Skip to content

Commit

Permalink
Merge pull request #869 from porter-dev/addons/iam-chart
Browse files Browse the repository at this point in the history 
Sync: aws-controllers-k8s/iam-controller - helm
  • Loading branch information
@jose-fully-ported
jose-fully-ported authored Oct 17, 2023
2 parents b8acc39 + 7c3ad79 commit 763a761
Show file tree
Hide file tree
Showing 21 changed files with 2,434 additions and 0 deletions.
18 changes: 18 additions & 0 deletions addons/iam-chart/helm/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
name: iam-chart
description: A Helm chart for the ACK service controller for AWS Identity & Access Management (IAM)
version: 1.2.6
appVersion: 1.2.6
home: https://github.com/aws-controllers-k8s/iam-controller
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
sources:
- https://github.com/aws-controllers-k8s/iam-controller
maintainers:
- name: ACK Admins
url: https://github.com/orgs/aws-controllers-k8s/teams/ack-admin
- name: IAM Admins
url: https://github.com/orgs/aws-controllers-k8s/teams/iam-maintainer
keywords:
- aws
- kubernetes
- iam
166 changes: 166 additions & 0 deletions addons/iam-chart/helm/crds/iam.services.k8s.aws_groups.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: groups.iam.services.k8s.aws
spec:
group: iam.services.k8s.aws
names:
kind: Group
listKind: GroupList
plural: groups
singular: group
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Group is the Schema for the Groups API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: "GroupSpec defines the desired state of Group. \n Contains
information about an IAM group entity. \n This data type is used as
a response element in the following operations: \n - CreateGroup \n
- GetGroup \n - ListGroups"
properties:
inlinePolicies:
additionalProperties:
type: string
type: object
name:
description: "The name of the group to create. Do not include the
path in this value. \n IAM user, group, role, and policy names must
be unique within the account. Names are not distinguished by case.
For example, you cannot create resources named both \"MyResource\"
and \"myresource\"."
type: string
path:
description: "The path to the group. For more information about paths,
see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
in the IAM User Guide. \n This parameter is optional. If it is not
included, it defaults to a slash (/). \n This parameter allows (through
its regex pattern (http://wikipedia.org/wiki/regex)) a string of
characters consisting of either a forward slash (/) by itself or
a string that must begin and end with forward slashes. In addition,
it can contain any ASCII character from the ! (\\u0021) through
the DEL character (\\u007F), including most punctuation characters,
digits, and upper and lowercased letters."
type: string
policies:
items:
type: string
type: array
policyRefs:
items:
description: "AWSResourceReferenceWrapper provides a wrapper around
*AWSResourceReference type to provide more user friendly syntax
for references using 'from' field Ex: APIIDRef: \n from: name:
my-api"
properties:
from:
description: AWSResourceReference provides all the values necessary
to reference another k8s resource for finding the identifier(Id/ARN/Name)
properties:
name:
type: string
type: object
type: object
type: array
required:
- name
type: object
status:
description: GroupStatus defines the observed state of Group
properties:
ackResourceMetadata:
description: All CRs managed by ACK have a common `Status.ACKResourceMetadata`
member that is used to contain resource sync state, account ownership,
constructed ARN for the resource
properties:
arn:
description: 'ARN is the Amazon Resource Name for the resource.
This is a globally-unique identifier and is set only by the
ACK service controller once the controller has orchestrated
the creation of the resource OR when it has verified that an
"adopted" resource (a resource where the ARN annotation was
set by the Kubernetes user on the CR) exists and matches the
supplied CR''s Spec field values. TODO(vijat@): Find a better
strategy for resources that do not have ARN in CreateOutputResponse
https://github.com/aws/aws-controllers-k8s/issues/270'
type: string
ownerAccountID:
description: OwnerAccountID is the AWS Account ID of the account
that owns the backend AWS service API resource.
type: string
region:
description: Region is the AWS region in which the resource exists
or will exist.
type: string
required:
- ownerAccountID
- region
type: object
conditions:
description: All CRS managed by ACK have a common `Status.Conditions`
member that contains a collection of `ackv1alpha1.Condition` objects
that describe the various terminal states of the CR and its backend
AWS service API resource
items:
description: Condition is the common struct used by all CRDs managed
by ACK service controllers to indicate terminal states of the
CR and its backend AWS service API resource
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type is the type of the Condition
type: string
required:
- status
- type
type: object
type: array
createDate:
description: The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
when the group was created.
format: date-time
type: string
groupID:
description: The stable and unique string identifying the group. For
more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
in the IAM User Guide.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
179 changes: 179 additions & 0 deletions addons/iam-chart/helm/crds/iam.services.k8s.aws_openidconnectproviders.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: openidconnectproviders.iam.services.k8s.aws
spec:
group: iam.services.k8s.aws
names:
kind: OpenIDConnectProvider
listKind: OpenIDConnectProviderList
plural: openidconnectproviders
singular: openidconnectprovider
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: OpenIDConnectProvider is the Schema for the OpenIDConnectProviders
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OpenIDConnectProviderSpec defines the desired state of OpenIDConnectProvider.
properties:
clientIDs:
description: "Provides a list of client IDs, also known as audiences.
When a mobile or web app registers with an OpenID Connect provider,
they establish a value that identifies the application. This is
the value that's sent as the client_id parameter on OAuth requests.
\n You can register multiple client IDs with the same provider.
For example, you might have multiple applications that use the same
OIDC provider. You cannot register more than 100 client IDs with
a single IAM OIDC provider. \n There is no defined format for a
client ID. The CreateOpenIDConnectProviderRequest operation accepts
client IDs up to 255 characters long."
items:
type: string
type: array
tags:
description: "A list of tags that you want to attach to the new IAM
OpenID Connect (OIDC) provider. Each tag consists of a key name
and an associated value. For more information about tagging, see
Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
in the IAM User Guide. \n If any one of the tags is invalid or if
you exceed the allowed maximum number of tags, then the entire request
fails and the resource is not created."
items:
description: A structure that represents user-provided metadata
that can be associated with an IAM resource. For more information
about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
in the IAM User Guide.
properties:
key:
type: string
value:
type: string
type: object
type: array
thumbprints:
description: "A list of server certificate thumbprints for the OpenID
Connect (OIDC) identity provider's server certificates. Typically
this list includes only one entry. However, IAM lets you have up
to five thumbprints for an OIDC provider. This lets you maintain
multiple thumbprints if the identity provider is rotating certificates.
\n The server certificate thumbprint is the hex-encoded SHA-1 hash
value of the X.509 certificate used by the domain where the OpenID
Connect provider makes its keys available. It is always a 40-character
string. \n You must provide at least one thumbprint when creating
an IAM OIDC provider. For example, assume that the OIDC provider
is server.example.com and the provider stores its keys at https://keys.server.example.com/openid-connect.
In that case, the thumbprint string would be the hex-encoded SHA-1
hash value of the certificate used by https://keys.server.example.com.
\n For more information about obtaining the OIDC provider thumbprint,
see Obtaining the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html)
in the IAM User Guide."
items:
type: string
type: array
url:
description: "The URL of the identity provider. The URL must begin
with https:// and should correspond to the iss claim in the provider's
OpenID Connect ID tokens. Per the OIDC standard, path components
are allowed but query parameters are not. Typically the URL consists
of only a hostname, like https://server.example.org or https://example.com.
The URL should not contain a port number. \n You cannot register
the same provider multiple times in a single Amazon Web Services
account. If you try to submit a URL that has already been used for
an OpenID Connect provider in the Amazon Web Services account, you
will get an error."
type: string
required:
- thumbprints
- url
type: object
status:
description: OpenIDConnectProviderStatus defines the observed state of
OpenIDConnectProvider
properties:
ackResourceMetadata:
description: All CRs managed by ACK have a common `Status.ACKResourceMetadata`
member that is used to contain resource sync state, account ownership,
constructed ARN for the resource
properties:
arn:
description: 'ARN is the Amazon Resource Name for the resource.
This is a globally-unique identifier and is set only by the
ACK service controller once the controller has orchestrated
the creation of the resource OR when it has verified that an
"adopted" resource (a resource where the ARN annotation was
set by the Kubernetes user on the CR) exists and matches the
supplied CR''s Spec field values. TODO(vijat@): Find a better
strategy for resources that do not have ARN in CreateOutputResponse
https://github.com/aws/aws-controllers-k8s/issues/270'
type: string
ownerAccountID:
description: OwnerAccountID is the AWS Account ID of the account
that owns the backend AWS service API resource.
type: string
region:
description: Region is the AWS region in which the resource exists
or will exist.
type: string
required:
- ownerAccountID
- region
type: object
conditions:
description: All CRS managed by ACK have a common `Status.Conditions`
member that contains a collection of `ackv1alpha1.Condition` objects
that describe the various terminal states of the CR and its backend
AWS service API resource
items:
description: Condition is the common struct used by all CRDs managed
by ACK service controllers to indicate terminal states of the
CR and its backend AWS service API resource
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type is the type of the Condition
type: string
required:
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
Loading

0 comments on commit 763a761

Please sign in to comment.