From 13268db51472c4e23f86d56d3895fa39ec9c9dda Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Thu, 28 Sep 2023 16:13:39 +0200 Subject: [PATCH] [KeyVault]: Allow non RFC1123 name for Key,Secret,Certificate * Fixes https://github.com/upbound/provider-azure/issues/555 * Allows custom name to be specified at `spec.forProvider.name` removing the limitation of external resource name to be compliant with k8s object `metadata.name` * Related test suite updates Signed-off-by: Yury Tsarev --- apis/keyvault/v1beta1/zz_certificate_types.go | 15 ++++++- .../keyvault/v1beta1/zz_generated.deepcopy.go | 45 +++++++++++++++++++ apis/keyvault/v1beta1/zz_key_types.go | 11 +++++ apis/keyvault/v1beta1/zz_secret_types.go | 11 +++++ config/externalname.go | 5 +-- .../appplatform/springcloudcertificate.yaml | 1 + .../compute/diskencryptionset.yaml | 1 + .../workspacecustomermanagedkey.yaml | 1 + .../backupinstancepostgresql.yaml | 1 + .../dbforpostgresql/serverkey.yaml | 1 + examples-generated/keyvault/certificate.yaml | 1 + examples-generated/keyvault/key.yaml | 1 + examples-generated/keyvault/secret.yaml | 1 + .../synapse/workspaceaadadmin.yaml | 1 + .../synapse/workspacesqlaadadmin.yaml | 1 + .../workspacecustomermanagedkey.yaml | 1 + .../backupinstancepostgresql.yaml | 1 + examples/dbforpostgresql/server-key.yaml | 1 + examples/keyvault/certificate.yaml | 1 + examples/keyvault/key.yaml | 1 + examples/keyvault/secret.yaml | 1 + examples/synapse/workspacesqlaadadmin.yaml | 1 + .../keyvault/certificate/zz_controller.go | 1 - .../controller/keyvault/key/zz_controller.go | 1 - .../keyvault/secret/zz_controller.go | 1 - ...eyvault.azure.upbound.io_certificates.yaml | 17 +++++++ .../crds/keyvault.azure.upbound.io_keys.yaml | 16 +++++++ .../keyvault.azure.upbound.io_secrets.yaml | 16 +++++++ 28 files changed, 147 insertions(+), 9 deletions(-) diff --git a/apis/keyvault/v1beta1/zz_certificate_types.go b/apis/keyvault/v1beta1/zz_certificate_types.go index 144f43e86..601e30a05 100755 --- a/apis/keyvault/v1beta1/zz_certificate_types.go +++ b/apis/keyvault/v1beta1/zz_certificate_types.go @@ -84,6 +84,9 @@ type CertificateInitParameters struct { // A certificate_policy block as defined below. Changing this forces a new resource to be created. CertificatePolicy []CertificatePolicyInitParameters `json:"certificatePolicy,omitempty" tf:"certificate_policy,omitempty"` + // Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // A mapping of tags to assign to the resource. Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } @@ -111,6 +114,9 @@ type CertificateObservation struct { // The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created. KeyVaultID *string `json:"keyVaultId,omitempty" tf:"key_vault_id,omitempty"` + // Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, as such using this won't auto-rotate values if used in other Azure Services. ResourceManagerID *string `json:"resourceManagerId,omitempty" tf:"resource_manager_id,omitempty"` @@ -160,6 +166,10 @@ type CertificateParameters struct { // +kubebuilder:validation:Optional KeyVaultIDSelector *v1.Selector `json:"keyVaultIdSelector,omitempty" tf:"-"` + // Specifies the name of the Key Vault Certificate. Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // A mapping of tags to assign to the resource. // +kubebuilder:validation:Optional Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -513,8 +523,9 @@ type CertificateStatus struct { type Certificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec CertificateSpec `json:"spec"` - Status CertificateStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" + Spec CertificateSpec `json:"spec"` + Status CertificateStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/keyvault/v1beta1/zz_generated.deepcopy.go b/apis/keyvault/v1beta1/zz_generated.deepcopy.go index 6b174f8e2..b6b116605 100644 --- a/apis/keyvault/v1beta1/zz_generated.deepcopy.go +++ b/apis/keyvault/v1beta1/zz_generated.deepcopy.go @@ -1141,6 +1141,11 @@ func (in *CertificateInitParameters) DeepCopyInto(out *CertificateInitParameters (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make(map[string]*string, len(*in)) @@ -1480,6 +1485,11 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { *out = new(string) **out = **in } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.ResourceManagerID != nil { in, out := &in.ResourceManagerID, &out.ResourceManagerID *out = new(string) @@ -1575,6 +1585,11 @@ func (in *CertificateParameters) DeepCopyInto(out *CertificateParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make(map[string]*string, len(*in)) @@ -1999,6 +2014,11 @@ func (in *KeyInitParameters) DeepCopyInto(out *KeyInitParameters) { *out = new(string) **out = **in } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.NotBeforeDate != nil { in, out := &in.NotBeforeDate, &out.NotBeforeDate *out = new(string) @@ -2125,6 +2145,11 @@ func (in *KeyObservation) DeepCopyInto(out *KeyObservation) { *out = new(string) **out = **in } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.NotBeforeDate != nil { in, out := &in.NotBeforeDate, &out.NotBeforeDate *out = new(string) @@ -2254,6 +2279,11 @@ func (in *KeyParameters) DeepCopyInto(out *KeyParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.NotBeforeDate != nil { in, out := &in.NotBeforeDate, &out.NotBeforeDate *out = new(string) @@ -3788,6 +3818,11 @@ func (in *SecretInitParameters) DeepCopyInto(out *SecretInitParameters) { *out = new(string) **out = **in } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.NotBeforeDate != nil { in, out := &in.NotBeforeDate, &out.NotBeforeDate *out = new(string) @@ -3876,6 +3911,11 @@ func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { *out = new(string) **out = **in } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.NotBeforeDate != nil { in, out := &in.NotBeforeDate, &out.NotBeforeDate *out = new(string) @@ -3957,6 +3997,11 @@ func (in *SecretParameters) DeepCopyInto(out *SecretParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.NotBeforeDate != nil { in, out := &in.NotBeforeDate, &out.NotBeforeDate *out = new(string) diff --git a/apis/keyvault/v1beta1/zz_key_types.go b/apis/keyvault/v1beta1/zz_key_types.go index d9eaa351a..fec5d4768 100755 --- a/apis/keyvault/v1beta1/zz_key_types.go +++ b/apis/keyvault/v1beta1/zz_key_types.go @@ -59,6 +59,9 @@ type KeyInitParameters struct { // Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, RSA and RSA-HSM. Changing this forces a new resource to be created. KeyType *string `json:"keyType,omitempty" tf:"key_type,omitempty"` + // Specifies the name of the Key Vault Key. Changing this forces a new resource to be created. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). NotBeforeDate *string `json:"notBeforeDate,omitempty" tf:"not_before_date,omitempty"` @@ -98,6 +101,9 @@ type KeyObservation struct { // The RSA modulus of this Key Vault Key. N *string `json:"n,omitempty" tf:"n,omitempty"` + // Specifies the name of the Key Vault Key. Changing this forces a new resource to be created. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). NotBeforeDate *string `json:"notBeforeDate,omitempty" tf:"not_before_date,omitempty"` @@ -168,6 +174,10 @@ type KeyParameters struct { // +kubebuilder:validation:Optional KeyVaultIDSelector *v1.Selector `json:"keyVaultIdSelector,omitempty" tf:"-"` + // Specifies the name of the Key Vault Key. Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). // +kubebuilder:validation:Optional NotBeforeDate *string `json:"notBeforeDate,omitempty" tf:"not_before_date,omitempty"` @@ -258,6 +268,7 @@ type Key struct { metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.keyOpts) || (has(self.initProvider) && has(self.initProvider.keyOpts))",message="spec.forProvider.keyOpts is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.keyType) || (has(self.initProvider) && has(self.initProvider.keyType))",message="spec.forProvider.keyType is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" Spec KeySpec `json:"spec"` Status KeyStatus `json:"status,omitempty"` } diff --git a/apis/keyvault/v1beta1/zz_secret_types.go b/apis/keyvault/v1beta1/zz_secret_types.go index 9710926c5..e96936ae4 100755 --- a/apis/keyvault/v1beta1/zz_secret_types.go +++ b/apis/keyvault/v1beta1/zz_secret_types.go @@ -21,6 +21,9 @@ type SecretInitParameters struct { // Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). ExpirationDate *string `json:"expirationDate,omitempty" tf:"expiration_date,omitempty"` + // Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). NotBeforeDate *string `json:"notBeforeDate,omitempty" tf:"not_before_date,omitempty"` @@ -42,6 +45,9 @@ type SecretObservation struct { // The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. KeyVaultID *string `json:"keyVaultId,omitempty" tf:"key_vault_id,omitempty"` + // Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). NotBeforeDate *string `json:"notBeforeDate,omitempty" tf:"not_before_date,omitempty"` @@ -85,6 +91,10 @@ type SecretParameters struct { // +kubebuilder:validation:Optional KeyVaultIDSelector *v1.Selector `json:"keyVaultIdSelector,omitempty" tf:"-"` + // Specifies the name of the Key Vault Secret. Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). // +kubebuilder:validation:Optional NotBeforeDate *string `json:"notBeforeDate,omitempty" tf:"not_before_date,omitempty"` @@ -134,6 +144,7 @@ type SecretStatus struct { type Secret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.valueSecretRef)",message="spec.forProvider.valueSecretRef is a required parameter" Spec SecretSpec `json:"spec"` Status SecretStatus `json:"status,omitempty"` diff --git a/config/externalname.go b/config/externalname.go index d60503756..4c02d32a8 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -1860,10 +1860,7 @@ var ExternalNameConfigs = map[string]config.ExternalName{ } func keyVaultURLIDConf(resourceType string) config.ExternalName { - e := config.NameAsIdentifier - e.SetIdentifierArgumentFn = func(base map[string]any, externalName string) { - base["name"] = strings.Split(externalName, "/")[0] - } + e := config.IdentifierFromProvider e.GetExternalNameFn = func(tfstate map[string]any) (string, error) { id, ok := tfstate["id"] if !ok { diff --git a/examples-generated/appplatform/springcloudcertificate.yaml b/examples-generated/appplatform/springcloudcertificate.yaml index 7223a0e92..20b49fce9 100644 --- a/examples-generated/appplatform/springcloudcertificate.yaml +++ b/examples-generated/appplatform/springcloudcertificate.yaml @@ -77,6 +77,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: cert-example --- diff --git a/examples-generated/compute/diskencryptionset.yaml b/examples-generated/compute/diskencryptionset.yaml index 255863379..48915cc0c 100644 --- a/examples-generated/compute/diskencryptionset.yaml +++ b/examples-generated/compute/diskencryptionset.yaml @@ -120,6 +120,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: des-example-key --- diff --git a/examples-generated/databricks/workspacecustomermanagedkey.yaml b/examples-generated/databricks/workspacecustomermanagedkey.yaml index bc30ceaf2..bd5004d63 100644 --- a/examples-generated/databricks/workspacecustomermanagedkey.yaml +++ b/examples-generated/databricks/workspacecustomermanagedkey.yaml @@ -137,6 +137,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: example-certificate --- diff --git a/examples-generated/dataprotection/backupinstancepostgresql.yaml b/examples-generated/dataprotection/backupinstancepostgresql.yaml index 5a1e0145d..e3e0f0615 100644 --- a/examples-generated/dataprotection/backupinstancepostgresql.yaml +++ b/examples-generated/dataprotection/backupinstancepostgresql.yaml @@ -100,6 +100,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: example valueSecretRef: key: example name: example-postgresql-server diff --git a/examples-generated/dbforpostgresql/serverkey.yaml b/examples-generated/dbforpostgresql/serverkey.yaml index c69edb044..ef2057cc6 100644 --- a/examples-generated/dbforpostgresql/serverkey.yaml +++ b/examples-generated/dbforpostgresql/serverkey.yaml @@ -118,6 +118,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: tfex-key --- diff --git a/examples-generated/keyvault/certificate.yaml b/examples-generated/keyvault/certificate.yaml index 75f23564e..3a86d162b 100644 --- a/examples-generated/keyvault/certificate.yaml +++ b/examples-generated/keyvault/certificate.yaml @@ -20,6 +20,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: imported-cert --- diff --git a/examples-generated/keyvault/key.yaml b/examples-generated/keyvault/key.yaml index 692eb8eec..816f5a2fc 100644 --- a/examples-generated/keyvault/key.yaml +++ b/examples-generated/keyvault/key.yaml @@ -20,6 +20,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: generated-certificate rotationPolicy: - automatic: - timeBeforeExpiry: P30D diff --git a/examples-generated/keyvault/secret.yaml b/examples-generated/keyvault/secret.yaml index afe69dd74..771aca004 100644 --- a/examples-generated/keyvault/secret.yaml +++ b/examples-generated/keyvault/secret.yaml @@ -11,6 +11,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: secret-sauce valueSecretRef: key: example-key name: example-secret diff --git a/examples-generated/synapse/workspaceaadadmin.yaml b/examples-generated/synapse/workspaceaadadmin.yaml index cb5b0db71..d9a9fc97d 100644 --- a/examples-generated/synapse/workspaceaadadmin.yaml +++ b/examples-generated/synapse/workspaceaadadmin.yaml @@ -79,6 +79,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: workspace-encryption-key --- diff --git a/examples-generated/synapse/workspacesqlaadadmin.yaml b/examples-generated/synapse/workspacesqlaadadmin.yaml index 6649ebd2d..28af7c20f 100644 --- a/examples-generated/synapse/workspacesqlaadadmin.yaml +++ b/examples-generated/synapse/workspacesqlaadadmin.yaml @@ -79,6 +79,7 @@ spec: keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example + name: workspace-encryption-key --- diff --git a/examples/databricks/workspacecustomermanagedkey.yaml b/examples/databricks/workspacecustomermanagedkey.yaml index 42e68e0a6..b715d55d2 100644 --- a/examples/databricks/workspacecustomermanagedkey.yaml +++ b/examples/databricks/workspacecustomermanagedkey.yaml @@ -130,6 +130,7 @@ metadata: name: examplekey spec: forProvider: + name: exampleKey keyOpts: - decrypt - encrypt diff --git a/examples/dataprotection/backupinstancepostgresql.yaml b/examples/dataprotection/backupinstancepostgresql.yaml index f77231dc7..925673cdc 100644 --- a/examples/dataprotection/backupinstancepostgresql.yaml +++ b/examples/dataprotection/backupinstancepostgresql.yaml @@ -102,6 +102,7 @@ metadata: name: example-backupinstancepostgresql spec: forProvider: + name: exampleBackupInstancePostgresql keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example diff --git a/examples/dbforpostgresql/server-key.yaml b/examples/dbforpostgresql/server-key.yaml index c6f3e9c3d..cfe152e42 100644 --- a/examples/dbforpostgresql/server-key.yaml +++ b/examples/dbforpostgresql/server-key.yaml @@ -105,6 +105,7 @@ metadata: name: example spec: forProvider: + name: exampleKey keyOpts: - decrypt - encrypt diff --git a/examples/keyvault/certificate.yaml b/examples/keyvault/certificate.yaml index cace7a779..2b1418a93 100644 --- a/examples/keyvault/certificate.yaml +++ b/examples/keyvault/certificate.yaml @@ -8,6 +8,7 @@ metadata: name: uptest-${Rand.RFC1123Subdomain} spec: forProvider: + name: custom-Non-RFC1123Name keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example-cert diff --git a/examples/keyvault/key.yaml b/examples/keyvault/key.yaml index d1774f95e..b0d7fde92 100644 --- a/examples/keyvault/key.yaml +++ b/examples/keyvault/key.yaml @@ -8,6 +8,7 @@ metadata: name: uptest-${Rand.RFC1123Subdomain} spec: forProvider: + name: custom-Non-RFC1123Name keyOpts: - decrypt - encrypt diff --git a/examples/keyvault/secret.yaml b/examples/keyvault/secret.yaml index bcc86d8d2..d4b4b05bb 100644 --- a/examples/keyvault/secret.yaml +++ b/examples/keyvault/secret.yaml @@ -8,6 +8,7 @@ metadata: name: uptest-${Rand.RFC1123Subdomain} spec: forProvider: + name: custom-Non-RFC1123Name keyVaultIdSelector: matchLabels: testing.upbound.io/example-name: example diff --git a/examples/synapse/workspacesqlaadadmin.yaml b/examples/synapse/workspacesqlaadadmin.yaml index 003d902f0..25d236621 100644 --- a/examples/synapse/workspacesqlaadadmin.yaml +++ b/examples/synapse/workspacesqlaadadmin.yaml @@ -74,6 +74,7 @@ metadata: testing.upbound.io/example-name: wssqlaadadmin-key name: wssqlaadadmin-key spec: + name: workspace-encryption-key forProvider: keyOpts: - unwrapKey diff --git a/internal/controller/keyvault/certificate/zz_controller.go b/internal/controller/keyvault/certificate/zz_controller.go index de1dbbced..56fd6a0fc 100755 --- a/internal/controller/keyvault/certificate/zz_controller.go +++ b/internal/controller/keyvault/certificate/zz_controller.go @@ -27,7 +27,6 @@ import ( func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { name := managed.ControllerName(v1beta1.Certificate_GroupVersionKind.String()) var initializers managed.InitializerChain - initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) diff --git a/internal/controller/keyvault/key/zz_controller.go b/internal/controller/keyvault/key/zz_controller.go index cbcf2cb63..cad37a0a8 100755 --- a/internal/controller/keyvault/key/zz_controller.go +++ b/internal/controller/keyvault/key/zz_controller.go @@ -27,7 +27,6 @@ import ( func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { name := managed.ControllerName(v1beta1.Key_GroupVersionKind.String()) var initializers managed.InitializerChain - initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) diff --git a/internal/controller/keyvault/secret/zz_controller.go b/internal/controller/keyvault/secret/zz_controller.go index c5664e627..efb8382ab 100755 --- a/internal/controller/keyvault/secret/zz_controller.go +++ b/internal/controller/keyvault/secret/zz_controller.go @@ -27,7 +27,6 @@ import ( func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { name := managed.ControllerName(v1beta1.Secret_GroupVersionKind.String()) var initializers managed.InitializerChain - initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) diff --git a/package/crds/keyvault.azure.upbound.io_certificates.yaml b/package/crds/keyvault.azure.upbound.io_certificates.yaml index 82a1a5527..dda6e48b8 100644 --- a/package/crds/keyvault.azure.upbound.io_certificates.yaml +++ b/package/crds/keyvault.azure.upbound.io_certificates.yaml @@ -351,6 +351,10 @@ spec: type: string type: object type: object + name: + description: Specifies the name of the Key Vault Certificate. + Changing this forces a new resource to be created. + type: string tags: additionalProperties: type: string @@ -540,6 +544,10 @@ spec: type: array type: object type: array + name: + description: Specifies the name of the Key Vault Certificate. + Changing this forces a new resource to be created. + type: string tags: additionalProperties: type: string @@ -707,6 +715,11 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' status: description: CertificateStatus defines the observed state of Certificate. properties: @@ -959,6 +972,10 @@ spec: description: The ID of the Key Vault where the Certificate should be created. Changing this forces a new resource to be created. type: string + name: + description: Specifies the name of the Key Vault Certificate. + Changing this forces a new resource to be created. + type: string resourceManagerId: description: The (Versioned) ID for this Key Vault Certificate. This property points to a specific version of a Key Vault Certificate, diff --git a/package/crds/keyvault.azure.upbound.io_keys.yaml b/package/crds/keyvault.azure.upbound.io_keys.yaml index bfba4d453..e6a7b15dd 100644 --- a/package/crds/keyvault.azure.upbound.io_keys.yaml +++ b/package/crds/keyvault.azure.upbound.io_keys.yaml @@ -171,6 +171,10 @@ spec: type: string type: object type: object + name: + description: Specifies the name of the Key Vault Key. Changing + this forces a new resource to be created. + type: string notBeforeDate: description: Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). type: string @@ -249,6 +253,10 @@ spec: Key. Possible values are EC (Elliptic Curve), EC-HSM, RSA and RSA-HSM. Changing this forces a new resource to be created. type: string + name: + description: Specifies the name of the Key Vault Key. Changing + this forces a new resource to be created. + type: string notBeforeDate: description: Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). type: string @@ -456,6 +464,10 @@ spec: rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.keyType) || (has(self.initProvider) && has(self.initProvider.keyType))' + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' status: description: KeyStatus defines the observed state of Key. properties: @@ -502,6 +514,10 @@ spec: "n": description: The RSA modulus of this Key Vault Key. type: string + name: + description: Specifies the name of the Key Vault Key. Changing + this forces a new resource to be created. + type: string notBeforeDate: description: Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). type: string diff --git a/package/crds/keyvault.azure.upbound.io_secrets.yaml b/package/crds/keyvault.azure.upbound.io_secrets.yaml index 0ccb46c3d..81b6c87d1 100644 --- a/package/crds/keyvault.azure.upbound.io_secrets.yaml +++ b/package/crds/keyvault.azure.upbound.io_secrets.yaml @@ -150,6 +150,10 @@ spec: type: string type: object type: object + name: + description: Specifies the name of the Key Vault Secret. Changing + this forces a new resource to be created. + type: string notBeforeDate: description: Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). type: string @@ -195,6 +199,10 @@ spec: expirationDate: description: Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). type: string + name: + description: Specifies the name of the Key Vault Secret. Changing + this forces a new resource to be created. + type: string notBeforeDate: description: Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). type: string @@ -366,6 +374,10 @@ spec: - forProvider type: object x-kubernetes-validations: + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' - message: spec.forProvider.valueSecretRef is a required parameter rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.valueSecretRef)' @@ -387,6 +399,10 @@ spec: description: The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. type: string + name: + description: Specifies the name of the Key Vault Secret. Changing + this forces a new resource to be created. + type: string notBeforeDate: description: Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). type: string