/gardener/pkg/apis/core/types.go b/api/external/gardener/pkg/apis/core/types.go
@@ -1,17 +1,27 @@
-// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors
 //
 // SPDX-License-Identifier: Apache-2.0
 
 package core
 
 import (
+	autoscalingv1 "k8s.io/api/autoscaling/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 const (
 	// GardenerSeedLeaseNamespace is the namespace in which Gardenlet will report Seeds'
 	// status using Lease resources for each Seed
 	GardenerSeedLeaseNamespace = "gardener-system-seed-lease"
+	// GardenerShootIssuerNamespace is the namespace in which Gardenlet
+	// will sync service account issuer discovery documents
+	// of Shoot clusters which require managed issuer
+	GardenerShootIssuerNamespace = "gardener-system-shoot-issuer"
+	// GardenerSystemPublicNamespace is the namespace which will contain a resources
+	// describing gardener installation itself. The resources in this namespace
+	// may be visible to all authenticated users.
+	GardenerSystemPublicNamespace = "gardener-system-public"
 )
 
 // Object is a core object resource.
@@ -49,7 +59,26 @@ type AccessRestriction struct {
 // allows to specify additional options.
 type AccessRestrictionWithOptions struct {
 	AccessRestriction
+
 	// Options is a map of additional options for the access restriction.
 	// +optional
 	Options map[string]string
 }
+
+// Extension contains type and provider information for extensions.
+type Extension struct {
+	// Type is the type of the extension resource.
+	Type string
+	// ProviderConfig is the configuration passed to extension resource.
+	ProviderConfig *runtime.RawExtension
+	// Disabled allows to disable extensions that were marked as 'automatically enabled' by Gardener administrators.
+	Disabled *bool
+}
+
+// NamedResourceReference is a named reference to a resource.
+type NamedResourceReference struct {
+	// Name of the resource reference.
+	Name string
+	// ResourceRef is a reference to a resource.
+	ResourceRef autoscalingv1.CrossVersionObjectReference
+}