├── .github └── workflows │ └── create-release.yml ├── .gitignore ├── ATTRIBUTION.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── GOVERNANCE.md ├── LICENSE ├── NOTICE ├── OWNERS ├── OWNERS_ALIASES ├── README.md ├── SECURITY.md ├── apis └── v1alpha1 │ ├── ack-generate-metadata.yaml │ ├── alias.go │ ├── code_signing_config.go │ ├── doc.go │ ├── enums.go │ ├── event_source_mapping.go │ ├── function.go │ ├── function_url_config.go │ ├── generator.yaml │ ├── groupversion_info.go │ ├── layer_version.go │ ├── types.go │ ├── version.go │ └── zz_generated.deepcopy.go ├── cmd └── controller │ └── main.go ├── config ├── controller │ ├── deployment.yaml │ ├── kustomization.yaml │ └── service.yaml ├── crd │ ├── bases │ │ ├── lambda.services.k8s.aws_aliases.yaml │ │ ├── lambda.services.k8s.aws_codesigningconfigs.yaml │ │ ├── lambda.services.k8s.aws_eventsourcemappings.yaml │ │ ├── lambda.services.k8s.aws_functions.yaml │ │ ├── lambda.services.k8s.aws_functionurlconfigs.yaml │ │ ├── lambda.services.k8s.aws_layerversions.yaml │ │ └── lambda.services.k8s.aws_versions.yaml │ ├── common │ │ ├── bases │ │ │ ├── services.k8s.aws_adoptedresources.yaml │ │ │ └── services.k8s.aws_fieldexports.yaml │ │ └── kustomization.yaml │ └── kustomization.yaml ├── default │ └── kustomization.yaml ├── iam │ └── recommended-inline-policy ├── overlays │ └── namespaced │ │ ├── kustomization.yaml │ │ ├── role-binding.json │ │ └── role.json └── rbac │ ├── cluster-role-binding.yaml │ ├── cluster-role-controller.yaml │ ├── kustomization.yaml │ ├── leader-election-role-binding.yaml │ ├── leader-election-role.yaml │ ├── role-reader.yaml │ ├── role-writer.yaml │ └── service-account.yaml ├── documentation.yaml ├── generator.yaml ├── go.mod ├── go.sum ├── helm ├── Chart.yaml ├── crds │ ├── lambda.services.k8s.aws_aliases.yaml │ ├── lambda.services.k8s.aws_codesigningconfigs.yaml │ ├── lambda.services.k8s.aws_eventsourcemappings.yaml │ ├── lambda.services.k8s.aws_functions.yaml │ ├── lambda.services.k8s.aws_functionurlconfigs.yaml │ ├── lambda.services.k8s.aws_layerversions.yaml │ ├── lambda.services.k8s.aws_versions.yaml │ ├── services.k8s.aws_adoptedresources.yaml │ └── services.k8s.aws_fieldexports.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── caches-role-binding.yaml │ ├── caches-role.yaml │ ├── cluster-role-binding.yaml │ ├── cluster-role-controller.yaml │ ├── deployment.yaml │ ├── leader-election-role-binding.yaml │ ├── leader-election-role.yaml │ ├── metrics-service.yaml │ ├── role-reader.yaml │ ├── role-writer.yaml │ └── service-account.yaml ├── values.schema.json └── values.yaml ├── metadata.yaml ├── olm └── olmconfig.yaml ├── pkg ├── resource │ ├── alias │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── hooks.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ └── sdk.go │ ├── code_signing_config │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ └── sdk.go │ ├── event_source_mapping │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── hooks.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ └── sdk.go │ ├── function │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── hooks.go │ │ ├── hooks_test.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ ├── sdk.go │ │ └── tags.go │ ├── function_url_config │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ └── sdk.go │ ├── layer_version │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── hooks.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ └── sdk.go │ ├── registry.go │ └── version │ │ ├── delta.go │ │ ├── descriptor.go │ │ ├── hooks.go │ │ ├── identifiers.go │ │ ├── manager.go │ │ ├── manager_factory.go │ │ ├── references.go │ │ ├── resource.go │ │ └── sdk.go └── version │ └── version.go ├── templates └── hooks │ ├── alias │ ├── sdk_create_post_set_output.go.tpl │ ├── sdk_read_one_post_set_output.go.tpl │ └── sdk_update_pre_build_request.go.tpl │ ├── eventsourcemapping │ └── sdk_update_post_build_request.go.tpl │ ├── function │ ├── sdk_create_post_build_request.go.tpl │ ├── sdk_create_post_set_output.go.tpl │ └── sdk_read_one_post_set_output.go.tpl │ ├── layer_version │ └── sdk_delete_pre_build_request.go.tpl │ └── version │ ├── sdk_create_post_set_output.go.tpl │ ├── sdk_create_pre_build_request.go.tpl │ ├── sdk_create_pre_set_output.go.tpl │ ├── sdk_read_one_post_set_output.go.tpl │ └── sdk_read_one_pre_build_request.go.tpl └── test └── e2e ├── .gitignore ├── __init__.py ├── bootstrap_resources.py ├── conftest.py ├── replacement_values.py ├── requirements.txt ├── resources ├── alias-ref.yaml ├── alias.yaml ├── alias_event_invoke_config.yaml ├── alias_provisioned_concurrency.yaml ├── code_signing_config.yaml ├── event_source_mapping_dynamodb.yaml ├── event_source_mapping_sqs.yaml ├── event_source_mapping_sqs_ref.yaml ├── function.yaml ├── function_architectures.yaml ├── function_code_s3.yaml ├── function_event_invoke_config.yaml ├── function_features.yaml ├── function_layers.yaml ├── function_package_type_image.yaml ├── function_snapstart.yaml ├── function_url_config.yaml ├── function_url_config_ref.yaml ├── lambda_function │ ├── Dockerfile │ ├── Makefile │ ├── main.py │ └── updated_main.py ├── layer_version.yaml ├── version.yaml ├── version_event_invoke_config.yaml ├── version_provisioned_concurrency.yaml ├── version_ref.yaml └── version_with_revision_hash.yaml ├── service_bootstrap.py ├── service_cleanup.py └── tests ├── helper.py ├── test_alias.py ├── test_code_signing_config.py ├── test_event_source_mapping.py ├── test_function.py ├── test_function_url_config.py ├── test_layer_version.py └── test_version.py /.github/workflows/create-release.yml: -------------------------------------------------------------------------------- 1 | name: Create Release 2 | 3 | on: 4 | push: 5 | tags: 6 | - "v*.*.*" 7 | 8 | permissions: 9 | contents: write # For creating releases 10 | 11 | jobs: 12 | call-create-release: 13 | uses: aws-controllers-k8s/.github/.github/workflows/reusable-create-release.yaml@main 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.zip 2 | .DS_Store 3 | *.swp 4 | *~ 5 | .idea 6 | /docs/site 7 | bin 8 | build 9 | go.local.sum 10 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug 4 | report, new feature, correction, or additional documentation, we greatly value 5 | feedback and contributions from our community. 6 | 7 | Please read through this document before submitting any issues or pull requests 8 | to ensure we have all the necessary information to effectively respond to your 9 | bug report or contribution. 10 | 11 | ## Reporting Bugs/Feature Requests 12 | 13 | We welcome you to use the GitHub issue tracker to report bugs or suggest 14 | features. 15 | 16 | When filing an issue, please check existing open, or recently closed, issues to 17 | make sure somebody else hasn't already reported the issue. Please try to 18 | include as much information as you can. Details like these are incredibly 19 | useful: 20 | 21 | * A reproducible test case or series of steps 22 | * The version of our code being used 23 | * Any modifications you've made relevant to the bug 24 | * Anything unusual about your environment or deployment 25 | 26 | ## Contributing via Pull Requests 27 | 28 | Contributions via pull requests are much appreciated. Before sending us a pull 29 | request, please ensure that: 30 | 31 | 1. You are working against the latest source on the *main* branch. 32 | 2. You check existing open, and recently merged, pull requests to make sure 33 | someone else hasn't addressed the problem already. 34 | 3. You open an issue to discuss any significant work - we would hate for your 35 | time to be wasted. 36 | 37 | To send us a pull request, please: 38 | 39 | 1. Fork the repository. 40 | 2. Modify the source; please focus on the specific change you are contributing. 41 | If you also reformat all the code, it will be hard for us to focus on your 42 | change. 43 | 3. Ensure local tests pass. 44 | 4. Commit to your fork using clear commit messages. 45 | 5. Send us a pull request, answering any default questions in the pull request 46 | interface. 47 | 6. Pay attention to any automated CI failures reported in the pull request, and 48 | stay involved in the conversation. 49 | 50 | GitHub provides additional document on [forking a repository][fork] and 51 | [creating a pull request][pr]. 52 | 53 | [fork]: https://help.github.com/articles/fork-a-repo/ 54 | [pr]: https://help.github.com/articles/creating-a-pull-request/ 55 | 56 | ## Finding contributions to work on 57 | 58 | Looking at the existing issues is a great way to find something to contribute 59 | on. As our projects, by default, use the default GitHub issue labels 60 | (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at 61 | any 'help wanted' issues is a great place to start. 62 | 63 | ## Developer documentation 64 | 65 | [See the documentation][dev-docs] for detailed development information. 66 | 67 | [dev-docs]: https://aws-controllers-k8s.github.io/community/docs/contributor-docs/overview/ 68 | 69 | ## Code of Conduct 70 | 71 | We adhere to the [Amazon Open Source Code of Conduct][coc]. 72 | 73 | [coc]: https://aws.github.io/code-of-conduct 74 | 75 | ## Security issue notifications 76 | 77 | If you discover a potential security issue in this project we ask that you 78 | notify AWS/Amazon Security via our [vulnerability reporting page][vuln]. Please 79 | do **not** create a public Github issue. 80 | 81 | [vuln]: http://aws.amazon.com/security/vulnerability-reporting/ 82 | 83 | ## License 84 | 85 | This project is [licensed][./LICENSE] under the Apache-2.0 License. 86 | -------------------------------------------------------------------------------- /GOVERNANCE.md: -------------------------------------------------------------------------------- 1 | # Project governance 2 | 3 | This document lays out the guidelines under which the AWS Controllers for Kubernetes (ACK) project will be governed. 4 | The goal is to make sure that the roles and responsibilities are well defined and clarify on how decisions are made. 5 | 6 | ## Roles 7 | 8 | In the context of ACK, we consider the following roles: 9 | 10 | * __Users__ ... everyone using ACK, typically willing to provide feedback on ACK by proposing features and/or filing issues. 11 | * __Contributors__ ... everyone contributing code, documentation, examples, testing infra, and participating in feature proposals as well as design discussions. Code contributions will require a Developer Certificate of Origin (DCO). 12 | * __Maintainers__ ... are responsible for engaging with and assisting contributors to iterate on the contributions until it reaches acceptable quality. Maintainers can decide whether the contributions can be accepted into the project or rejected. Any active contributor meeting the project quality can be made a Maintainer by the Advisory Board. 13 | * __Advisory Board__ ... is responsible for defining the guidelines and processes that the project operates under. 14 | 15 | The initial members of the Advisory Board are `@jaypipes` and `@mhausenblas`. 16 | 17 | 18 | ## Communication 19 | 20 | The primary mechanism for communication will be via the `#provider-aws` channel on the Kubernetes Slack community. 21 | All features and bug fixes will be tracked as issues in GitHub. All decisions will be documented in GitHub issues. 22 | 23 | In the future, we may consider using a public mailing list, which can be better archived. 24 | 25 | ## Roadmap Planning 26 | 27 | Maintainers will share roadmap and release versions as milestones in GitHub. 28 | 29 | ## Release Management 30 | 31 | The Advisory Board will propose a release management proposal via a GitHub issue and resolve it there. 32 | 33 | ## Other relevant governance resources 34 | 35 | * The ACK [Contributing Guidelines](CONTRIBUTING.md) 36 | * Our [Code of Conduct](CODE_OF_CONDUCT.md) 37 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - core-ack-team -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners#owners_aliases 2 | 3 | aliases: 4 | core-ack-team: 5 | - a-hilaly 6 | - jlbutler 7 | - michaelhtm 8 | - rushmash91 9 | - knottnt 10 | # emeritus-core-ack-team: 11 | # - TiberiuGC 12 | # - jaypipes 13 | # - jljaco 14 | # - mhausenblas 15 | # - RedbackThomson 16 | # - vijtrip2 17 | # - ivelichkovich -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ACK service controller for AWS Lambda 2 | 3 | This repository contains source code for the AWS Controllers for Kubernetes 4 | (ACK) service controller for AWS Lambda. 5 | 6 | Please [log issues][ack-issues] and feedback on the main AWS Controllers for 7 | Kubernetes Github project. 8 | 9 | [ack-issues]: https://github.com/aws-controllers-k8s/community/issues 10 | 11 | ## Contributing 12 | 13 | We welcome community contributions and pull requests. 14 | 15 | See our [contribution guide](/CONTRIBUTING.md) for more information on how to 16 | report issues, set up a development environment, and submit code. 17 | 18 | We adhere to the [Amazon Open Source Code of Conduct][coc]. 19 | 20 | You can also learn more about our [Governance](/GOVERNANCE.md) structure. 21 | 22 | [coc]: https://aws.github.io/code-of-conduct 23 | 24 | ## License 25 | 26 | This project is [licensed](/LICENSE) under the Apache-2.0 License. 27 | 28 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security issue notifications 2 | 3 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 4 | -------------------------------------------------------------------------------- /apis/v1alpha1/ack-generate-metadata.yaml: -------------------------------------------------------------------------------- 1 | ack_generate_info: 2 | build_date: "2025-06-02T18:59:43Z" 3 | build_hash: abd45b45e7726b7893641afaeae805281358e684 4 | go_version: go1.24.2 5 | version: v0.47.2 6 | api_directory_checksum: f450e33f8433d18a9b5ac9dbecc6d2652d4f8513 7 | api_version: v1alpha1 8 | aws_sdk_go_version: v1.32.6 9 | generator_config_info: 10 | file_checksum: cf02b1eaffba7c5446d3fbfed24ba7496ae1cf4e 11 | original_file_name: generator.yaml 12 | last_modification: 13 | reason: API generation 14 | -------------------------------------------------------------------------------- /apis/v1alpha1/alias.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package v1alpha1 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | ) 22 | 23 | // AliasSpec defines the desired state of Alias. 24 | // 25 | 26 | type AliasSpec struct { 27 | 28 | // A description of the alias. 29 | Description *string `json:"description,omitempty"` 30 | // Configures options for asynchronous invocation on an alias. 31 | // 32 | // - DestinationConfig 33 | // A destination for events after they have been sent to a function for processing. 34 | // 35 | // Types of Destinations: 36 | // Function - The Amazon Resource Name (ARN) of a Lambda function. 37 | // Queue - The ARN of a standard SQS queue. 38 | // Topic - The ARN of a standard SNS topic. 39 | // Event Bus - The ARN of an Amazon EventBridge event bus. 40 | // 41 | // - MaximumEventAgeInSeconds 42 | // The maximum age of a request that Lambda sends to a function for processing. 43 | // 44 | // - MaximumRetryAttempts 45 | // The maximum number of times to retry when the function returns an error. 46 | FunctionEventInvokeConfig *PutFunctionEventInvokeConfigInput `json:"functionEventInvokeConfig,omitempty"` 47 | // The name or ARN of the Lambda function. 48 | // 49 | // Name formats 50 | // 51 | // - Function name - MyFunction. 52 | // 53 | // - Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction. 54 | // 55 | // - Partial ARN - 123456789012:function:MyFunction. 56 | // 57 | // The length constraint applies only to the full ARN. If you specify only the 58 | // function name, it is limited to 64 characters in length. 59 | // 60 | // Regex Pattern: `^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$` 61 | FunctionName *string `json:"functionName,omitempty"` 62 | FunctionRef *ackv1alpha1.AWSResourceReferenceWrapper `json:"functionRef,omitempty"` 63 | // The function version that the alias invokes. 64 | // 65 | // Regex Pattern: `^(\$LATEST|[0-9]+)$` 66 | // +kubebuilder:validation:Required 67 | FunctionVersion *string `json:"functionVersion"` 68 | // The name of the alias. 69 | // 70 | // Regex Pattern: `^(?!^[0-9]+$)([a-zA-Z0-9-_]+)$` 71 | // +kubebuilder:validation:Required 72 | Name *string `json:"name"` 73 | // Permissions configures a set of Lambda permissions to grant to an alias. 74 | Permissions []*AddPermissionInput `json:"permissions,omitempty"` 75 | // Configures provisioned concurrency to a function's alias 76 | // 77 | // - ProvisionedConcurrentExecutions 78 | // The amount of provisioned concurrency to allocate for the version or alias. 79 | // Minimum value of 1 is required 80 | ProvisionedConcurrencyConfig *PutProvisionedConcurrencyConfigInput `json:"provisionedConcurrencyConfig,omitempty"` 81 | // The routing configuration (https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html#configuring-alias-routing) 82 | // of the alias. 83 | RoutingConfig *AliasRoutingConfiguration `json:"routingConfig,omitempty"` 84 | } 85 | 86 | // AliasStatus defines the observed state of Alias 87 | type AliasStatus struct { 88 | // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member 89 | // that is used to contain resource sync state, account ownership, 90 | // constructed ARN for the resource 91 | // +kubebuilder:validation:Optional 92 | ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` 93 | // All CRs managed by ACK have a common `Status.Conditions` member that 94 | // contains a collection of `ackv1alpha1.Condition` objects that describe 95 | // the various terminal states of the CR and its backend AWS service API 96 | // resource 97 | // +kubebuilder:validation:Optional 98 | Conditions []*ackv1alpha1.Condition `json:"conditions"` 99 | // A unique identifier that changes when you update the alias. 100 | // +kubebuilder:validation:Optional 101 | RevisionID *string `json:"revisionID,omitempty"` 102 | } 103 | 104 | // Alias is the Schema for the Aliases API 105 | // +kubebuilder:object:root=true 106 | // +kubebuilder:subresource:status 107 | type Alias struct { 108 | metav1.TypeMeta `json:",inline"` 109 | metav1.ObjectMeta `json:"metadata,omitempty"` 110 | Spec AliasSpec `json:"spec,omitempty"` 111 | Status AliasStatus `json:"status,omitempty"` 112 | } 113 | 114 | // AliasList contains a list of Alias 115 | // +kubebuilder:object:root=true 116 | type AliasList struct { 117 | metav1.TypeMeta `json:",inline"` 118 | metav1.ListMeta `json:"metadata,omitempty"` 119 | Items []Alias `json:"items"` 120 | } 121 | 122 | func init() { 123 | SchemeBuilder.Register(&Alias{}, &AliasList{}) 124 | } 125 | -------------------------------------------------------------------------------- /apis/v1alpha1/code_signing_config.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package v1alpha1 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | ) 22 | 23 | // CodeSigningConfigSpec defines the desired state of CodeSigningConfig. 24 | // 25 | // Details about a Code signing configuration (https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html). 26 | type CodeSigningConfigSpec struct { 27 | 28 | // Signing profiles for this code signing configuration. 29 | // +kubebuilder:validation:Required 30 | AllowedPublishers *AllowedPublishers `json:"allowedPublishers"` 31 | // The code signing policies define the actions to take if the validation checks 32 | // fail. 33 | CodeSigningPolicies *CodeSigningPolicies `json:"codeSigningPolicies,omitempty"` 34 | // Descriptive name for this code signing configuration. 35 | Description *string `json:"description,omitempty"` 36 | } 37 | 38 | // CodeSigningConfigStatus defines the observed state of CodeSigningConfig 39 | type CodeSigningConfigStatus struct { 40 | // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member 41 | // that is used to contain resource sync state, account ownership, 42 | // constructed ARN for the resource 43 | // +kubebuilder:validation:Optional 44 | ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` 45 | // All CRs managed by ACK have a common `Status.Conditions` member that 46 | // contains a collection of `ackv1alpha1.Condition` objects that describe 47 | // the various terminal states of the CR and its backend AWS service API 48 | // resource 49 | // +kubebuilder:validation:Optional 50 | Conditions []*ackv1alpha1.Condition `json:"conditions"` 51 | // Unique identifer for the Code signing configuration. 52 | // 53 | // Regex Pattern: `^csc-[a-zA-Z0-9-_\.]{17}$` 54 | // +kubebuilder:validation:Optional 55 | CodeSigningConfigID *string `json:"codeSigningConfigID,omitempty"` 56 | // The date and time that the Code signing configuration was last modified, 57 | // in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD). 58 | // +kubebuilder:validation:Optional 59 | LastModified *string `json:"lastModified,omitempty"` 60 | } 61 | 62 | // CodeSigningConfig is the Schema for the CodeSigningConfigs API 63 | // +kubebuilder:object:root=true 64 | // +kubebuilder:subresource:status 65 | type CodeSigningConfig struct { 66 | metav1.TypeMeta `json:",inline"` 67 | metav1.ObjectMeta `json:"metadata,omitempty"` 68 | Spec CodeSigningConfigSpec `json:"spec,omitempty"` 69 | Status CodeSigningConfigStatus `json:"status,omitempty"` 70 | } 71 | 72 | // CodeSigningConfigList contains a list of CodeSigningConfig 73 | // +kubebuilder:object:root=true 74 | type CodeSigningConfigList struct { 75 | metav1.TypeMeta `json:",inline"` 76 | metav1.ListMeta `json:"metadata,omitempty"` 77 | Items []CodeSigningConfig `json:"items"` 78 | } 79 | 80 | func init() { 81 | SchemeBuilder.Register(&CodeSigningConfig{}, &CodeSigningConfigList{}) 82 | } 83 | -------------------------------------------------------------------------------- /apis/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | // +k8s:deepcopy-gen=package 2 | // Package v1alpha1 is the v1alpha1 version of the lambda.services.k8s.aws API. 3 | // +groupName=lambda.services.k8s.aws 4 | package v1alpha1 5 | -------------------------------------------------------------------------------- /apis/v1alpha1/function_url_config.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package v1alpha1 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | ) 22 | 23 | // FunctionUrlConfigSpec defines the desired state of FunctionUrlConfig. 24 | // 25 | // Details about a Lambda function URL. 26 | type FunctionURLConfigSpec struct { 27 | 28 | // The type of authentication that your function URL uses. Set to AWS_IAM if 29 | // you want to restrict access to authenticated users only. Set to NONE if you 30 | // want to bypass IAM authentication to create a public endpoint. For more information, 31 | // see Security and auth model for Lambda function URLs (https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). 32 | // +kubebuilder:validation:Required 33 | AuthType *string `json:"authType"` 34 | // The cross-origin resource sharing (CORS) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) 35 | // settings for your function URL. 36 | CORS *CORS `json:"cors,omitempty"` 37 | // The name or ARN of the Lambda function. 38 | // 39 | // Name formats 40 | // 41 | // - Function name – my-function. 42 | // 43 | // - Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function. 44 | // 45 | // - Partial ARN – 123456789012:function:my-function. 46 | // 47 | // The length constraint applies only to the full ARN. If you specify only the 48 | // function name, it is limited to 64 characters in length. 49 | // 50 | // Regex Pattern: `^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$` 51 | FunctionName *string `json:"functionName,omitempty"` 52 | FunctionRef *ackv1alpha1.AWSResourceReferenceWrapper `json:"functionRef,omitempty"` 53 | // The alias name. 54 | // 55 | // Regex Pattern: `^(^\$LATEST$)|((?!^[0-9]+$)([a-zA-Z0-9-_]+))$` 56 | Qualifier *string `json:"qualifier,omitempty"` 57 | } 58 | 59 | // FunctionURLConfigStatus defines the observed state of FunctionURLConfig 60 | type FunctionURLConfigStatus struct { 61 | // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member 62 | // that is used to contain resource sync state, account ownership, 63 | // constructed ARN for the resource 64 | // +kubebuilder:validation:Optional 65 | ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` 66 | // All CRs managed by ACK have a common `Status.Conditions` member that 67 | // contains a collection of `ackv1alpha1.Condition` objects that describe 68 | // the various terminal states of the CR and its backend AWS service API 69 | // resource 70 | // +kubebuilder:validation:Optional 71 | Conditions []*ackv1alpha1.Condition `json:"conditions"` 72 | // When the function URL was created, in ISO-8601 format (https://www.w3.org/TR/NOTE-datetime) 73 | // (YYYY-MM-DDThh:mm:ss.sTZD). 74 | // +kubebuilder:validation:Optional 75 | CreationTime *string `json:"creationTime,omitempty"` 76 | // The Amazon Resource Name (ARN) of your function. 77 | // 78 | // Regex Pattern: `^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\d{1}:\d{12}:function:[a-zA-Z0-9-_]+(:(\$LATEST|[a-zA-Z0-9-_]+))?$` 79 | // +kubebuilder:validation:Optional 80 | FunctionARN *string `json:"functionARN,omitempty"` 81 | // The HTTP URL endpoint for your function. 82 | // +kubebuilder:validation:Optional 83 | FunctionURL *string `json:"functionURL,omitempty"` 84 | } 85 | 86 | // FunctionURLConfig is the Schema for the FunctionURLConfigs API 87 | // +kubebuilder:object:root=true 88 | // +kubebuilder:subresource:status 89 | type FunctionURLConfig struct { 90 | metav1.TypeMeta `json:",inline"` 91 | metav1.ObjectMeta `json:"metadata,omitempty"` 92 | Spec FunctionURLConfigSpec `json:"spec,omitempty"` 93 | Status FunctionURLConfigStatus `json:"status,omitempty"` 94 | } 95 | 96 | // FunctionURLConfigList contains a list of FunctionURLConfig 97 | // +kubebuilder:object:root=true 98 | type FunctionURLConfigList struct { 99 | metav1.TypeMeta `json:",inline"` 100 | metav1.ListMeta `json:"metadata,omitempty"` 101 | Items []FunctionURLConfig `json:"items"` 102 | } 103 | 104 | func init() { 105 | SchemeBuilder.Register(&FunctionURLConfig{}, &FunctionURLConfigList{}) 106 | } 107 | -------------------------------------------------------------------------------- /apis/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package v1alpha1 17 | 18 | import ( 19 | "k8s.io/apimachinery/pkg/runtime/schema" 20 | "sigs.k8s.io/controller-runtime/pkg/scheme" 21 | ) 22 | 23 | var ( 24 | // GroupVersion is the API Group Version used to register the objects 25 | GroupVersion = schema.GroupVersion{Group: "lambda.services.k8s.aws", Version: "v1alpha1"} 26 | 27 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 28 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 29 | 30 | // AddToScheme adds the types in this group-version to the given scheme. 31 | AddToScheme = SchemeBuilder.AddToScheme 32 | ) 33 | -------------------------------------------------------------------------------- /apis/v1alpha1/layer_version.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package v1alpha1 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | ) 22 | 23 | // LayerVersionSpec defines the desired state of LayerVersion. 24 | type LayerVersionSpec struct { 25 | 26 | // A list of compatible instruction set architectures (https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html). 27 | CompatibleArchitectures []*string `json:"compatibleArchitectures,omitempty"` 28 | // A list of compatible function runtimes (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). 29 | // Used for filtering with ListLayers and ListLayerVersions. 30 | // 31 | // The following list includes deprecated runtimes. For more information, see 32 | // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). 33 | CompatibleRuntimes []*string `json:"compatibleRuntimes,omitempty"` 34 | // The function layer archive. 35 | // +kubebuilder:validation:Required 36 | Content *LayerVersionContentInput `json:"content"` 37 | // The description of the version. 38 | Description *string `json:"description,omitempty"` 39 | // The name or Amazon Resource Name (ARN) of the layer. 40 | // 41 | // Regex Pattern: `^(arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+)|[a-zA-Z0-9-_]+$` 42 | // +kubebuilder:validation:Required 43 | LayerName *string `json:"layerName"` 44 | // The layer's software license. It can be any of the following: 45 | // 46 | // - An SPDX license identifier (https://spdx.org/licenses/). For example, 47 | // MIT. 48 | // 49 | // - The URL of a license hosted on the internet. For example, https://opensource.org/licenses/MIT. 50 | // 51 | // - The full text of the license. 52 | LicenseInfo *string `json:"licenseInfo,omitempty"` 53 | } 54 | 55 | // LayerVersionStatus defines the observed state of LayerVersion 56 | type LayerVersionStatus struct { 57 | // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member 58 | // that is used to contain resource sync state, account ownership, 59 | // constructed ARN for the resource 60 | // +kubebuilder:validation:Optional 61 | ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` 62 | // All CRs managed by ACK have a common `Status.Conditions` member that 63 | // contains a collection of `ackv1alpha1.Condition` objects that describe 64 | // the various terminal states of the CR and its backend AWS service API 65 | // resource 66 | // +kubebuilder:validation:Optional 67 | Conditions []*ackv1alpha1.Condition `json:"conditions"` 68 | // The date that the layer version was created, in ISO-8601 format (https://www.w3.org/TR/NOTE-datetime) 69 | // (YYYY-MM-DDThh:mm:ss.sTZD). 70 | // +kubebuilder:validation:Optional 71 | CreatedDate *string `json:"createdDate,omitempty"` 72 | // The ARN of the layer. 73 | // 74 | // Regex Pattern: `^arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+$` 75 | // +kubebuilder:validation:Optional 76 | LayerARN *string `json:"layerARN,omitempty"` 77 | // The version number. 78 | // +kubebuilder:validation:Optional 79 | VersionNumber *int64 `json:"versionNumber,omitempty"` 80 | } 81 | 82 | // LayerVersion is the Schema for the LayerVersions API 83 | // +kubebuilder:object:root=true 84 | // +kubebuilder:subresource:status 85 | type LayerVersion struct { 86 | metav1.TypeMeta `json:",inline"` 87 | metav1.ObjectMeta `json:"metadata,omitempty"` 88 | Spec LayerVersionSpec `json:"spec,omitempty"` 89 | Status LayerVersionStatus `json:"status,omitempty"` 90 | } 91 | 92 | // LayerVersionList contains a list of LayerVersion 93 | // +kubebuilder:object:root=true 94 | type LayerVersionList struct { 95 | metav1.TypeMeta `json:",inline"` 96 | metav1.ListMeta `json:"metadata,omitempty"` 97 | Items []LayerVersion `json:"items"` 98 | } 99 | 100 | func init() { 101 | SchemeBuilder.Register(&LayerVersion{}, &LayerVersionList{}) 102 | } 103 | -------------------------------------------------------------------------------- /config/controller/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ack-system 5 | --- 6 | apiVersion: apps/v1 7 | kind: Deployment 8 | metadata: 9 | name: ack-lambda-controller 10 | namespace: ack-system 11 | labels: 12 | app.kubernetes.io/name: ack-lambda-controller 13 | app.kubernetes.io/part-of: ack-system 14 | spec: 15 | selector: 16 | matchLabels: 17 | app.kubernetes.io/name: ack-lambda-controller 18 | replicas: 1 19 | template: 20 | metadata: 21 | labels: 22 | app.kubernetes.io/name: ack-lambda-controller 23 | spec: 24 | containers: 25 | - command: 26 | - ./bin/controller 27 | args: 28 | - --aws-region 29 | - "$(AWS_REGION)" 30 | - --aws-endpoint-url 31 | - "$(AWS_ENDPOINT_URL)" 32 | - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) 33 | - --log-level 34 | - "$(ACK_LOG_LEVEL)" 35 | - --resource-tags 36 | - "$(ACK_RESOURCE_TAGS)" 37 | - --watch-namespace 38 | - "$(ACK_WATCH_NAMESPACE)" 39 | - --enable-leader-election=$(ENABLE_LEADER_ELECTION) 40 | - --leader-election-namespace 41 | - "$(LEADER_ELECTION_NAMESPACE)" 42 | - --reconcile-default-max-concurrent-syncs 43 | - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" 44 | - --feature-gates 45 | - "$(FEATURE_GATES)" 46 | image: controller:latest 47 | name: controller 48 | ports: 49 | - name: http 50 | containerPort: 8080 51 | resources: 52 | limits: 53 | cpu: 100m 54 | memory: 300Mi 55 | requests: 56 | cpu: 100m 57 | memory: 200Mi 58 | env: 59 | - name: ACK_SYSTEM_NAMESPACE 60 | valueFrom: 61 | fieldRef: 62 | fieldPath: metadata.namespace 63 | - name: AWS_REGION 64 | value: "" 65 | - name: AWS_ENDPOINT_URL 66 | value: "" 67 | - name: ACK_WATCH_NAMESPACE 68 | value: "" 69 | - name: ACK_ENABLE_DEVELOPMENT_LOGGING 70 | value: "false" 71 | - name: ACK_LOG_LEVEL 72 | value: "info" 73 | - name: ACK_RESOURCE_TAGS 74 | value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%" 75 | - name: ENABLE_LEADER_ELECTION 76 | value: "false" 77 | - name: LEADER_ELECTION_NAMESPACE 78 | value: "ack-system" 79 | - name: "RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS" 80 | value: "1" 81 | - name: "FEATURE_GATES" 82 | value: "" 83 | securityContext: 84 | allowPrivilegeEscalation: false 85 | privileged: false 86 | runAsNonRoot: true 87 | capabilities: 88 | drop: 89 | - ALL 90 | livenessProbe: 91 | httpGet: 92 | path: /healthz 93 | port: 8081 94 | initialDelaySeconds: 15 95 | periodSeconds: 20 96 | readinessProbe: 97 | httpGet: 98 | path: /readyz 99 | port: 8081 100 | initialDelaySeconds: 5 101 | periodSeconds: 10 102 | securityContext: 103 | seccompProfile: 104 | type: RuntimeDefault 105 | terminationGracePeriodSeconds: 10 106 | serviceAccountName: ack-lambda-controller 107 | hostIPC: false 108 | hostPID: false 109 | hostNetwork: false 110 | dnsPolicy: ClusterFirst 111 | -------------------------------------------------------------------------------- /config/controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - deployment.yaml 3 | - service.yaml 4 | apiVersion: kustomize.config.k8s.io/v1beta1 5 | kind: Kustomization 6 | images: 7 | - name: controller 8 | newName: public.ecr.aws/aws-controllers-k8s/lambda-controller 9 | newTag: 1.7.3 10 | -------------------------------------------------------------------------------- /config/controller/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: ack-lambda-metrics-service 5 | namespace: ack-system 6 | spec: 7 | selector: 8 | app.kubernetes.io/name: ack-lambda-controller 9 | ports: 10 | - name: metricsport 11 | port: 8080 12 | targetPort: http 13 | protocol: TCP 14 | type: NodePort 15 | -------------------------------------------------------------------------------- /config/crd/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Code generated in runtime. DO NOT EDIT. 2 | 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - bases/services.k8s.aws_adoptedresources.yaml 7 | - bases/services.k8s.aws_fieldexports.yaml 8 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - common 5 | - bases/lambda.services.k8s.aws_aliases.yaml 6 | - bases/lambda.services.k8s.aws_codesigningconfigs.yaml 7 | - bases/lambda.services.k8s.aws_eventsourcemappings.yaml 8 | - bases/lambda.services.k8s.aws_functions.yaml 9 | - bases/lambda.services.k8s.aws_functionurlconfigs.yaml 10 | - bases/lambda.services.k8s.aws_layerversions.yaml 11 | - bases/lambda.services.k8s.aws_versions.yaml 12 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | # namespace: 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | # namePrefix: 10 | 11 | # Labels to add to all resources and selectors. 12 | #commonLabels: 13 | # someName: someValue 14 | 15 | resources: 16 | - ../crd 17 | - ../rbac 18 | - ../controller 19 | 20 | patchesStrategicMerge: 21 | -------------------------------------------------------------------------------- /config/iam/recommended-inline-policy: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "lambda:*", 8 | "s3:Get*", 9 | "ecr:Get*", 10 | "ecr:BatchGet*", 11 | "ec2:DescribeSecurityGroups", 12 | "ec2:DescribeSubnets", 13 | "ec2:DescribeVpcs" 14 | ], 15 | "Resource": "*" 16 | }, 17 | { 18 | "Action": "iam:PassRole", 19 | "Condition": { 20 | "StringEquals": { 21 | "iam:PassedToService": "lambda.amazonaws.com" 22 | } 23 | }, 24 | "Effect": "Allow", 25 | "Resource": "*" 26 | } 27 | ] 28 | } 29 | -------------------------------------------------------------------------------- /config/overlays/namespaced/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../default 3 | patches: 4 | - path: role.json 5 | target: 6 | group: rbac.authorization.k8s.io 7 | version: v1 8 | kind: ClusterRole 9 | name: ack-lambda-controller 10 | - path: role-binding.json 11 | target: 12 | group: rbac.authorization.k8s.io 13 | version: v1 14 | kind: ClusterRoleBinding 15 | name: ack-lambda-controller-rolebinding -------------------------------------------------------------------------------- /config/overlays/namespaced/role-binding.json: -------------------------------------------------------------------------------- 1 | [{"op": "replace", "path": "/kind", "value": "RoleBinding"}, 2 | {"op": "add", "path": "/metadata/namespace", "value": "ack-system"}, 3 | {"op": "replace", "path": "/roleRef/kind", "value": "Role"}] -------------------------------------------------------------------------------- /config/overlays/namespaced/role.json: -------------------------------------------------------------------------------- 1 | [{"op": "replace", "path": "/kind", "value": "Role"}, 2 | {"op": "add", "path": "/metadata/namespace", "value": "ack-system"}] -------------------------------------------------------------------------------- /config/rbac/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: ack-lambda-controller-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: ack-lambda-controller 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ack-lambda-controller 12 | namespace: ack-system 13 | -------------------------------------------------------------------------------- /config/rbac/cluster-role-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: ack-lambda-controller 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | - secrets 12 | verbs: 13 | - get 14 | - list 15 | - patch 16 | - watch 17 | - apiGroups: 18 | - "" 19 | resources: 20 | - namespaces 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | - apiGroups: 26 | - ec2.services.k8s.aws 27 | resources: 28 | - securitygroups 29 | - securitygroups/status 30 | - subnets 31 | - subnets/status 32 | verbs: 33 | - get 34 | - list 35 | - apiGroups: 36 | - iam.services.k8s.aws 37 | resources: 38 | - roles 39 | - roles/status 40 | verbs: 41 | - get 42 | - list 43 | - apiGroups: 44 | - kafka.services.k8s.aws 45 | resources: 46 | - clusters 47 | - clusters/status 48 | verbs: 49 | - get 50 | - list 51 | - apiGroups: 52 | - kms.services.k8s.aws 53 | resources: 54 | - keys 55 | - keys/status 56 | verbs: 57 | - get 58 | - list 59 | - apiGroups: 60 | - lambda.services.k8s.aws 61 | resources: 62 | - aliases 63 | - codesigningconfigs 64 | - eventsourcemappings 65 | - functions 66 | - functionurlconfigs 67 | - layerversions 68 | - versions 69 | verbs: 70 | - create 71 | - delete 72 | - get 73 | - list 74 | - patch 75 | - update 76 | - watch 77 | - apiGroups: 78 | - lambda.services.k8s.aws 79 | resources: 80 | - aliases/status 81 | - codesigningconfigs/status 82 | - eventsourcemappings/status 83 | - functions/status 84 | - functionurlconfigs/status 85 | - layerversions/status 86 | - versions/status 87 | verbs: 88 | - get 89 | - patch 90 | - update 91 | - apiGroups: 92 | - mq.services.k8s.aws 93 | resources: 94 | - brokers 95 | - brokers/status 96 | verbs: 97 | - get 98 | - list 99 | - apiGroups: 100 | - s3.services.k8s.aws 101 | resources: 102 | - buckets 103 | - buckets/status 104 | verbs: 105 | - get 106 | - list 107 | - apiGroups: 108 | - services.k8s.aws 109 | resources: 110 | - adoptedresources 111 | - fieldexports 112 | verbs: 113 | - create 114 | - delete 115 | - get 116 | - list 117 | - patch 118 | - update 119 | - watch 120 | - apiGroups: 121 | - services.k8s.aws 122 | resources: 123 | - adoptedresources/status 124 | - fieldexports/status 125 | verbs: 126 | - get 127 | - patch 128 | - update 129 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-role-binding.yaml 3 | - cluster-role-controller.yaml 4 | - role-reader.yaml 5 | - role-writer.yaml 6 | - service-account.yaml 7 | - leader-election-role.yaml 8 | - leader-election-role-binding.yaml 9 | -------------------------------------------------------------------------------- /config/rbac/leader-election-role-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | namespace: ack-system 6 | name: lambda-leader-election-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: lambda-leader-election-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: ack-lambda-controller 14 | namespace: ack-system 15 | -------------------------------------------------------------------------------- /config/rbac/leader-election-role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: lambda-leader-election-role 6 | namespace: ack-system 7 | rules: 8 | - apiGroups: 9 | - coordination.k8s.io 10 | resources: 11 | - leases 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - create 17 | - update 18 | - patch 19 | - delete 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - events 24 | verbs: 25 | - create 26 | - patch 27 | -------------------------------------------------------------------------------- /config/rbac/role-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | creationTimestamp: null 6 | name: ack-lambda-reader 7 | namespace: default 8 | rules: 9 | - apiGroups: 10 | - lambda.services.k8s.aws 11 | resources: 12 | - aliases 13 | - codesigningconfigs 14 | - eventsourcemappings 15 | - functions 16 | - functionurlconfigs 17 | - layerversions 18 | - versions 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | -------------------------------------------------------------------------------- /config/rbac/role-writer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | creationTimestamp: null 6 | name: ack-lambda-writer 7 | namespace: default 8 | rules: 9 | - apiGroups: 10 | - lambda.services.k8s.aws 11 | resources: 12 | - aliases 13 | - codesigningconfigs 14 | - eventsourcemappings 15 | - functions 16 | - functionurlconfigs 17 | - layerversions 18 | - versions 19 | verbs: 20 | - create 21 | - delete 22 | - get 23 | - list 24 | - patch 25 | - update 26 | - watch 27 | - apiGroups: 28 | - lambda.services.k8s.aws 29 | resources: 30 | - aliases 31 | - codesigningconfigs 32 | - eventsourcemappings 33 | - functions 34 | - functionurlconfigs 35 | - layerversions 36 | - versions 37 | verbs: 38 | - get 39 | - patch 40 | - update 41 | -------------------------------------------------------------------------------- /config/rbac/service-account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: ack-lambda-controller 6 | namespace: ack-system 7 | -------------------------------------------------------------------------------- /documentation.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | Function: 3 | fields: 4 | FunctionEventInvokeConfig: 5 | prepend: | 6 | Configures options for asynchronous invocation on a function. 7 | 8 | - DestinationConfig 9 | A destination for events after they have been sent to a function for processing. 10 | 11 | Types of Destinations: 12 | Function - The Amazon Resource Name (ARN) of a Lambda function. 13 | Queue - The ARN of a standard SQS queue. 14 | Topic - The ARN of a standard SNS topic. 15 | Event Bus - The ARN of an Amazon EventBridge event bus. 16 | 17 | - MaximumEventAgeInSeconds 18 | The maximum age of a request that Lambda sends to a function for processing. 19 | 20 | - MaximumRetryAttempts 21 | The maximum number of times to retry when the function returns an error. 22 | Alias: 23 | fields: 24 | Permissions: 25 | prepend: Permissions configures a set of Lambda permissions to grant to an alias. 26 | FunctionEventInvokeConfig: 27 | prepend: | 28 | Configures options for asynchronous invocation on an alias. 29 | 30 | - DestinationConfig 31 | A destination for events after they have been sent to a function for processing. 32 | 33 | Types of Destinations: 34 | Function - The Amazon Resource Name (ARN) of a Lambda function. 35 | Queue - The ARN of a standard SQS queue. 36 | Topic - The ARN of a standard SNS topic. 37 | Event Bus - The ARN of an Amazon EventBridge event bus. 38 | 39 | - MaximumEventAgeInSeconds 40 | The maximum age of a request that Lambda sends to a function for processing. 41 | 42 | - MaximumRetryAttempts 43 | The maximum number of times to retry when the function returns an error. 44 | 45 | ProvisionedConcurrencyConfig: 46 | prepend: | 47 | Configures provisioned concurrency to a function's alias 48 | 49 | - ProvisionedConcurrentExecutions 50 | The amount of provisioned concurrency to allocate for the version or alias. 51 | Minimum value of 1 is required -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/aws-controllers-k8s/lambda-controller 2 | 3 | go 1.24.0 4 | 5 | toolchain go1.24.1 6 | 7 | require ( 8 | github.com/aws-controllers-k8s/ec2-controller v0.0.21 9 | github.com/aws-controllers-k8s/iam-controller v1.2.3 10 | github.com/aws-controllers-k8s/kafka-controller v0.0.0-20230615185632-102279061de1 11 | github.com/aws-controllers-k8s/kms-controller v0.1.2 12 | github.com/aws-controllers-k8s/mq-controller v0.0.22 13 | github.com/aws-controllers-k8s/runtime v0.47.0 14 | github.com/aws-controllers-k8s/s3-controller v0.1.5 15 | github.com/aws/aws-sdk-go v1.49.0 16 | github.com/aws/aws-sdk-go-v2 v1.34.0 17 | github.com/aws/aws-sdk-go-v2/service/lambda v1.69.8 18 | github.com/aws/smithy-go v1.22.2 19 | github.com/go-logr/logr v1.4.2 20 | github.com/micahhausler/aws-iam-policy v0.4.2 21 | github.com/spf13/pflag v1.0.5 22 | k8s.io/api v0.32.1 23 | k8s.io/apimachinery v0.32.1 24 | k8s.io/client-go v0.32.1 25 | sigs.k8s.io/controller-runtime v0.20.4 26 | ) 27 | 28 | require ( 29 | github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 // indirect 30 | github.com/aws/aws-sdk-go-v2/config v1.28.6 // indirect 31 | github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect 32 | github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect 33 | github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.29 // indirect 34 | github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.29 // indirect 35 | github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect 36 | github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect 37 | github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect 38 | github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect 39 | github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect 40 | github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect 41 | github.com/beorn7/perks v1.0.1 // indirect 42 | github.com/cenkalti/backoff/v4 v4.3.0 // indirect 43 | github.com/cespare/xxhash/v2 v2.3.0 // indirect 44 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 45 | github.com/emicklei/go-restful/v3 v3.11.0 // indirect 46 | github.com/evanphx/json-patch/v5 v5.9.11 // indirect 47 | github.com/fsnotify/fsnotify v1.7.0 // indirect 48 | github.com/fxamacker/cbor/v2 v2.7.0 // indirect 49 | github.com/go-logr/zapr v1.3.0 // indirect 50 | github.com/go-openapi/jsonpointer v0.21.0 // indirect 51 | github.com/go-openapi/jsonreference v0.20.2 // indirect 52 | github.com/go-openapi/swag v0.23.0 // indirect 53 | github.com/gogo/protobuf v1.3.2 // indirect 54 | github.com/golang/protobuf v1.5.4 // indirect 55 | github.com/google/btree v1.1.3 // indirect 56 | github.com/google/gnostic-models v0.6.8 // indirect 57 | github.com/google/go-cmp v0.6.0 // indirect 58 | github.com/google/gofuzz v1.2.0 // indirect 59 | github.com/google/uuid v1.6.0 // indirect 60 | github.com/itchyny/gojq v0.12.6 // indirect 61 | github.com/itchyny/timefmt-go v0.1.3 // indirect 62 | github.com/jaypipes/envutil v1.0.0 // indirect 63 | github.com/jmespath/go-jmespath v0.4.0 // indirect 64 | github.com/josharian/intern v1.0.0 // indirect 65 | github.com/json-iterator/go v1.1.12 // indirect 66 | github.com/mailru/easyjson v0.7.7 // indirect 67 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 68 | github.com/modern-go/reflect2 v1.0.2 // indirect 69 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 70 | github.com/pkg/errors v0.9.1 // indirect 71 | github.com/prometheus/client_golang v1.19.1 // indirect 72 | github.com/prometheus/client_model v0.6.1 // indirect 73 | github.com/prometheus/common v0.55.0 // indirect 74 | github.com/prometheus/procfs v0.15.1 // indirect 75 | github.com/samber/lo v1.37.0 // indirect 76 | github.com/x448/float16 v0.8.4 // indirect 77 | go.uber.org/multierr v1.11.0 // indirect 78 | go.uber.org/zap v1.27.0 // indirect 79 | golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect 80 | golang.org/x/net v0.37.0 // indirect 81 | golang.org/x/oauth2 v0.23.0 // indirect 82 | golang.org/x/sync v0.12.0 // indirect 83 | golang.org/x/sys v0.31.0 // indirect 84 | golang.org/x/term v0.30.0 // indirect 85 | golang.org/x/text v0.23.0 // indirect 86 | golang.org/x/time v0.7.0 // indirect 87 | gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect 88 | google.golang.org/protobuf v1.35.1 // indirect 89 | gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect 90 | gopkg.in/inf.v0 v0.9.1 // indirect 91 | gopkg.in/yaml.v3 v3.0.1 // indirect 92 | k8s.io/apiextensions-apiserver v0.32.1 // indirect 93 | k8s.io/klog/v2 v2.130.1 // indirect 94 | k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect 95 | k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect 96 | sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect 97 | sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect 98 | sigs.k8s.io/yaml v1.4.0 // indirect 99 | ) 100 | -------------------------------------------------------------------------------- /helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: lambda-chart 3 | description: A Helm chart for the ACK service controller for AWS Lambda (Lambda) 4 | version: 1.7.3 5 | appVersion: 1.7.3 6 | home: https://github.com/aws-controllers-k8s/lambda-controller 7 | icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png 8 | sources: 9 | - https://github.com/aws-controllers-k8s/lambda-controller 10 | maintainers: 11 | - name: ACK Admins 12 | url: https://github.com/orgs/aws-controllers-k8s/teams/ack-admin 13 | - name: Lambda Admins 14 | url: https://github.com/orgs/aws-controllers-k8s/teams/lambda-maintainer 15 | keywords: 16 | - aws 17 | - kubernetes 18 | - lambda 19 | -------------------------------------------------------------------------------- /helm/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ .Chart.Name }} has been installed. 2 | This chart deploys "public.ecr.aws/aws-controllers-k8s/lambda-controller:1.7.3". 3 | 4 | Check its status by running: 5 | kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" 6 | 7 | You are now able to create AWS Lambda (Lambda) resources! 8 | 9 | The controller is running in "{{ .Values.installScope }}" mode. 10 | The controller is configured to manage AWS resources in region: "{{ .Values.aws.region }}" 11 | 12 | Visit https://aws-controllers-k8s.github.io/community/reference/ for an API 13 | reference of all the resources that can be created using this controller. 14 | 15 | For more information on the AWS Controllers for Kubernetes (ACK) project, visit: 16 | https://aws-controllers-k8s.github.io/community/ 17 | -------------------------------------------------------------------------------- /helm/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* The name of the application this chart installs */}} 2 | {{- define "ack-lambda-controller.app.name" -}} 3 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 4 | {{- end -}} 5 | 6 | {{/* 7 | Create a default fully qualified app name. 8 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 9 | If release name contains chart name it will be used as a full name. 10 | */}} 11 | {{- define "ack-lambda-controller.app.fullname" -}} 12 | {{- if .Values.fullnameOverride -}} 13 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 14 | {{- else -}} 15 | {{- $name := default .Chart.Name .Values.nameOverride -}} 16 | {{- if contains $name .Release.Name -}} 17 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 18 | {{- else -}} 19 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 20 | {{- end -}} 21 | {{- end -}} 22 | {{- end -}} 23 | 24 | {{/* The name and version as used by the chart label */}} 25 | {{- define "ack-lambda-controller.chart.name-version" -}} 26 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 27 | {{- end -}} 28 | 29 | {{/* The name of the service account to use */}} 30 | {{- define "ack-lambda-controller.service-account.name" -}} 31 | {{ default "default" .Values.serviceAccount.name }} 32 | {{- end -}} 33 | 34 | {{- define "ack-lambda-controller.watch-namespace" -}} 35 | {{- if eq .Values.installScope "namespace" -}} 36 | {{ .Values.watchNamespace | default .Release.Namespace }} 37 | {{- end -}} 38 | {{- end -}} 39 | 40 | {{/* The mount path for the shared credentials file */}} 41 | {{- define "ack-lambda-controller.aws.credentials.secret_mount_path" -}} 42 | {{- "/var/run/secrets/aws" -}} 43 | {{- end -}} 44 | 45 | {{/* The path the shared credentials file is mounted */}} 46 | {{- define "ack-lambda-controller.aws.credentials.path" -}} 47 | {{ $secret_mount_path := include "ack-lambda-controller.aws.credentials.secret_mount_path" . }} 48 | {{- printf "%s/%s" $secret_mount_path .Values.aws.credentials.secretKey -}} 49 | {{- end -}} 50 | 51 | {{/* The rules a of ClusterRole or Role */}} 52 | {{- define "ack-lambda-controller.rbac-rules" -}} 53 | rules: 54 | - apiGroups: 55 | - "" 56 | resources: 57 | - configmaps 58 | - secrets 59 | verbs: 60 | - get 61 | - list 62 | - patch 63 | - watch 64 | - apiGroups: 65 | - "" 66 | resources: 67 | - namespaces 68 | verbs: 69 | - get 70 | - list 71 | - watch 72 | - apiGroups: 73 | - ec2.services.k8s.aws 74 | resources: 75 | - securitygroups 76 | - securitygroups/status 77 | - subnets 78 | - subnets/status 79 | verbs: 80 | - get 81 | - list 82 | - apiGroups: 83 | - iam.services.k8s.aws 84 | resources: 85 | - roles 86 | - roles/status 87 | verbs: 88 | - get 89 | - list 90 | - apiGroups: 91 | - kafka.services.k8s.aws 92 | resources: 93 | - clusters 94 | - clusters/status 95 | verbs: 96 | - get 97 | - list 98 | - apiGroups: 99 | - kms.services.k8s.aws 100 | resources: 101 | - keys 102 | - keys/status 103 | verbs: 104 | - get 105 | - list 106 | - apiGroups: 107 | - lambda.services.k8s.aws 108 | resources: 109 | - aliases 110 | - codesigningconfigs 111 | - eventsourcemappings 112 | - functions 113 | - functionurlconfigs 114 | - layerversions 115 | - versions 116 | verbs: 117 | - create 118 | - delete 119 | - get 120 | - list 121 | - patch 122 | - update 123 | - watch 124 | - apiGroups: 125 | - lambda.services.k8s.aws 126 | resources: 127 | - aliases/status 128 | - codesigningconfigs/status 129 | - eventsourcemappings/status 130 | - functions/status 131 | - functionurlconfigs/status 132 | - layerversions/status 133 | - versions/status 134 | verbs: 135 | - get 136 | - patch 137 | - update 138 | - apiGroups: 139 | - mq.services.k8s.aws 140 | resources: 141 | - brokers 142 | - brokers/status 143 | verbs: 144 | - get 145 | - list 146 | - apiGroups: 147 | - s3.services.k8s.aws 148 | resources: 149 | - buckets 150 | - buckets/status 151 | verbs: 152 | - get 153 | - list 154 | - apiGroups: 155 | - services.k8s.aws 156 | resources: 157 | - adoptedresources 158 | - fieldexports 159 | verbs: 160 | - create 161 | - delete 162 | - get 163 | - list 164 | - patch 165 | - update 166 | - watch 167 | - apiGroups: 168 | - services.k8s.aws 169 | resources: 170 | - adoptedresources/status 171 | - fieldexports/status 172 | verbs: 173 | - get 174 | - patch 175 | - update 176 | {{- end }} 177 | 178 | {{/* Convert k/v map to string like: "key1=value1,key2=value2,..." */}} 179 | {{- define "ack-lambda-controller.feature-gates" -}} 180 | {{- $list := list -}} 181 | {{- range $k, $v := .Values.featureGates -}} 182 | {{- $list = append $list (printf "%s=%s" $k ( $v | toString)) -}} 183 | {{- end -}} 184 | {{ join "," $list }} 185 | {{- end -}} 186 | -------------------------------------------------------------------------------- /helm/templates/caches-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "ack-lambda-controller.app.fullname" . }}-namespace-caches 5 | labels: 6 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: Helm 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 11 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 12 | roleRef: 13 | kind: ClusterRole 14 | apiGroup: rbac.authorization.k8s.io 15 | name: {{ include "ack-lambda-controller.app.fullname" . }}-namespace-caches 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ include "ack-lambda-controller.service-account.name" . }} 19 | namespace: {{ .Release.Namespace }} 20 | --- 21 | apiVersion: rbac.authorization.k8s.io/v1 22 | kind: RoleBinding 23 | metadata: 24 | name: {{ include "ack-lambda-controller.app.fullname" . }}-configmaps-cache 25 | namespace: {{ .Release.Namespace }} 26 | labels: 27 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 28 | app.kubernetes.io/instance: {{ .Release.Name }} 29 | app.kubernetes.io/managed-by: Helm 30 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 31 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 32 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 33 | roleRef: 34 | kind: Role 35 | apiGroup: rbac.authorization.k8s.io 36 | name: {{ include "ack-lambda-controller.app.fullname" . }}-configmaps-cache 37 | subjects: 38 | - kind: ServiceAccount 39 | name: {{ include "ack-lambda-controller.service-account.name" . }} 40 | namespace: {{ .Release.Namespace }} 41 | -------------------------------------------------------------------------------- /helm/templates/caches-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ include "ack-lambda-controller.app.fullname" . }}-namespaces-cache 5 | labels: 6 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: Helm 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 11 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - namespaces 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1 23 | kind: Role 24 | metadata: 25 | name: {{ include "ack-lambda-controller.app.fullname" . }}-configmaps-cache 26 | namespace: {{ .Release.Namespace }} 27 | labels: 28 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/managed-by: Helm 31 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 32 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 33 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 34 | rules: 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - configmaps 39 | verbs: 40 | - get 41 | - list 42 | - watch -------------------------------------------------------------------------------- /helm/templates/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{ if eq .Values.installScope "cluster" }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "ack-lambda-controller.app.fullname" . }}-rolebinding 6 | labels: 7 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: Helm 10 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 11 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 12 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 13 | roleRef: 14 | kind: ClusterRole 15 | apiGroup: rbac.authorization.k8s.io 16 | name: {{ include "ack-lambda-controller.app.fullname" . }} 17 | subjects: 18 | - kind: ServiceAccount 19 | name: {{ include "ack-lambda-controller.service-account.name" . }} 20 | namespace: {{ .Release.Namespace }} 21 | {{ else if eq .Values.installScope "namespace" }} 22 | {{ $wn := include "ack-lambda-controller.watch-namespace" . }} 23 | {{ $namespaces := split "," $wn }} 24 | {{ $fullname := include "ack-lambda-controller.app.fullname" . }} 25 | {{ $releaseNamespace := .Release.Namespace }} 26 | {{ $serviceAccountName := include "ack-lambda-controller.service-account.name" . }} 27 | {{ $chartVersion := include "ack-lambda-controller.chart.name-version" . }} 28 | {{ $appVersion := .Chart.AppVersion | quote }} 29 | {{ range $namespaces }} 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: RoleBinding 33 | metadata: 34 | name: {{ $fullname }}-{{ . }} 35 | namespace: {{ . }} 36 | labels: 37 | app.kubernetes.io/name: {{ $fullname }} 38 | app.kubernetes.io/instance: {{ $.Release.Name }} 39 | app.kubernetes.io/managed-by: Helm 40 | app.kubernetes.io/version: {{ $appVersion }} 41 | k8s-app: {{ $fullname }} 42 | helm.sh/chart: {{ $chartVersion }} 43 | roleRef: 44 | kind: Role 45 | apiGroup: rbac.authorization.k8s.io 46 | name: {{ $fullname }}-{{ . }} 47 | subjects: 48 | - kind: ServiceAccount 49 | name: {{ $serviceAccountName }} 50 | namespace: {{ $releaseNamespace }} 51 | {{ end }} 52 | {{ end }} -------------------------------------------------------------------------------- /helm/templates/cluster-role-controller.yaml: -------------------------------------------------------------------------------- 1 | {{ $labels := .Values.role.labels }} 2 | {{ $appVersion := .Chart.AppVersion | quote }} 3 | {{ $rbacRules := include "ack-lambda-controller.rbac-rules" . }} 4 | {{ $fullname := include "ack-lambda-controller.app.fullname" . }} 5 | {{ $chartVersion := include "ack-lambda-controller.chart.name-version" . }} 6 | {{ if eq .Values.installScope "cluster" }} 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRole 9 | metadata: 10 | name: {{ include "ack-lambda-controller.app.fullname" . }} 11 | labels: 12 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | app.kubernetes.io/managed-by: Helm 15 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 16 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 17 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 18 | {{- range $key, $value := $labels }} 19 | {{ $key }}: {{ $value | quote }} 20 | {{- end }} 21 | {{$rbacRules }} 22 | {{ else if eq .Values.installScope "namespace" }} 23 | {{ $wn := include "ack-lambda-controller.watch-namespace" . }} 24 | {{ $namespaces := split "," $wn }} 25 | {{ range $namespaces }} 26 | --- 27 | apiVersion: rbac.authorization.k8s.io/v1 28 | kind: Role 29 | metadata: 30 | name: {{ $fullname }}-{{ . }} 31 | namespace: {{ . }} 32 | labels: 33 | app.kubernetes.io/name: {{ $fullname }} 34 | app.kubernetes.io/instance: {{ $.Release.Name }} 35 | app.kubernetes.io/managed-by: Helm 36 | app.kubernetes.io/version: {{ $appVersion }} 37 | k8s-app: {{ $fullname }} 38 | helm.sh/chart: {{ $chartVersion }} 39 | {{- range $key, $value := $labels }} 40 | {{ $key }}: {{ $value | quote }} 41 | {{- end }} 42 | {{ $rbacRules }} 43 | {{ end }} 44 | {{ end }} -------------------------------------------------------------------------------- /helm/templates/leader-election-role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.leaderElection.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "ack-lambda-controller.app.fullname" . }}-leaderelection 6 | {{ if .Values.leaderElection.namespace }} 7 | namespace: {{ .Values.leaderElection.namespace }} 8 | {{ else }} 9 | namespace: {{ .Release.Namespace }} 10 | {{ end }} 11 | labels: 12 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | app.kubernetes.io/managed-by: Helm 15 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 16 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 17 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: Role 21 | name: {{ include "ack-lambda-controller.app.fullname" . }}-leaderelection 22 | subjects: 23 | - kind: ServiceAccount 24 | name: {{ include "ack-lambda-controller.service-account.name" . }} 25 | namespace: {{ .Release.Namespace }}{{- end }} 26 | -------------------------------------------------------------------------------- /helm/templates/leader-election-role.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.leaderElection.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "ack-lambda-controller.app.fullname" . }}-leaderelection 6 | {{ if .Values.leaderElection.namespace }} 7 | namespace: {{ .Values.leaderElection.namespace }} 8 | {{ else }} 9 | namespace: {{ .Release.Namespace }} 10 | {{ end }} 11 | labels: 12 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | app.kubernetes.io/managed-by: Helm 15 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 16 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 17 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 18 | rules: 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch{{- end }} 38 | -------------------------------------------------------------------------------- /helm/templates/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.service.create }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Chart.Name | trimSuffix "-chart" | trunc 44 }}-controller-metrics 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: Helm 11 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 12 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 13 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 14 | spec: 15 | selector: 16 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | app.kubernetes.io/managed-by: Helm 19 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 20 | {{- range $key, $value := .Values.deployment.labels }} 21 | {{ $key }}: {{ $value | quote }} 22 | {{- end }} 23 | type: {{ .Values.metrics.service.type }} 24 | ports: 25 | - name: metricsport 26 | port: 8080 27 | targetPort: http 28 | protocol: TCP 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /helm/templates/role-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | creationTimestamp: null 6 | name: {{ include "ack-lambda-controller.app.fullname" . }}-reader 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: Helm 12 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 13 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 14 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 15 | rules: 16 | - apiGroups: 17 | - lambda.services.k8s.aws 18 | resources: 19 | - aliases 20 | - codesigningconfigs 21 | - eventsourcemappings 22 | - functions 23 | - functionurlconfigs 24 | - layerversions 25 | - versions 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | -------------------------------------------------------------------------------- /helm/templates/role-writer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | creationTimestamp: null 6 | name: {{ include "ack-lambda-controller.app.fullname" . }}-writer 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: Helm 12 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 13 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 14 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 15 | rules: 16 | - apiGroups: 17 | - lambda.services.k8s.aws 18 | resources: 19 | - aliases 20 | - codesigningconfigs 21 | - eventsourcemappings 22 | - functions 23 | - functionurlconfigs 24 | - layerversions 25 | - versions 26 | verbs: 27 | - create 28 | - delete 29 | - get 30 | - list 31 | - patch 32 | - update 33 | - watch 34 | - apiGroups: 35 | - lambda.services.k8s.aws 36 | resources: 37 | - aliases 38 | - codesigningconfigs 39 | - eventsourcemappings 40 | - functions 41 | - functionurlconfigs 42 | - layerversions 43 | - versions 44 | verbs: 45 | - get 46 | - patch 47 | - update 48 | -------------------------------------------------------------------------------- /helm/templates/service-account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: {{ include "ack-lambda-controller.app.name" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: Helm 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | k8s-app: {{ include "ack-lambda-controller.app.name" . }} 11 | helm.sh/chart: {{ include "ack-lambda-controller.chart.name-version" . }} 12 | name: {{ include "ack-lambda-controller.service-account.name" . }} 13 | namespace: {{ .Release.Namespace }} 14 | annotations: 15 | {{- range $key, $value := .Values.serviceAccount.annotations }} 16 | {{ $key }}: {{ $value | quote }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /metadata.yaml: -------------------------------------------------------------------------------- 1 | service: 2 | full_name: "AWS Lambda" 3 | short_name: "Lambda" 4 | link: "https://aws.amazon.com/lambda/" 5 | documentation: "https://docs.aws.amazon.com/lambda/" 6 | api_versions: 7 | - api_version: v1alpha1 8 | status: available 9 | -------------------------------------------------------------------------------- /olm/olmconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | annotations: 3 | capabilityLevel: Basic Install 4 | shortDescription: AWS Lambda controller is a service controller for managing Lambda resources 5 | in Kubernetes 6 | displayName: AWS Controllers for Kubernetes - Amazon Lambda 7 | description: |- 8 | Manage Amazon Lambda resources in AWS from within your Kubernetes cluster. 9 | 10 | 11 | **About Amazon Lambda** 12 | 13 | 14 | Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. With Lambda, you can run code for virtually any type of application or backend service. All you need to do is supply your code in one of the [languages that Lambda supports](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). 15 | 16 | 17 | **About the AWS Controllers for Kubernetes** 18 | 19 | 20 | This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) 21 | project. 22 | 23 | 24 | **Pre-Installation Steps** 25 | 26 | 27 | Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) 28 | samples: 29 | - kind: CodeSigningConfig 30 | spec: '{}' 31 | - kind: EventSourceMapping 32 | spec: '{}' 33 | - kind: Function 34 | spec: '{}' 35 | - kind: Alias 36 | spec: '{}' 37 | maintainers: 38 | - name: "lambda maintainer team" 39 | email: "ack-maintainers@amazon.com" 40 | links: 41 | - name: Amazon Lambda Developer Resources 42 | url: https://aws.amazon.com/lambda/resources/ 43 | -------------------------------------------------------------------------------- /pkg/resource/alias/descriptor.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package alias 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare" 21 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 22 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 25 | k8sctrlutil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" 26 | 27 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 28 | ) 29 | 30 | const ( 31 | FinalizerString = "finalizers.lambda.services.k8s.aws/Alias" 32 | ) 33 | 34 | var ( 35 | GroupVersionResource = svcapitypes.GroupVersion.WithResource("aliases") 36 | GroupKind = metav1.GroupKind{ 37 | Group: "lambda.services.k8s.aws", 38 | Kind: "Alias", 39 | } 40 | ) 41 | 42 | // resourceDescriptor implements the 43 | // `aws-service-operator-k8s/pkg/types.AWSResourceDescriptor` interface 44 | type resourceDescriptor struct { 45 | } 46 | 47 | // GroupVersionKind returns a Kubernetes schema.GroupVersionKind struct that 48 | // describes the API Group, Version and Kind of CRs described by the descriptor 49 | func (d *resourceDescriptor) GroupVersionKind() schema.GroupVersionKind { 50 | return svcapitypes.GroupVersion.WithKind(GroupKind.Kind) 51 | } 52 | 53 | // EmptyRuntimeObject returns an empty object prototype that may be used in 54 | // apimachinery and k8s client operations 55 | func (d *resourceDescriptor) EmptyRuntimeObject() rtclient.Object { 56 | return &svcapitypes.Alias{} 57 | } 58 | 59 | // ResourceFromRuntimeObject returns an AWSResource that has been initialized 60 | // with the supplied runtime.Object 61 | func (d *resourceDescriptor) ResourceFromRuntimeObject( 62 | obj rtclient.Object, 63 | ) acktypes.AWSResource { 64 | return &resource{ 65 | ko: obj.(*svcapitypes.Alias), 66 | } 67 | } 68 | 69 | // Delta returns an `ackcompare.Delta` object containing the difference between 70 | // one `AWSResource` and another. 71 | func (d *resourceDescriptor) Delta(a, b acktypes.AWSResource) *ackcompare.Delta { 72 | return newResourceDelta(a.(*resource), b.(*resource)) 73 | } 74 | 75 | // IsManaged returns true if the supplied AWSResource is under the management 76 | // of an ACK service controller. What this means in practice is that the 77 | // underlying custom resource (CR) in the AWSResource has had a 78 | // resource-specific finalizer associated with it. 79 | func (d *resourceDescriptor) IsManaged( 80 | res acktypes.AWSResource, 81 | ) bool { 82 | obj := res.RuntimeObject() 83 | if obj == nil { 84 | // Should not happen. If it does, there is a bug in the code 85 | panic("nil RuntimeMetaObject in AWSResource") 86 | } 87 | // Remove use of custom code once 88 | // https://github.com/kubernetes-sigs/controller-runtime/issues/994 is 89 | // fixed. This should be able to be: 90 | // 91 | // return k8sctrlutil.ContainsFinalizer(obj, FinalizerString) 92 | return containsFinalizer(obj, FinalizerString) 93 | } 94 | 95 | // Remove once https://github.com/kubernetes-sigs/controller-runtime/issues/994 96 | // is fixed. 97 | func containsFinalizer(obj rtclient.Object, finalizer string) bool { 98 | f := obj.GetFinalizers() 99 | for _, e := range f { 100 | if e == finalizer { 101 | return true 102 | } 103 | } 104 | return false 105 | } 106 | 107 | // MarkManaged places the supplied resource under the management of ACK. What 108 | // this typically means is that the resource manager will decorate the 109 | // underlying custom resource (CR) with a finalizer that indicates ACK is 110 | // managing the resource and the underlying CR may not be deleted until ACK is 111 | // finished cleaning up any backend AWS service resources associated with the 112 | // CR. 113 | func (d *resourceDescriptor) MarkManaged( 114 | res acktypes.AWSResource, 115 | ) { 116 | obj := res.RuntimeObject() 117 | if obj == nil { 118 | // Should not happen. If it does, there is a bug in the code 119 | panic("nil RuntimeMetaObject in AWSResource") 120 | } 121 | k8sctrlutil.AddFinalizer(obj, FinalizerString) 122 | } 123 | 124 | // MarkUnmanaged removes the supplied resource from management by ACK. What 125 | // this typically means is that the resource manager will remove a finalizer 126 | // underlying custom resource (CR) that indicates ACK is managing the resource. 127 | // This will allow the Kubernetes API server to delete the underlying CR. 128 | func (d *resourceDescriptor) MarkUnmanaged( 129 | res acktypes.AWSResource, 130 | ) { 131 | obj := res.RuntimeObject() 132 | if obj == nil { 133 | // Should not happen. If it does, there is a bug in the code 134 | panic("nil RuntimeMetaObject in AWSResource") 135 | } 136 | k8sctrlutil.RemoveFinalizer(obj, FinalizerString) 137 | } 138 | 139 | // MarkAdopted places descriptors on the custom resource that indicate the 140 | // resource was not created from within ACK. 141 | func (d *resourceDescriptor) MarkAdopted( 142 | res acktypes.AWSResource, 143 | ) { 144 | obj := res.RuntimeObject() 145 | if obj == nil { 146 | // Should not happen. If it does, there is a bug in the code 147 | panic("nil RuntimeObject in AWSResource") 148 | } 149 | curr := obj.GetAnnotations() 150 | if curr == nil { 151 | curr = make(map[string]string) 152 | } 153 | curr[ackv1alpha1.AnnotationAdopted] = "true" 154 | obj.SetAnnotations(curr) 155 | } 156 | -------------------------------------------------------------------------------- /pkg/resource/alias/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package alias 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/alias/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package alias 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/alias/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package alias 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | "github.com/aws/aws-sdk-go-v2/aws" 25 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 27 | 28 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 29 | ) 30 | 31 | // Hack to avoid import errors during build... 32 | var ( 33 | _ = &ackerrors.MissingNameIdentifier 34 | ) 35 | 36 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 37 | // interface 38 | type resource struct { 39 | // The Kubernetes-native CR representing the resource 40 | ko *svcapitypes.Alias 41 | } 42 | 43 | // Identifiers returns an AWSResourceIdentifiers object containing various 44 | // identifying information, including the AWS account ID that owns the 45 | // resource, the resource's AWS Resource Name (ARN) 46 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 47 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 48 | } 49 | 50 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 51 | // deletion timestamp 52 | func (r *resource) IsBeingDeleted() bool { 53 | return !r.ko.DeletionTimestamp.IsZero() 54 | } 55 | 56 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 57 | // the AWSResource 58 | func (r *resource) RuntimeObject() rtclient.Object { 59 | return r.ko 60 | } 61 | 62 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 63 | // representation of the AWSResource 64 | func (r *resource) MetaObject() metav1.Object { 65 | return r.ko.GetObjectMeta() 66 | } 67 | 68 | // Conditions returns the ACK Conditions collection for the AWSResource 69 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 70 | return r.ko.Status.Conditions 71 | } 72 | 73 | // ReplaceConditions sets the Conditions status field for the resource 74 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 75 | r.ko.Status.Conditions = conditions 76 | } 77 | 78 | // SetObjectMeta sets the ObjectMeta field for the resource 79 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 80 | r.ko.ObjectMeta = meta 81 | } 82 | 83 | // SetStatus will set the Status field for the resource 84 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 85 | r.ko.Status = desired.(*resource).ko.Status 86 | } 87 | 88 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 89 | // resource identifier 90 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 91 | if identifier.NameOrID == "" { 92 | return ackerrors.MissingNameIdentifier 93 | } 94 | r.ko.Spec.Name = &identifier.NameOrID 95 | 96 | f0, f0ok := identifier.AdditionalKeys["functionName"] 97 | if f0ok { 98 | r.ko.Spec.FunctionName = aws.String(f0) 99 | } 100 | 101 | return nil 102 | } 103 | 104 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 105 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 106 | tmp, ok := fields["name"] 107 | if !ok { 108 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: name")) 109 | } 110 | r.ko.Spec.Name = &tmp 111 | 112 | f0, f0ok := fields["functionName"] 113 | if f0ok { 114 | r.ko.Spec.FunctionName = aws.String(f0) 115 | } 116 | 117 | return nil 118 | } 119 | 120 | // DeepCopy will return a copy of the resource 121 | func (r *resource) DeepCopy() acktypes.AWSResource { 122 | koCopy := r.ko.DeepCopy() 123 | return &resource{koCopy} 124 | } 125 | -------------------------------------------------------------------------------- /pkg/resource/code_signing_config/delta.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package code_signing_config 17 | 18 | import ( 19 | "bytes" 20 | "reflect" 21 | 22 | ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare" 23 | acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" 24 | ) 25 | 26 | // Hack to avoid import errors during build... 27 | var ( 28 | _ = &bytes.Buffer{} 29 | _ = &reflect.Method{} 30 | _ = &acktags.Tags{} 31 | ) 32 | 33 | // newResourceDelta returns a new `ackcompare.Delta` used to compare two 34 | // resources 35 | func newResourceDelta( 36 | a *resource, 37 | b *resource, 38 | ) *ackcompare.Delta { 39 | delta := ackcompare.NewDelta() 40 | if (a == nil && b != nil) || 41 | (a != nil && b == nil) { 42 | delta.Add("", a, b) 43 | return delta 44 | } 45 | 46 | if ackcompare.HasNilDifference(a.ko.Spec.AllowedPublishers, b.ko.Spec.AllowedPublishers) { 47 | delta.Add("Spec.AllowedPublishers", a.ko.Spec.AllowedPublishers, b.ko.Spec.AllowedPublishers) 48 | } else if a.ko.Spec.AllowedPublishers != nil && b.ko.Spec.AllowedPublishers != nil { 49 | if len(a.ko.Spec.AllowedPublishers.SigningProfileVersionARNs) != len(b.ko.Spec.AllowedPublishers.SigningProfileVersionARNs) { 50 | delta.Add("Spec.AllowedPublishers.SigningProfileVersionARNs", a.ko.Spec.AllowedPublishers.SigningProfileVersionARNs, b.ko.Spec.AllowedPublishers.SigningProfileVersionARNs) 51 | } else if len(a.ko.Spec.AllowedPublishers.SigningProfileVersionARNs) > 0 { 52 | if !ackcompare.SliceStringPEqual(a.ko.Spec.AllowedPublishers.SigningProfileVersionARNs, b.ko.Spec.AllowedPublishers.SigningProfileVersionARNs) { 53 | delta.Add("Spec.AllowedPublishers.SigningProfileVersionARNs", a.ko.Spec.AllowedPublishers.SigningProfileVersionARNs, b.ko.Spec.AllowedPublishers.SigningProfileVersionARNs) 54 | } 55 | } 56 | } 57 | if ackcompare.HasNilDifference(a.ko.Spec.CodeSigningPolicies, b.ko.Spec.CodeSigningPolicies) { 58 | delta.Add("Spec.CodeSigningPolicies", a.ko.Spec.CodeSigningPolicies, b.ko.Spec.CodeSigningPolicies) 59 | } else if a.ko.Spec.CodeSigningPolicies != nil && b.ko.Spec.CodeSigningPolicies != nil { 60 | if ackcompare.HasNilDifference(a.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment, b.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment) { 61 | delta.Add("Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment", a.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment, b.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment) 62 | } else if a.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment != nil && b.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment != nil { 63 | if *a.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment != *b.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment { 64 | delta.Add("Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment", a.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment, b.ko.Spec.CodeSigningPolicies.UntrustedArtifactOnDeployment) 65 | } 66 | } 67 | } 68 | if ackcompare.HasNilDifference(a.ko.Spec.Description, b.ko.Spec.Description) { 69 | delta.Add("Spec.Description", a.ko.Spec.Description, b.ko.Spec.Description) 70 | } else if a.ko.Spec.Description != nil && b.ko.Spec.Description != nil { 71 | if *a.ko.Spec.Description != *b.ko.Spec.Description { 72 | delta.Add("Spec.Description", a.ko.Spec.Description, b.ko.Spec.Description) 73 | } 74 | } 75 | 76 | return delta 77 | } 78 | -------------------------------------------------------------------------------- /pkg/resource/code_signing_config/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package code_signing_config 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/code_signing_config/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package code_signing_config 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/code_signing_config/references.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package code_signing_config 17 | 18 | import ( 19 | "context" 20 | 21 | "sigs.k8s.io/controller-runtime/pkg/client" 22 | 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | 25 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 26 | ) 27 | 28 | // ClearResolvedReferences removes any reference values that were made 29 | // concrete in the spec. It returns a copy of the input AWSResource which 30 | // contains the original *Ref values, but none of their respective concrete 31 | // values. 32 | func (rm *resourceManager) ClearResolvedReferences(res acktypes.AWSResource) acktypes.AWSResource { 33 | ko := rm.concreteResource(res).ko.DeepCopy() 34 | 35 | return &resource{ko} 36 | } 37 | 38 | // ResolveReferences finds if there are any Reference field(s) present 39 | // inside AWSResource passed in the parameter and attempts to resolve those 40 | // reference field(s) into their respective target field(s). It returns a 41 | // copy of the input AWSResource with resolved reference(s), a boolean which 42 | // is set to true if the resource contains any references (regardless of if 43 | // they are resolved successfully) and an error if the passed AWSResource's 44 | // reference field(s) could not be resolved. 45 | func (rm *resourceManager) ResolveReferences( 46 | ctx context.Context, 47 | apiReader client.Reader, 48 | res acktypes.AWSResource, 49 | ) (acktypes.AWSResource, bool, error) { 50 | return res, false, nil 51 | } 52 | 53 | // validateReferenceFields validates the reference field and corresponding 54 | // identifier field. 55 | func validateReferenceFields(ko *svcapitypes.CodeSigningConfig) error { 56 | return nil 57 | } 58 | -------------------------------------------------------------------------------- /pkg/resource/code_signing_config/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package code_signing_config 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 26 | 27 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 28 | ) 29 | 30 | // Hack to avoid import errors during build... 31 | var ( 32 | _ = &ackerrors.MissingNameIdentifier 33 | ) 34 | 35 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 36 | // interface 37 | type resource struct { 38 | // The Kubernetes-native CR representing the resource 39 | ko *svcapitypes.CodeSigningConfig 40 | } 41 | 42 | // Identifiers returns an AWSResourceIdentifiers object containing various 43 | // identifying information, including the AWS account ID that owns the 44 | // resource, the resource's AWS Resource Name (ARN) 45 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 46 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 47 | } 48 | 49 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 50 | // deletion timestamp 51 | func (r *resource) IsBeingDeleted() bool { 52 | return !r.ko.DeletionTimestamp.IsZero() 53 | } 54 | 55 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 56 | // the AWSResource 57 | func (r *resource) RuntimeObject() rtclient.Object { 58 | return r.ko 59 | } 60 | 61 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 62 | // representation of the AWSResource 63 | func (r *resource) MetaObject() metav1.Object { 64 | return r.ko.GetObjectMeta() 65 | } 66 | 67 | // Conditions returns the ACK Conditions collection for the AWSResource 68 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 69 | return r.ko.Status.Conditions 70 | } 71 | 72 | // ReplaceConditions sets the Conditions status field for the resource 73 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 74 | r.ko.Status.Conditions = conditions 75 | } 76 | 77 | // SetObjectMeta sets the ObjectMeta field for the resource 78 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 79 | r.ko.ObjectMeta = meta 80 | } 81 | 82 | // SetStatus will set the Status field for the resource 83 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 84 | r.ko.Status = desired.(*resource).ko.Status 85 | } 86 | 87 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 88 | // resource identifier 89 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 90 | if r.ko.Status.ACKResourceMetadata == nil { 91 | r.ko.Status.ACKResourceMetadata = &ackv1alpha1.ResourceMetadata{} 92 | } 93 | r.ko.Status.ACKResourceMetadata.ARN = identifier.ARN 94 | 95 | return nil 96 | } 97 | 98 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 99 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 100 | tmp, ok := fields["arn"] 101 | if !ok { 102 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: arn")) 103 | } 104 | 105 | if r.ko.Status.ACKResourceMetadata == nil { 106 | r.ko.Status.ACKResourceMetadata = &ackv1alpha1.ResourceMetadata{} 107 | } 108 | arn := ackv1alpha1.AWSResourceName(tmp) 109 | r.ko.Status.ACKResourceMetadata.ARN = &arn 110 | 111 | return nil 112 | } 113 | 114 | // DeepCopy will return a copy of the resource 115 | func (r *resource) DeepCopy() acktypes.AWSResource { 116 | koCopy := r.ko.DeepCopy() 117 | return &resource{koCopy} 118 | } 119 | -------------------------------------------------------------------------------- /pkg/resource/event_source_mapping/hooks.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | package event_source_mapping 15 | 16 | import ( 17 | ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare" 18 | 19 | "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 20 | ) 21 | 22 | func customPreCompare( 23 | delta *ackcompare.Delta, 24 | a *resource, 25 | b *resource, 26 | ) { 27 | if ackcompare.HasNilDifference(a.ko.Spec.FilterCriteria, b.ko.Spec.FilterCriteria) { 28 | delta.Add("Spec.FilterCriteria", a.ko.Spec.FilterCriteria, b.ko.Spec.FilterCriteria) 29 | } else if a.ko.Spec.FilterCriteria != nil && b.ko.Spec.FilterCriteria != nil { 30 | if !equalFilterSlices(a.ko.Spec.FilterCriteria.Filters, b.ko.Spec.FilterCriteria.Filters) { 31 | delta.Add("Spec.FilterCriteria.Filters", a.ko.Spec.FilterCriteria, b.ko.Spec.FilterCriteria) 32 | } 33 | } 34 | } 35 | 36 | // equalFilterSlices returns whether two Filter arrays are 37 | // equal or not. 38 | func equalFilterSlices(a, b []*v1alpha1.Filter) bool { 39 | if len(a) != len(b) { 40 | return false 41 | } 42 | 43 | // The Lambda control plane doesn't change the order of 44 | // submitted filters. 45 | for x, aVal := range a { 46 | bVal := b[x] 47 | if ackcompare.HasNilDifference(aVal, bVal) || 48 | !equalStrings(aVal.Pattern, bVal.Pattern) { 49 | return false 50 | } 51 | } 52 | return true 53 | } 54 | 55 | // filterCriteriasDeleted return true if a user deleted the filter 56 | // criterias by deleting the spec.filterCriteria field or the 57 | // spec.filterCriteria.filters field, false otherwise. 58 | // 59 | // This function is used as a sdk_update_post_build_request hook, to 60 | // properly build an update call that will delete ESM filters. 61 | func filterCriteriasDeleted( 62 | observed *resource, 63 | desired *resource, 64 | delta *ackcompare.Delta, 65 | ) bool { 66 | if delta.DifferentAt("Spec.FilterCriteria") || 67 | delta.DifferentAt("Spec.FilterCriteria.Filters") { 68 | // If the observed resource doesn't have any filters, nothing 69 | // has been deleted from the CR's filters. 70 | if observed.ko.Spec.FilterCriteria == nil || 71 | len(observed.ko.Spec.FilterCriteria.Filters) == 0 { 72 | return false 73 | } 74 | // Observing that the resource have at least one non-nil filter 75 | // and the desired one have a nil `FilterCriteria` or nil 76 | // `FilterCriteria.Filters`, means that the user wants to delete 77 | // their filters. 78 | if desired.ko.Spec.FilterCriteria == nil || 79 | len(desired.ko.Spec.FilterCriteria.Filters) == 0 { 80 | return true 81 | } 82 | } 83 | return false 84 | } 85 | 86 | func equalStrings(a, b *string) bool { 87 | if a == nil { 88 | return b == nil || *b == "" 89 | } 90 | return (*a == "" && b == nil) || *a == *b 91 | } 92 | -------------------------------------------------------------------------------- /pkg/resource/event_source_mapping/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package event_source_mapping 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/event_source_mapping/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package event_source_mapping 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/event_source_mapping/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package event_source_mapping 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 26 | 27 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 28 | ) 29 | 30 | // Hack to avoid import errors during build... 31 | var ( 32 | _ = &ackerrors.MissingNameIdentifier 33 | ) 34 | 35 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 36 | // interface 37 | type resource struct { 38 | // The Kubernetes-native CR representing the resource 39 | ko *svcapitypes.EventSourceMapping 40 | } 41 | 42 | // Identifiers returns an AWSResourceIdentifiers object containing various 43 | // identifying information, including the AWS account ID that owns the 44 | // resource, the resource's AWS Resource Name (ARN) 45 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 46 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 47 | } 48 | 49 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 50 | // deletion timestamp 51 | func (r *resource) IsBeingDeleted() bool { 52 | return !r.ko.DeletionTimestamp.IsZero() 53 | } 54 | 55 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 56 | // the AWSResource 57 | func (r *resource) RuntimeObject() rtclient.Object { 58 | return r.ko 59 | } 60 | 61 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 62 | // representation of the AWSResource 63 | func (r *resource) MetaObject() metav1.Object { 64 | return r.ko.GetObjectMeta() 65 | } 66 | 67 | // Conditions returns the ACK Conditions collection for the AWSResource 68 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 69 | return r.ko.Status.Conditions 70 | } 71 | 72 | // ReplaceConditions sets the Conditions status field for the resource 73 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 74 | r.ko.Status.Conditions = conditions 75 | } 76 | 77 | // SetObjectMeta sets the ObjectMeta field for the resource 78 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 79 | r.ko.ObjectMeta = meta 80 | } 81 | 82 | // SetStatus will set the Status field for the resource 83 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 84 | r.ko.Status = desired.(*resource).ko.Status 85 | } 86 | 87 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 88 | // resource identifier 89 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 90 | if identifier.NameOrID == "" { 91 | return ackerrors.MissingNameIdentifier 92 | } 93 | r.ko.Status.UUID = &identifier.NameOrID 94 | 95 | return nil 96 | } 97 | 98 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 99 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 100 | tmp, ok := fields["uuid"] 101 | if !ok { 102 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: uuid")) 103 | } 104 | r.ko.Status.UUID = &tmp 105 | 106 | return nil 107 | } 108 | 109 | // DeepCopy will return a copy of the resource 110 | func (r *resource) DeepCopy() acktypes.AWSResource { 111 | koCopy := r.ko.DeepCopy() 112 | return &resource{koCopy} 113 | } 114 | -------------------------------------------------------------------------------- /pkg/resource/function/hooks_test.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | package function 15 | 16 | import ( 17 | "reflect" 18 | "testing" 19 | 20 | "github.com/aws/aws-sdk-go-v2/aws" 21 | ) 22 | 23 | func Test_compareMaps(t *testing.T) { 24 | type args struct { 25 | a map[string]*string 26 | b map[string]*string 27 | } 28 | tests := []struct { 29 | name string 30 | args args 31 | wantAdded map[string]*string 32 | wantRemoved []string 33 | wantUpdated map[string]*string 34 | }{ 35 | { 36 | name: "empty maps", 37 | args: args{ 38 | a: map[string]*string{}, 39 | b: map[string]*string{}, 40 | }, 41 | wantAdded: map[string]*string{}, 42 | wantRemoved: nil, 43 | wantUpdated: map[string]*string{}, 44 | }, 45 | { 46 | name: "new elements", 47 | args: args{ 48 | a: map[string]*string{}, 49 | b: map[string]*string{"k1": aws.String("v1")}, 50 | }, 51 | wantAdded: map[string]*string{"k1": aws.String("v1")}, 52 | wantRemoved: nil, 53 | wantUpdated: map[string]*string{}, 54 | }, 55 | { 56 | name: "updated elements", 57 | args: args{ 58 | a: map[string]*string{"k1": aws.String("v1"), "k2": aws.String("v2")}, 59 | b: map[string]*string{"k1": aws.String("v10"), "k2": aws.String("v20")}, 60 | }, 61 | wantAdded: map[string]*string{}, 62 | wantRemoved: nil, 63 | wantUpdated: map[string]*string{"k1": aws.String("v10"), "k2": aws.String("v20")}, 64 | }, 65 | { 66 | name: "removed elements", 67 | args: args{ 68 | a: map[string]*string{"k1": aws.String("v1"), "k2": aws.String("v2")}, 69 | b: map[string]*string{"k1": aws.String("v1")}, 70 | }, 71 | wantAdded: map[string]*string{}, 72 | wantRemoved: []string{"k2"}, 73 | wantUpdated: map[string]*string{}, 74 | }, 75 | { 76 | name: "added, updated and removed elements", 77 | args: args{ 78 | a: map[string]*string{"k1": aws.String("v1"), "k2": aws.String("v2")}, 79 | b: map[string]*string{"k1": aws.String("v10"), "k3": aws.String("v3")}, 80 | }, 81 | wantAdded: map[string]*string{"k3": aws.String("v3")}, 82 | wantRemoved: []string{"k2"}, 83 | wantUpdated: map[string]*string{"k1": aws.String("v10")}, 84 | }, 85 | } 86 | for _, tt := range tests { 87 | t.Run(tt.name, func(t *testing.T) { 88 | gotAdded, gotRemoved, gotUpdated := compareMaps(tt.args.a, tt.args.b) 89 | if !reflect.DeepEqual(gotAdded, tt.wantAdded) { 90 | t.Errorf("compareMaps() gotAdded = %v, want %v", gotAdded, tt.wantAdded) 91 | } 92 | if !reflect.DeepEqual(gotRemoved, tt.wantRemoved) { 93 | t.Errorf("compareMaps() gotRemoved = %v, want %v", gotRemoved, tt.wantRemoved) 94 | } 95 | if !reflect.DeepEqual(gotUpdated, tt.wantUpdated) { 96 | t.Errorf("compareMaps() gotUpdated = %v, want %v", gotUpdated, tt.wantUpdated) 97 | } 98 | }) 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/function/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/function/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/function/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 26 | 27 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 28 | ) 29 | 30 | // Hack to avoid import errors during build... 31 | var ( 32 | _ = &ackerrors.MissingNameIdentifier 33 | ) 34 | 35 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 36 | // interface 37 | type resource struct { 38 | // The Kubernetes-native CR representing the resource 39 | ko *svcapitypes.Function 40 | } 41 | 42 | // Identifiers returns an AWSResourceIdentifiers object containing various 43 | // identifying information, including the AWS account ID that owns the 44 | // resource, the resource's AWS Resource Name (ARN) 45 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 46 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 47 | } 48 | 49 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 50 | // deletion timestamp 51 | func (r *resource) IsBeingDeleted() bool { 52 | return !r.ko.DeletionTimestamp.IsZero() 53 | } 54 | 55 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 56 | // the AWSResource 57 | func (r *resource) RuntimeObject() rtclient.Object { 58 | return r.ko 59 | } 60 | 61 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 62 | // representation of the AWSResource 63 | func (r *resource) MetaObject() metav1.Object { 64 | return r.ko.GetObjectMeta() 65 | } 66 | 67 | // Conditions returns the ACK Conditions collection for the AWSResource 68 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 69 | return r.ko.Status.Conditions 70 | } 71 | 72 | // ReplaceConditions sets the Conditions status field for the resource 73 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 74 | r.ko.Status.Conditions = conditions 75 | } 76 | 77 | // SetObjectMeta sets the ObjectMeta field for the resource 78 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 79 | r.ko.ObjectMeta = meta 80 | } 81 | 82 | // SetStatus will set the Status field for the resource 83 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 84 | r.ko.Status = desired.(*resource).ko.Status 85 | } 86 | 87 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 88 | // resource identifier 89 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 90 | if identifier.NameOrID == "" { 91 | return ackerrors.MissingNameIdentifier 92 | } 93 | r.ko.Spec.Name = &identifier.NameOrID 94 | 95 | return nil 96 | } 97 | 98 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 99 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 100 | tmp, ok := fields["name"] 101 | if !ok { 102 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: name")) 103 | } 104 | r.ko.Spec.Name = &tmp 105 | 106 | return nil 107 | } 108 | 109 | // DeepCopy will return a copy of the resource 110 | func (r *resource) DeepCopy() acktypes.AWSResource { 111 | koCopy := r.ko.DeepCopy() 112 | return &resource{koCopy} 113 | } 114 | -------------------------------------------------------------------------------- /pkg/resource/function/tags.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function 17 | 18 | import ( 19 | "slices" 20 | "strings" 21 | 22 | acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" 23 | 24 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 25 | ) 26 | 27 | var ( 28 | _ = svcapitypes.Function{} 29 | _ = acktags.NewTags() 30 | ACKSystemTags = []string{"services.k8s.aws/namespace", "services.k8s.aws/controller-version"} 31 | ) 32 | 33 | // convertToOrderedACKTags converts the tags parameter into 'acktags.Tags' shape. 34 | // This method helps in creating the hub(acktags.Tags) for merging 35 | // default controller tags with existing resource tags. It also returns a slice 36 | // of keys maintaining the original key Order when the tags are a list 37 | func convertToOrderedACKTags(tags map[string]*string) (acktags.Tags, []string) { 38 | result := acktags.NewTags() 39 | keyOrder := []string{} 40 | 41 | if len(tags) == 0 { 42 | return result, keyOrder 43 | } 44 | for k, v := range tags { 45 | if v == nil { 46 | result[k] = "" 47 | } else { 48 | result[k] = *v 49 | } 50 | } 51 | 52 | return result, keyOrder 53 | } 54 | 55 | // fromACKTags converts the tags parameter into map[string]*string shape. 56 | // This method helps in setting the tags back inside AWSResource after merging 57 | // default controller tags with existing resource tags. When a list, 58 | // it maintains the order from original 59 | func fromACKTags(tags acktags.Tags, keyOrder []string) map[string]*string { 60 | result := map[string]*string{} 61 | 62 | _ = keyOrder 63 | for k, v := range tags { 64 | result[k] = &v 65 | } 66 | 67 | return result 68 | } 69 | 70 | // ignoreSystemTags ignores tags that have keys that start with "aws:" 71 | // and ACKSystemTags, to avoid patching them to the resourceSpec. 72 | // Eg. resources created with cloudformation have tags that cannot be 73 | // removed by an ACK controller 74 | func ignoreSystemTags(tags acktags.Tags) { 75 | for k := range tags { 76 | if strings.HasPrefix(k, "aws:") || 77 | slices.Contains(ACKSystemTags, k) { 78 | delete(tags, k) 79 | } 80 | } 81 | } 82 | 83 | // syncAWSTags ensures AWS-managed tags (prefixed with "aws:") from the latest resource state 84 | // are preserved in the desired state. This prevents the controller from attempting to 85 | // modify AWS-managed tags, which would result in an error. 86 | // 87 | // AWS-managed tags are automatically added by AWS services (e.g., CloudFormation, Service Catalog) 88 | // and cannot be modified or deleted through normal tag operations. Common examples include: 89 | // - aws:cloudformation:stack-name 90 | // - aws:servicecatalog:productArn 91 | // 92 | // Parameters: 93 | // - a: The target Tags map to be updated (typically desired state) 94 | // - b: The source Tags map containing AWS-managed tags (typically latest state) 95 | // 96 | // Example: 97 | // 98 | // latest := Tags{"aws:cloudformation:stack-name": "my-stack", "environment": "prod"} 99 | // desired := Tags{"environment": "dev"} 100 | // SyncAWSTags(desired, latest) 101 | // desired now contains {"aws:cloudformation:stack-name": "my-stack", "environment": "dev"} 102 | func syncAWSTags(a acktags.Tags, b acktags.Tags) { 103 | for k := range b { 104 | if strings.HasPrefix(k, "aws:") { 105 | a[k] = b[k] 106 | } 107 | } 108 | } 109 | -------------------------------------------------------------------------------- /pkg/resource/function_url_config/delta.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function_url_config 17 | 18 | import ( 19 | "bytes" 20 | "reflect" 21 | 22 | ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare" 23 | acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" 24 | ) 25 | 26 | // Hack to avoid import errors during build... 27 | var ( 28 | _ = &bytes.Buffer{} 29 | _ = &reflect.Method{} 30 | _ = &acktags.Tags{} 31 | ) 32 | 33 | // newResourceDelta returns a new `ackcompare.Delta` used to compare two 34 | // resources 35 | func newResourceDelta( 36 | a *resource, 37 | b *resource, 38 | ) *ackcompare.Delta { 39 | delta := ackcompare.NewDelta() 40 | if (a == nil && b != nil) || 41 | (a != nil && b == nil) { 42 | delta.Add("", a, b) 43 | return delta 44 | } 45 | 46 | if ackcompare.HasNilDifference(a.ko.Spec.AuthType, b.ko.Spec.AuthType) { 47 | delta.Add("Spec.AuthType", a.ko.Spec.AuthType, b.ko.Spec.AuthType) 48 | } else if a.ko.Spec.AuthType != nil && b.ko.Spec.AuthType != nil { 49 | if *a.ko.Spec.AuthType != *b.ko.Spec.AuthType { 50 | delta.Add("Spec.AuthType", a.ko.Spec.AuthType, b.ko.Spec.AuthType) 51 | } 52 | } 53 | if ackcompare.HasNilDifference(a.ko.Spec.CORS, b.ko.Spec.CORS) { 54 | delta.Add("Spec.CORS", a.ko.Spec.CORS, b.ko.Spec.CORS) 55 | } else if a.ko.Spec.CORS != nil && b.ko.Spec.CORS != nil { 56 | if ackcompare.HasNilDifference(a.ko.Spec.CORS.AllowCredentials, b.ko.Spec.CORS.AllowCredentials) { 57 | delta.Add("Spec.CORS.AllowCredentials", a.ko.Spec.CORS.AllowCredentials, b.ko.Spec.CORS.AllowCredentials) 58 | } else if a.ko.Spec.CORS.AllowCredentials != nil && b.ko.Spec.CORS.AllowCredentials != nil { 59 | if *a.ko.Spec.CORS.AllowCredentials != *b.ko.Spec.CORS.AllowCredentials { 60 | delta.Add("Spec.CORS.AllowCredentials", a.ko.Spec.CORS.AllowCredentials, b.ko.Spec.CORS.AllowCredentials) 61 | } 62 | } 63 | if len(a.ko.Spec.CORS.AllowHeaders) != len(b.ko.Spec.CORS.AllowHeaders) { 64 | delta.Add("Spec.CORS.AllowHeaders", a.ko.Spec.CORS.AllowHeaders, b.ko.Spec.CORS.AllowHeaders) 65 | } else if len(a.ko.Spec.CORS.AllowHeaders) > 0 { 66 | if !ackcompare.SliceStringPEqual(a.ko.Spec.CORS.AllowHeaders, b.ko.Spec.CORS.AllowHeaders) { 67 | delta.Add("Spec.CORS.AllowHeaders", a.ko.Spec.CORS.AllowHeaders, b.ko.Spec.CORS.AllowHeaders) 68 | } 69 | } 70 | if len(a.ko.Spec.CORS.AllowMethods) != len(b.ko.Spec.CORS.AllowMethods) { 71 | delta.Add("Spec.CORS.AllowMethods", a.ko.Spec.CORS.AllowMethods, b.ko.Spec.CORS.AllowMethods) 72 | } else if len(a.ko.Spec.CORS.AllowMethods) > 0 { 73 | if !ackcompare.SliceStringPEqual(a.ko.Spec.CORS.AllowMethods, b.ko.Spec.CORS.AllowMethods) { 74 | delta.Add("Spec.CORS.AllowMethods", a.ko.Spec.CORS.AllowMethods, b.ko.Spec.CORS.AllowMethods) 75 | } 76 | } 77 | if len(a.ko.Spec.CORS.AllowOrigins) != len(b.ko.Spec.CORS.AllowOrigins) { 78 | delta.Add("Spec.CORS.AllowOrigins", a.ko.Spec.CORS.AllowOrigins, b.ko.Spec.CORS.AllowOrigins) 79 | } else if len(a.ko.Spec.CORS.AllowOrigins) > 0 { 80 | if !ackcompare.SliceStringPEqual(a.ko.Spec.CORS.AllowOrigins, b.ko.Spec.CORS.AllowOrigins) { 81 | delta.Add("Spec.CORS.AllowOrigins", a.ko.Spec.CORS.AllowOrigins, b.ko.Spec.CORS.AllowOrigins) 82 | } 83 | } 84 | if len(a.ko.Spec.CORS.ExposeHeaders) != len(b.ko.Spec.CORS.ExposeHeaders) { 85 | delta.Add("Spec.CORS.ExposeHeaders", a.ko.Spec.CORS.ExposeHeaders, b.ko.Spec.CORS.ExposeHeaders) 86 | } else if len(a.ko.Spec.CORS.ExposeHeaders) > 0 { 87 | if !ackcompare.SliceStringPEqual(a.ko.Spec.CORS.ExposeHeaders, b.ko.Spec.CORS.ExposeHeaders) { 88 | delta.Add("Spec.CORS.ExposeHeaders", a.ko.Spec.CORS.ExposeHeaders, b.ko.Spec.CORS.ExposeHeaders) 89 | } 90 | } 91 | if ackcompare.HasNilDifference(a.ko.Spec.CORS.MaxAge, b.ko.Spec.CORS.MaxAge) { 92 | delta.Add("Spec.CORS.MaxAge", a.ko.Spec.CORS.MaxAge, b.ko.Spec.CORS.MaxAge) 93 | } else if a.ko.Spec.CORS.MaxAge != nil && b.ko.Spec.CORS.MaxAge != nil { 94 | if *a.ko.Spec.CORS.MaxAge != *b.ko.Spec.CORS.MaxAge { 95 | delta.Add("Spec.CORS.MaxAge", a.ko.Spec.CORS.MaxAge, b.ko.Spec.CORS.MaxAge) 96 | } 97 | } 98 | } 99 | if ackcompare.HasNilDifference(a.ko.Spec.FunctionName, b.ko.Spec.FunctionName) { 100 | delta.Add("Spec.FunctionName", a.ko.Spec.FunctionName, b.ko.Spec.FunctionName) 101 | } else if a.ko.Spec.FunctionName != nil && b.ko.Spec.FunctionName != nil { 102 | if *a.ko.Spec.FunctionName != *b.ko.Spec.FunctionName { 103 | delta.Add("Spec.FunctionName", a.ko.Spec.FunctionName, b.ko.Spec.FunctionName) 104 | } 105 | } 106 | if !reflect.DeepEqual(a.ko.Spec.FunctionRef, b.ko.Spec.FunctionRef) { 107 | delta.Add("Spec.FunctionRef", a.ko.Spec.FunctionRef, b.ko.Spec.FunctionRef) 108 | } 109 | if ackcompare.HasNilDifference(a.ko.Spec.Qualifier, b.ko.Spec.Qualifier) { 110 | delta.Add("Spec.Qualifier", a.ko.Spec.Qualifier, b.ko.Spec.Qualifier) 111 | } else if a.ko.Spec.Qualifier != nil && b.ko.Spec.Qualifier != nil { 112 | if *a.ko.Spec.Qualifier != *b.ko.Spec.Qualifier { 113 | delta.Add("Spec.Qualifier", a.ko.Spec.Qualifier, b.ko.Spec.Qualifier) 114 | } 115 | } 116 | 117 | return delta 118 | } 119 | -------------------------------------------------------------------------------- /pkg/resource/function_url_config/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function_url_config 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/function_url_config/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function_url_config 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/function_url_config/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package function_url_config 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | "github.com/aws/aws-sdk-go-v2/aws" 25 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 27 | 28 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 29 | ) 30 | 31 | // Hack to avoid import errors during build... 32 | var ( 33 | _ = &ackerrors.MissingNameIdentifier 34 | ) 35 | 36 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 37 | // interface 38 | type resource struct { 39 | // The Kubernetes-native CR representing the resource 40 | ko *svcapitypes.FunctionURLConfig 41 | } 42 | 43 | // Identifiers returns an AWSResourceIdentifiers object containing various 44 | // identifying information, including the AWS account ID that owns the 45 | // resource, the resource's AWS Resource Name (ARN) 46 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 47 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 48 | } 49 | 50 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 51 | // deletion timestamp 52 | func (r *resource) IsBeingDeleted() bool { 53 | return !r.ko.DeletionTimestamp.IsZero() 54 | } 55 | 56 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 57 | // the AWSResource 58 | func (r *resource) RuntimeObject() rtclient.Object { 59 | return r.ko 60 | } 61 | 62 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 63 | // representation of the AWSResource 64 | func (r *resource) MetaObject() metav1.Object { 65 | return r.ko.GetObjectMeta() 66 | } 67 | 68 | // Conditions returns the ACK Conditions collection for the AWSResource 69 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 70 | return r.ko.Status.Conditions 71 | } 72 | 73 | // ReplaceConditions sets the Conditions status field for the resource 74 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 75 | r.ko.Status.Conditions = conditions 76 | } 77 | 78 | // SetObjectMeta sets the ObjectMeta field for the resource 79 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 80 | r.ko.ObjectMeta = meta 81 | } 82 | 83 | // SetStatus will set the Status field for the resource 84 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 85 | r.ko.Status = desired.(*resource).ko.Status 86 | } 87 | 88 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 89 | // resource identifier 90 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 91 | if identifier.NameOrID == "" { 92 | return ackerrors.MissingNameIdentifier 93 | } 94 | r.ko.Spec.FunctionName = &identifier.NameOrID 95 | 96 | f1, f1ok := identifier.AdditionalKeys["qualifier"] 97 | if f1ok { 98 | r.ko.Spec.Qualifier = aws.String(f1) 99 | } 100 | 101 | return nil 102 | } 103 | 104 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 105 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 106 | tmp, ok := fields["functionName"] 107 | if !ok { 108 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: functionName")) 109 | } 110 | r.ko.Spec.FunctionName = &tmp 111 | 112 | f1, f1ok := fields["qualifier"] 113 | if f1ok { 114 | r.ko.Spec.Qualifier = aws.String(f1) 115 | } 116 | 117 | return nil 118 | } 119 | 120 | // DeepCopy will return a copy of the resource 121 | func (r *resource) DeepCopy() acktypes.AWSResource { 122 | koCopy := r.ko.DeepCopy() 123 | return &resource{koCopy} 124 | } 125 | -------------------------------------------------------------------------------- /pkg/resource/layer_version/delta.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package layer_version 17 | 18 | import ( 19 | "bytes" 20 | "reflect" 21 | 22 | ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare" 23 | acktags "github.com/aws-controllers-k8s/runtime/pkg/tags" 24 | ) 25 | 26 | // Hack to avoid import errors during build... 27 | var ( 28 | _ = &bytes.Buffer{} 29 | _ = &reflect.Method{} 30 | _ = &acktags.Tags{} 31 | ) 32 | 33 | // newResourceDelta returns a new `ackcompare.Delta` used to compare two 34 | // resources 35 | func newResourceDelta( 36 | a *resource, 37 | b *resource, 38 | ) *ackcompare.Delta { 39 | delta := ackcompare.NewDelta() 40 | if (a == nil && b != nil) || 41 | (a != nil && b == nil) { 42 | delta.Add("", a, b) 43 | return delta 44 | } 45 | 46 | if len(a.ko.Spec.CompatibleArchitectures) != len(b.ko.Spec.CompatibleArchitectures) { 47 | delta.Add("Spec.CompatibleArchitectures", a.ko.Spec.CompatibleArchitectures, b.ko.Spec.CompatibleArchitectures) 48 | } else if len(a.ko.Spec.CompatibleArchitectures) > 0 { 49 | if !ackcompare.SliceStringPEqual(a.ko.Spec.CompatibleArchitectures, b.ko.Spec.CompatibleArchitectures) { 50 | delta.Add("Spec.CompatibleArchitectures", a.ko.Spec.CompatibleArchitectures, b.ko.Spec.CompatibleArchitectures) 51 | } 52 | } 53 | if len(a.ko.Spec.CompatibleRuntimes) != len(b.ko.Spec.CompatibleRuntimes) { 54 | delta.Add("Spec.CompatibleRuntimes", a.ko.Spec.CompatibleRuntimes, b.ko.Spec.CompatibleRuntimes) 55 | } else if len(a.ko.Spec.CompatibleRuntimes) > 0 { 56 | if !ackcompare.SliceStringPEqual(a.ko.Spec.CompatibleRuntimes, b.ko.Spec.CompatibleRuntimes) { 57 | delta.Add("Spec.CompatibleRuntimes", a.ko.Spec.CompatibleRuntimes, b.ko.Spec.CompatibleRuntimes) 58 | } 59 | } 60 | if ackcompare.HasNilDifference(a.ko.Spec.Description, b.ko.Spec.Description) { 61 | delta.Add("Spec.Description", a.ko.Spec.Description, b.ko.Spec.Description) 62 | } else if a.ko.Spec.Description != nil && b.ko.Spec.Description != nil { 63 | if *a.ko.Spec.Description != *b.ko.Spec.Description { 64 | delta.Add("Spec.Description", a.ko.Spec.Description, b.ko.Spec.Description) 65 | } 66 | } 67 | if ackcompare.HasNilDifference(a.ko.Spec.LayerName, b.ko.Spec.LayerName) { 68 | delta.Add("Spec.LayerName", a.ko.Spec.LayerName, b.ko.Spec.LayerName) 69 | } else if a.ko.Spec.LayerName != nil && b.ko.Spec.LayerName != nil { 70 | if *a.ko.Spec.LayerName != *b.ko.Spec.LayerName { 71 | delta.Add("Spec.LayerName", a.ko.Spec.LayerName, b.ko.Spec.LayerName) 72 | } 73 | } 74 | if ackcompare.HasNilDifference(a.ko.Spec.LicenseInfo, b.ko.Spec.LicenseInfo) { 75 | delta.Add("Spec.LicenseInfo", a.ko.Spec.LicenseInfo, b.ko.Spec.LicenseInfo) 76 | } else if a.ko.Spec.LicenseInfo != nil && b.ko.Spec.LicenseInfo != nil { 77 | if *a.ko.Spec.LicenseInfo != *b.ko.Spec.LicenseInfo { 78 | delta.Add("Spec.LicenseInfo", a.ko.Spec.LicenseInfo, b.ko.Spec.LicenseInfo) 79 | } 80 | } 81 | 82 | return delta 83 | } 84 | -------------------------------------------------------------------------------- /pkg/resource/layer_version/hooks.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | package layer_version 15 | 16 | import ( 17 | "context" 18 | "fmt" 19 | "sort" 20 | 21 | ackrtlog "github.com/aws-controllers-k8s/runtime/pkg/runtime/log" 22 | svcsdk "github.com/aws/aws-sdk-go-v2/service/lambda" 23 | ) 24 | 25 | // customPreDelete deletes all the previous versions of a 26 | // LayerVersion except the latest version 27 | // This function is used as a sdk_delete hook, to delete all the previous versions of a LayerVersion when delete API call is made 28 | func customPreDelete( 29 | r *resource, 30 | rm *resourceManager, 31 | ctx context.Context, 32 | ) error { 33 | // Getting the list of all the versions of a LayerVersion 34 | input := &svcsdk.ListLayerVersionsInput{ 35 | LayerName: r.ko.Spec.LayerName, 36 | } 37 | response, err := rm.sdkapi.ListLayerVersions(ctx, input) 38 | if err != nil { 39 | return err 40 | } 41 | 42 | log := ackrtlog.FromContext(ctx) 43 | log.Debug("Deleting previous versions of LayerVersion") 44 | 45 | // The above API call returns output containing list of versions as LayerVersions and a pagination token as NextMarker 46 | 47 | // Extracting the list of versions and assigning it to a new variable 48 | versionList := response.LayerVersions 49 | 50 | // sorting the list in ascending order 51 | sort.Slice(versionList, func(i, j int) bool { 52 | return versionList[i].Version < versionList[j].Version 53 | }) 54 | 55 | for i := 0; i < len(versionList)-1; i++ { 56 | input := &svcsdk.DeleteLayerVersionInput{ 57 | LayerName: r.ko.Spec.LayerName, 58 | VersionNumber: &versionList[i].Version, 59 | } 60 | // Delete API call to delete the versions one by one 61 | logMessage := fmt.Sprintf("Deleting version %v of %v", *input.VersionNumber, *input.LayerName) 62 | log.Debug(logMessage) 63 | 64 | _, err = rm.sdkapi.DeleteLayerVersion(ctx, input) 65 | rm.metrics.RecordAPICall("DELETE", "DeleteLayerVersion", err) 66 | if err != nil { 67 | return err 68 | } 69 | } 70 | 71 | return nil 72 | } 73 | -------------------------------------------------------------------------------- /pkg/resource/layer_version/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package layer_version 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/layer_version/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package layer_version 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/layer_version/references.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package layer_version 17 | 18 | import ( 19 | "context" 20 | 21 | "sigs.k8s.io/controller-runtime/pkg/client" 22 | 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | 25 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 26 | ) 27 | 28 | // ClearResolvedReferences removes any reference values that were made 29 | // concrete in the spec. It returns a copy of the input AWSResource which 30 | // contains the original *Ref values, but none of their respective concrete 31 | // values. 32 | func (rm *resourceManager) ClearResolvedReferences(res acktypes.AWSResource) acktypes.AWSResource { 33 | ko := rm.concreteResource(res).ko.DeepCopy() 34 | 35 | return &resource{ko} 36 | } 37 | 38 | // ResolveReferences finds if there are any Reference field(s) present 39 | // inside AWSResource passed in the parameter and attempts to resolve those 40 | // reference field(s) into their respective target field(s). It returns a 41 | // copy of the input AWSResource with resolved reference(s), a boolean which 42 | // is set to true if the resource contains any references (regardless of if 43 | // they are resolved successfully) and an error if the passed AWSResource's 44 | // reference field(s) could not be resolved. 45 | func (rm *resourceManager) ResolveReferences( 46 | ctx context.Context, 47 | apiReader client.Reader, 48 | res acktypes.AWSResource, 49 | ) (acktypes.AWSResource, bool, error) { 50 | return res, false, nil 51 | } 52 | 53 | // validateReferenceFields validates the reference field and corresponding 54 | // identifier field. 55 | func validateReferenceFields(ko *svcapitypes.LayerVersion) error { 56 | return nil 57 | } 58 | -------------------------------------------------------------------------------- /pkg/resource/layer_version/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package layer_version 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 26 | 27 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 28 | ) 29 | 30 | // Hack to avoid import errors during build... 31 | var ( 32 | _ = &ackerrors.MissingNameIdentifier 33 | ) 34 | 35 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 36 | // interface 37 | type resource struct { 38 | // The Kubernetes-native CR representing the resource 39 | ko *svcapitypes.LayerVersion 40 | } 41 | 42 | // Identifiers returns an AWSResourceIdentifiers object containing various 43 | // identifying information, including the AWS account ID that owns the 44 | // resource, the resource's AWS Resource Name (ARN) 45 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 46 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 47 | } 48 | 49 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 50 | // deletion timestamp 51 | func (r *resource) IsBeingDeleted() bool { 52 | return !r.ko.DeletionTimestamp.IsZero() 53 | } 54 | 55 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 56 | // the AWSResource 57 | func (r *resource) RuntimeObject() rtclient.Object { 58 | return r.ko 59 | } 60 | 61 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 62 | // representation of the AWSResource 63 | func (r *resource) MetaObject() metav1.Object { 64 | return r.ko.GetObjectMeta() 65 | } 66 | 67 | // Conditions returns the ACK Conditions collection for the AWSResource 68 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 69 | return r.ko.Status.Conditions 70 | } 71 | 72 | // ReplaceConditions sets the Conditions status field for the resource 73 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 74 | r.ko.Status.Conditions = conditions 75 | } 76 | 77 | // SetObjectMeta sets the ObjectMeta field for the resource 78 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 79 | r.ko.ObjectMeta = meta 80 | } 81 | 82 | // SetStatus will set the Status field for the resource 83 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 84 | r.ko.Status = desired.(*resource).ko.Status 85 | } 86 | 87 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 88 | // resource identifier 89 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 90 | if identifier.NameOrID == "" { 91 | return ackerrors.MissingNameIdentifier 92 | } 93 | r.ko.Spec.LayerName = &identifier.NameOrID 94 | 95 | return nil 96 | } 97 | 98 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 99 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 100 | tmp, ok := fields["layerName"] 101 | if !ok { 102 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: layerName")) 103 | } 104 | r.ko.Spec.LayerName = &tmp 105 | 106 | return nil 107 | } 108 | 109 | // DeepCopy will return a copy of the resource 110 | func (r *resource) DeepCopy() acktypes.AWSResource { 111 | koCopy := r.ko.DeepCopy() 112 | return &resource{koCopy} 113 | } 114 | -------------------------------------------------------------------------------- /pkg/resource/registry.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package resource 17 | 18 | import ( 19 | ackrt "github.com/aws-controllers-k8s/runtime/pkg/runtime" 20 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 21 | ) 22 | 23 | // +kubebuilder:rbac:groups=services.k8s.aws,resources=adoptedresources,verbs=get;list;watch;create;update;patch;delete 24 | // +kubebuilder:rbac:groups=services.k8s.aws,resources=adoptedresources/status,verbs=get;update;patch 25 | // +kubebuilder:rbac:groups=services.k8s.aws,resources=fieldexports,verbs=get;list;watch;create;update;patch;delete 26 | // +kubebuilder:rbac:groups=services.k8s.aws,resources=fieldexports/status,verbs=get;update;patch 27 | // +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch 28 | // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;patch 29 | // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;patch 30 | 31 | var ( 32 | reg = ackrt.NewRegistry() 33 | ) 34 | 35 | // GetManagerFactories returns a slice of resource manager factories that are 36 | // registered with this package 37 | func GetManagerFactories() []acktypes.AWSResourceManagerFactory { 38 | return reg.GetResourceManagerFactories() 39 | } 40 | 41 | // RegisterManagerFactory registers a resource manager factory with the 42 | // package's registry 43 | func RegisterManagerFactory(f acktypes.AWSResourceManagerFactory) { 44 | reg.RegisterResourceManagerFactory(f) 45 | } 46 | -------------------------------------------------------------------------------- /pkg/resource/version/identifiers.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package version 17 | 18 | import ( 19 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 20 | ) 21 | 22 | // resourceIdentifiers implements the 23 | // `aws-service-operator-k8s/pkg/types.AWSResourceIdentifiers` interface 24 | type resourceIdentifiers struct { 25 | meta *ackv1alpha1.ResourceMetadata 26 | } 27 | 28 | // ARN returns the AWS Resource Name for the backend AWS resource. If nil, 29 | // this means the resource has not yet been created in the backend AWS 30 | // service. 31 | func (ri *resourceIdentifiers) ARN() *ackv1alpha1.AWSResourceName { 32 | if ri.meta != nil { 33 | return ri.meta.ARN 34 | } 35 | return nil 36 | } 37 | 38 | // OwnerAccountID returns the AWS account identifier in which the 39 | // backend AWS resource resides, or nil if this information is not known 40 | // for the resource 41 | func (ri *resourceIdentifiers) OwnerAccountID() *ackv1alpha1.AWSAccountID { 42 | if ri.meta != nil { 43 | return ri.meta.OwnerAccountID 44 | } 45 | return nil 46 | } 47 | 48 | // Region returns the AWS region in which the resource exists, or 49 | // nil if this information is not known. 50 | func (ri *resourceIdentifiers) Region() *ackv1alpha1.AWSRegion { 51 | if ri.meta != nil { 52 | return ri.meta.Region 53 | } 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /pkg/resource/version/manager_factory.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package version 17 | 18 | import ( 19 | "fmt" 20 | "sync" 21 | 22 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 23 | ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" 24 | ackmetrics "github.com/aws-controllers-k8s/runtime/pkg/metrics" 25 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 26 | "github.com/aws/aws-sdk-go-v2/aws" 27 | "github.com/go-logr/logr" 28 | 29 | svcresource "github.com/aws-controllers-k8s/lambda-controller/pkg/resource" 30 | ) 31 | 32 | // resourceManagerFactory produces resourceManager objects. It implements the 33 | // `types.AWSResourceManagerFactory` interface. 34 | type resourceManagerFactory struct { 35 | sync.RWMutex 36 | // rmCache contains resource managers for a particular AWS account ID 37 | rmCache map[string]*resourceManager 38 | } 39 | 40 | // ResourcePrototype returns an AWSResource that resource managers produced by 41 | // this factory will handle 42 | func (f *resourceManagerFactory) ResourceDescriptor() acktypes.AWSResourceDescriptor { 43 | return &resourceDescriptor{} 44 | } 45 | 46 | // ManagerFor returns a resource manager object that can manage resources for a 47 | // supplied AWS account 48 | func (f *resourceManagerFactory) ManagerFor( 49 | cfg ackcfg.Config, 50 | clientcfg aws.Config, 51 | log logr.Logger, 52 | metrics *ackmetrics.Metrics, 53 | rr acktypes.Reconciler, 54 | id ackv1alpha1.AWSAccountID, 55 | region ackv1alpha1.AWSRegion, 56 | roleARN ackv1alpha1.AWSResourceName, 57 | ) (acktypes.AWSResourceManager, error) { 58 | // We use the account ID, region, and role ARN to uniquely identify a 59 | // resource manager. This helps us to avoid creating multiple resource 60 | // managers for the same account/region/roleARN combination. 61 | rmId := fmt.Sprintf("%s/%s/%s", id, region, roleARN) 62 | f.RLock() 63 | rm, found := f.rmCache[rmId] 64 | f.RUnlock() 65 | 66 | if found { 67 | return rm, nil 68 | } 69 | 70 | f.Lock() 71 | defer f.Unlock() 72 | 73 | rm, err := newResourceManager(cfg, clientcfg, log, metrics, rr, id, region) 74 | if err != nil { 75 | return nil, err 76 | } 77 | f.rmCache[rmId] = rm 78 | return rm, nil 79 | } 80 | 81 | // IsAdoptable returns true if the resource is able to be adopted 82 | func (f *resourceManagerFactory) IsAdoptable() bool { 83 | return true 84 | } 85 | 86 | // RequeueOnSuccessSeconds returns true if the resource should be requeued after specified seconds 87 | // Default is false which means resource will not be requeued after success. 88 | func (f *resourceManagerFactory) RequeueOnSuccessSeconds() int { 89 | return 0 90 | } 91 | 92 | func newResourceManagerFactory() *resourceManagerFactory { 93 | return &resourceManagerFactory{ 94 | rmCache: map[string]*resourceManager{}, 95 | } 96 | } 97 | 98 | func init() { 99 | svcresource.RegisterManagerFactory(newResourceManagerFactory()) 100 | } 101 | -------------------------------------------------------------------------------- /pkg/resource/version/resource.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package version 17 | 18 | import ( 19 | "fmt" 20 | 21 | ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" 22 | ackerrors "github.com/aws-controllers-k8s/runtime/pkg/errors" 23 | acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" 24 | "github.com/aws/aws-sdk-go-v2/aws" 25 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | rtclient "sigs.k8s.io/controller-runtime/pkg/client" 27 | 28 | svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1" 29 | ) 30 | 31 | // Hack to avoid import errors during build... 32 | var ( 33 | _ = &ackerrors.MissingNameIdentifier 34 | ) 35 | 36 | // resource implements the `aws-controller-k8s/runtime/pkg/types.AWSResource` 37 | // interface 38 | type resource struct { 39 | // The Kubernetes-native CR representing the resource 40 | ko *svcapitypes.Version 41 | } 42 | 43 | // Identifiers returns an AWSResourceIdentifiers object containing various 44 | // identifying information, including the AWS account ID that owns the 45 | // resource, the resource's AWS Resource Name (ARN) 46 | func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { 47 | return &resourceIdentifiers{r.ko.Status.ACKResourceMetadata} 48 | } 49 | 50 | // IsBeingDeleted returns true if the Kubernetes resource has a non-zero 51 | // deletion timestamp 52 | func (r *resource) IsBeingDeleted() bool { 53 | return !r.ko.DeletionTimestamp.IsZero() 54 | } 55 | 56 | // RuntimeObject returns the Kubernetes apimachinery/runtime representation of 57 | // the AWSResource 58 | func (r *resource) RuntimeObject() rtclient.Object { 59 | return r.ko 60 | } 61 | 62 | // MetaObject returns the Kubernetes apimachinery/apis/meta/v1.Object 63 | // representation of the AWSResource 64 | func (r *resource) MetaObject() metav1.Object { 65 | return r.ko.GetObjectMeta() 66 | } 67 | 68 | // Conditions returns the ACK Conditions collection for the AWSResource 69 | func (r *resource) Conditions() []*ackv1alpha1.Condition { 70 | return r.ko.Status.Conditions 71 | } 72 | 73 | // ReplaceConditions sets the Conditions status field for the resource 74 | func (r *resource) ReplaceConditions(conditions []*ackv1alpha1.Condition) { 75 | r.ko.Status.Conditions = conditions 76 | } 77 | 78 | // SetObjectMeta sets the ObjectMeta field for the resource 79 | func (r *resource) SetObjectMeta(meta metav1.ObjectMeta) { 80 | r.ko.ObjectMeta = meta 81 | } 82 | 83 | // SetStatus will set the Status field for the resource 84 | func (r *resource) SetStatus(desired acktypes.AWSResource) { 85 | r.ko.Status = desired.(*resource).ko.Status 86 | } 87 | 88 | // SetIdentifiers sets the Spec or Status field that is referenced as the unique 89 | // resource identifier 90 | func (r *resource) SetIdentifiers(identifier *ackv1alpha1.AWSIdentifiers) error { 91 | if identifier.NameOrID == "" { 92 | return ackerrors.MissingNameIdentifier 93 | } 94 | r.ko.Spec.FunctionName = &identifier.NameOrID 95 | 96 | f1, f1ok := identifier.AdditionalKeys["version"] 97 | if f1ok { 98 | r.ko.Status.Version = aws.String(f1) 99 | } 100 | 101 | return nil 102 | } 103 | 104 | // PopulateResourceFromAnnotation populates the fields passed from adoption annotation 105 | func (r *resource) PopulateResourceFromAnnotation(fields map[string]string) error { 106 | tmp, ok := fields["functionName"] 107 | if !ok { 108 | return ackerrors.NewTerminalError(fmt.Errorf("required field missing: functionName")) 109 | } 110 | r.ko.Spec.FunctionName = &tmp 111 | 112 | f1, f1ok := fields["version"] 113 | if f1ok { 114 | r.ko.Status.Version = aws.String(f1) 115 | } 116 | 117 | return nil 118 | } 119 | 120 | // DeepCopy will return a copy of the resource 121 | func (r *resource) DeepCopy() acktypes.AWSResource { 122 | koCopy := r.ko.DeepCopy() 123 | return &resource{koCopy} 124 | } 125 | -------------------------------------------------------------------------------- /pkg/version/version.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | // Code generated by ack-generate. DO NOT EDIT. 15 | 16 | package version 17 | 18 | var ( 19 | GitVersion string 20 | GitCommit string 21 | BuildDate string 22 | ) 23 | -------------------------------------------------------------------------------- /templates/hooks/alias/sdk_create_post_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | if ko.Spec.FunctionEventInvokeConfig != nil { 2 | _, err = rm.syncEventInvokeConfig(ctx,desired) 3 | if err != nil{ 4 | return nil, err 5 | } 6 | } 7 | 8 | if ko.Spec.ProvisionedConcurrencyConfig != nil { 9 | err = rm.updateProvisionedConcurrency(ctx,desired) 10 | if err != nil{ 11 | return nil, err 12 | } 13 | } 14 | 15 | if len(ko.Spec.Permissions) > 0 { 16 | aliasCopy := ko.DeepCopy() 17 | aliasCopy.Spec.Permissions = nil 18 | err = rm.syncPermissions(ctx, desired, &resource{aliasCopy}) 19 | if err != nil { 20 | return nil, err 21 | } 22 | } -------------------------------------------------------------------------------- /templates/hooks/alias/sdk_read_one_post_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | if err := rm.setResourceAdditionalFields(ctx, ko); err != nil { 2 | return nil, err 3 | } -------------------------------------------------------------------------------- /templates/hooks/alias/sdk_update_pre_build_request.go.tpl: -------------------------------------------------------------------------------- 1 | if delta.DifferentAt("Spec.FunctionEventInvokeConfig"){ 2 | _, err = rm.syncEventInvokeConfig(ctx,desired) 3 | if err != nil { 4 | return nil, err 5 | } 6 | } 7 | if delta.DifferentAt("Spec.ProvisionedConcurrencyConfig"){ 8 | err = rm.updateProvisionedConcurrency(ctx, desired) 9 | if err != nil { 10 | return nil, err 11 | } 12 | } 13 | if delta.DifferentAt("Spec.Permissions") { 14 | err = rm.syncPermissions(ctx, desired, latest) 15 | if err != nil { 16 | return nil, err 17 | } 18 | } 19 | if !delta.DifferentExcept("Spec.ProvisionedConcurrencyConfig", "Spec.FunctionEventInvokeConfig", "Spec.Permissions") { 20 | return desired, nil 21 | } -------------------------------------------------------------------------------- /templates/hooks/eventsourcemapping/sdk_update_post_build_request.go.tpl: -------------------------------------------------------------------------------- 1 | 2 | // We need to carefully craft the update request if a user 3 | // wants to delete their filterCriterias. Mainly because the 4 | // aws-sdk-go doesn't try to update nil fields. 5 | if filterCriteriasDeleted(latest, desired, delta) { 6 | input.FilterCriteria = &svcsdktypes.FilterCriteria{ 7 | Filters: []svcsdktypes.Filter{}, 8 | } 9 | } -------------------------------------------------------------------------------- /templates/hooks/function/sdk_create_post_build_request.go.tpl: -------------------------------------------------------------------------------- 1 | if desired.ko.Spec.CodeSigningConfigARN != nil && *desired.ko.Spec.CodeSigningConfigARN == "" { 2 | input.CodeSigningConfigArn = nil 3 | } -------------------------------------------------------------------------------- /templates/hooks/function/sdk_create_post_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | if desired.ko.Spec.VPCConfig != nil { 2 | if ko.Spec.VPCConfig == nil { 3 | ko.Spec.VPCConfig = &svcapitypes.VPCConfig{} 4 | } 5 | ko.Spec.VPCConfig.SecurityGroupRefs = desired.ko.Spec.VPCConfig.SecurityGroupRefs 6 | ko.Spec.VPCConfig.SubnetRefs = desired.ko.Spec.VPCConfig.SubnetRefs 7 | } 8 | 9 | if resp.Layers != nil { 10 | f16 := []*svcapitypes.Layer{} 11 | for _, f16iter := range resp.Layers { 12 | f16elem := &svcapitypes.Layer{} 13 | if f16iter.Arn != nil { 14 | f16elem.ARN = f16iter.Arn 15 | } 16 | if f16iter.CodeSize != 0 { 17 | f16elem.CodeSize = aws.Int64(f16iter.CodeSize) 18 | } 19 | if f16iter.SigningJobArn != nil { 20 | f16elem.SigningJobARN = f16iter.SigningJobArn 21 | } 22 | if f16iter.SigningProfileVersionArn != nil { 23 | f16elem.SigningProfileVersionARN = f16iter.SigningProfileVersionArn 24 | } 25 | f16 = append(f16, f16elem) 26 | } 27 | ko.Status.LayerStatuses = f16 28 | } else { 29 | ko.Status.LayerStatuses = nil 30 | } -------------------------------------------------------------------------------- /templates/hooks/function/sdk_read_one_post_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | if r.ko.Spec.VPCConfig != nil { 2 | if ko.Spec.VPCConfig == nil { 3 | ko.Spec.VPCConfig = &svcapitypes.VPCConfig{} 4 | } 5 | ko.Spec.VPCConfig.SecurityGroupRefs = r.ko.Spec.VPCConfig.SecurityGroupRefs 6 | ko.Spec.VPCConfig.SubnetRefs = r.ko.Spec.VPCConfig.SubnetRefs 7 | } 8 | if resp.Code != nil { 9 | if ko.Spec.Code == nil { 10 | ko.Spec.Code = &svcapitypes.FunctionCode{} 11 | } 12 | if resp.Code.ImageUri != nil { 13 | ko.Spec.Code.ImageURI = resp.Code.ImageUri 14 | } 15 | } 16 | if r.ko.Spec.Code != nil && r.ko.Spec.Code.S3BucketRef != nil { 17 | ko.Spec.Code.S3BucketRef = r.ko.Spec.Code.S3BucketRef 18 | } 19 | if resp.Configuration.Layers != nil { 20 | f16 := []*svcapitypes.Layer{} 21 | layer := []*string{} 22 | for _, f16iter := range resp.Configuration.Layers { 23 | f16elem := &svcapitypes.Layer{} 24 | if f16iter.Arn != nil { 25 | f16elem.ARN = f16iter.Arn 26 | } 27 | if f16iter.CodeSize != 0 { 28 | f16elem.CodeSize = aws.Int64(f16iter.CodeSize) 29 | } 30 | if f16iter.SigningJobArn != nil { 31 | f16elem.SigningJobARN = f16iter.SigningJobArn 32 | } 33 | if f16iter.SigningProfileVersionArn != nil { 34 | f16elem.SigningProfileVersionARN = f16iter.SigningProfileVersionArn 35 | } 36 | f16 = append(f16, f16elem) 37 | layer = append(layer, f16iter.Arn) 38 | } 39 | ko.Spec.Layers = layer 40 | ko.Status.LayerStatuses = f16 41 | } else { 42 | ko.Status.LayerStatuses = nil 43 | } 44 | if resp.Tags != nil { 45 | expectedOutput := map[string]*string{} 46 | for expectedOutputKey, expectedOutputIter := range resp.Tags { 47 | var expectedOutputVal string 48 | expectedOutputVal = expectedOutputIter 49 | expectedOutput[expectedOutputKey] = &expectedOutputVal 50 | } 51 | ko.Spec.Tags = expectedOutput 52 | } 53 | if err := rm.setResourceAdditionalFields(ctx, ko); err != nil { 54 | return nil, err 55 | } -------------------------------------------------------------------------------- /templates/hooks/layer_version/sdk_delete_pre_build_request.go.tpl: -------------------------------------------------------------------------------- 1 | if err = customPreDelete(r,rm,ctx); err != nil{ 2 | return nil, err 3 | } -------------------------------------------------------------------------------- /templates/hooks/version/sdk_create_post_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | if ko.Spec.FunctionEventInvokeConfig != nil { 2 | err = rm.syncEventInvokeConfig(ctx,desired) 3 | if err != nil{ 4 | return nil, err 5 | } 6 | } 7 | if ko.Spec.ProvisionedConcurrencyConfig != nil { 8 | err = rm.updateProvisionedConcurrency(ctx,desired) 9 | if err != nil{ 10 | return nil, err 11 | } 12 | } -------------------------------------------------------------------------------- /templates/hooks/version/sdk_create_pre_build_request.go.tpl: -------------------------------------------------------------------------------- 1 | var marker *string = nil 2 | var versionList []svcsdktypes.FunctionConfiguration 3 | for { 4 | listVersionsInput := &svcsdk.ListVersionsByFunctionInput{ 5 | FunctionName: desired.ko.Spec.FunctionName, 6 | Marker: marker, 7 | } 8 | listVersionResponse, err := rm.sdkapi.ListVersionsByFunction(ctx, listVersionsInput) 9 | if err != nil { 10 | return nil, err 11 | } 12 | versionList = append(versionList, listVersionResponse.Versions...) 13 | 14 | if listVersionResponse.NextMarker == nil { 15 | break 16 | } 17 | marker = listVersionResponse.NextMarker 18 | } -------------------------------------------------------------------------------- /templates/hooks/version/sdk_create_pre_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | for _, version := range versionList{ 2 | if *version.Version == *resp.Version{ 3 | ErrCannotCreateResource := errors.New("No changes were made to $LATEST since publishing last version, so no version was published.") 4 | return nil, ackerr.NewTerminalError(ErrCannotCreateResource) 5 | } 6 | } -------------------------------------------------------------------------------- /templates/hooks/version/sdk_read_one_post_set_output.go.tpl: -------------------------------------------------------------------------------- 1 | if err := rm.setResourceAdditionalFields(ctx, ko); err != nil { 2 | return nil, err 3 | } -------------------------------------------------------------------------------- /templates/hooks/version/sdk_read_one_pre_build_request.go.tpl: -------------------------------------------------------------------------------- 1 | if r.ko.Status.Version == nil { 2 | return nil, ackerr.NotFound 3 | } -------------------------------------------------------------------------------- /test/e2e/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/ 2 | *.py[cod] 3 | **/bootstrap.yaml -------------------------------------------------------------------------------- /test/e2e/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | import pytest 15 | from typing import Dict, Any 16 | from pathlib import Path 17 | 18 | from acktest.resources import load_resource_file 19 | 20 | SERVICE_NAME = "lambda" 21 | CRD_GROUP = "lambda.services.k8s.aws" 22 | CRD_VERSION = "v1alpha1" 23 | 24 | # PyTest marker for the current service 25 | service_marker = pytest.mark.service(arg=SERVICE_NAME) 26 | 27 | bootstrap_directory = Path(__file__).parent 28 | resource_directory = Path(__file__).parent / "resources" 29 | 30 | def load_lambda_resource(resource_name: str, additional_replacements: Dict[str, Any] = {}): 31 | """ Overrides the default `load_resource_file` to access the specific resources 32 | directory for the current service. 33 | """ 34 | return load_resource_file(resource_directory, resource_name, additional_replacements=additional_replacements) -------------------------------------------------------------------------------- /test/e2e/bootstrap_resources.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | """Declares the structure of the bootstrapped resources and provides a loader 15 | for them. 16 | """ 17 | 18 | from dataclasses import dataclass 19 | 20 | from acktest.bootstrapping import Resources 21 | from acktest.bootstrapping.s3 import Bucket 22 | from acktest.bootstrapping.dynamodb import Table 23 | from acktest.bootstrapping.signer import SigningProfile 24 | from acktest.bootstrapping.sqs import Queue 25 | from acktest.bootstrapping.iam import Role 26 | 27 | from e2e import bootstrap_directory 28 | 29 | @dataclass 30 | class BootstrapResources(Resources): 31 | FunctionsBucket: Bucket 32 | SigningProfile: SigningProfile 33 | BasicRole: Role 34 | ESMRole: Role 35 | ESMTable: Table 36 | ESMQueue: Queue 37 | EICRole: Role 38 | EICQueueOnSuccess: Queue 39 | EICQueueOnFailure: Queue 40 | 41 | _bootstrap_resources = None 42 | 43 | def get_bootstrap_resources(bootstrap_file_name: str = "bootstrap.pkl") -> BootstrapResources: 44 | global _bootstrap_resources 45 | if _bootstrap_resources is None: 46 | _bootstrap_resources = BootstrapResources.deserialize(bootstrap_directory, bootstrap_file_name=bootstrap_file_name) 47 | return _bootstrap_resources 48 | -------------------------------------------------------------------------------- /test/e2e/conftest.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | import pytest 15 | import boto3 16 | 17 | from acktest.aws.identity import get_region 18 | from acktest import k8s 19 | 20 | 21 | def pytest_addoption(parser): 22 | parser.addoption("--runslow", action="store_true", default=False, help="run slow tests") 23 | 24 | 25 | def pytest_configure(config): 26 | config.addinivalue_line( 27 | "markers", "canary: mark test to also run in canary tests" 28 | ) 29 | config.addinivalue_line( 30 | "markers", "service(arg): mark test associated with a given service" 31 | ) 32 | config.addinivalue_line( 33 | "markers", "slow: mark test as slow to run" 34 | ) 35 | 36 | def pytest_collection_modifyitems(config, items): 37 | if config.getoption("--runslow"): 38 | return 39 | skip_slow = pytest.mark.skip(reason="need --runslow option to run") 40 | for item in items: 41 | if "slow" in item.keywords: 42 | item.add_marker(skip_slow) 43 | 44 | # Provide a k8s client to interact with the integration test cluster 45 | @pytest.fixture(scope='class') 46 | def k8s_client(): 47 | return k8s._get_k8s_api_client() 48 | 49 | @pytest.fixture(scope='module') 50 | def lambda_client(): 51 | return boto3.client('lambda', region_name=get_region()) -------------------------------------------------------------------------------- /test/e2e/replacement_values.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | """Stores the values used by each of the integration tests for replacing the 15 | Lambda-specific test variables. 16 | """ 17 | 18 | REPLACEMENT_VALUES = { 19 | 20 | } 21 | -------------------------------------------------------------------------------- /test/e2e/requirements.txt: -------------------------------------------------------------------------------- 1 | acktest @ git+https://github.com/aws-controllers-k8s/test-infra.git@38ce32256cc2552ab54e190cc8a8618e93af9e0c 2 | -------------------------------------------------------------------------------- /test/e2e/resources/alias-ref.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Alias 3 | metadata: 4 | name: $ALIAS_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $ALIAS_NAME 9 | functionRef: 10 | from: 11 | name: $FUNCTION_REF_NAME 12 | functionVersion: $FUNCTION_VERSION 13 | description: alias created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/alias.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Alias 3 | metadata: 4 | name: $ALIAS_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $ALIAS_NAME 9 | functionName: $FUNCTION_NAME 10 | functionVersion: $FUNCTION_VERSION 11 | description: alias created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/alias_event_invoke_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Alias 3 | metadata: 4 | name: $ALIAS_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $ALIAS_NAME 9 | functionName: $FUNCTION_NAME 10 | functionVersion: $FUNCTION_VERSION 11 | functionEventInvokeConfig: 12 | destinationConfig: 13 | onSuccess: 14 | destination: $ON_SUCCESS_DESTINATION 15 | onFailure: 16 | destination: $ON_FAILURE_DESTINATION 17 | maximumEventAgeInSeconds: $MAXIMUM_EVENT_AGE_IN_SECONDS 18 | maximumRetryAttempts: $MAXIMUM_RETRY_ATTEMPTS 19 | description: alias created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/alias_provisioned_concurrency.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Alias 3 | metadata: 4 | name: $ALIAS_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $ALIAS_NAME 9 | functionName: $FUNCTION_NAME 10 | functionVersion: $FUNCTION_VERSION 11 | description: alias created by ACK lambda-controller e2e tests 12 | provisionedConcurrencyConfig: 13 | provisionedConcurrentExecutions: $PROVISIONED_CONCURRENT_EXECUTIONS -------------------------------------------------------------------------------- /test/e2e/resources/code_signing_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: CodeSigningConfig 3 | metadata: 4 | name: $CODE_SIGNING_CONFIG_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | allowedPublishers: 9 | signingProfileVersionARNs: 10 | - $SIGNING_PROFILE_VERSION_ARN 11 | description: code signing config created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/event_source_mapping_dynamodb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: EventSourceMapping 3 | metadata: 4 | name: $EVENT_SOURCE_MAPPING_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | eventSourceARN: $EVENT_SOURCE_ARN 10 | startingPosition: $STARTING_POSITION 11 | maximumRetryAttempts: $MAXIMUM_RETRY_ATTEMPTS 12 | batchSize: $BATCH_SIZE 13 | enabled: false -------------------------------------------------------------------------------- /test/e2e/resources/event_source_mapping_sqs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: EventSourceMapping 3 | metadata: 4 | name: $EVENT_SOURCE_MAPPING_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | eventSourceARN: $EVENT_SOURCE_ARN 10 | batchSize: $BATCH_SIZE 11 | maximumBatchingWindowInSeconds: $MAXIMUM_BATCHING_WINDOW_IN_SECONDS 12 | enabled: false -------------------------------------------------------------------------------- /test/e2e/resources/event_source_mapping_sqs_ref.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: EventSourceMapping 3 | metadata: 4 | name: $EVENT_SOURCE_MAPPING_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionRef: 9 | from: 10 | name: $FUNCTION_REF_NAME 11 | eventSourceARN: $EVENT_SOURCE_ARN 12 | batchSize: $BATCH_SIZE 13 | maximumBatchingWindowInSeconds: $MAXIMUM_BATCHING_WINDOW_IN_SECONDS 14 | enabled: false -------------------------------------------------------------------------------- /test/e2e/resources/function.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | role: $LAMBDA_ROLE 13 | runtime: python3.9 14 | handler: main 15 | description: function created by ACK lambda-controller e2e tests 16 | reservedConcurrentExecutions: $RESERVED_CONCURRENT_EXECUTIONS 17 | codeSigningConfigARN: "$CODE_SIGNING_CONFIG_ARN" -------------------------------------------------------------------------------- /test/e2e/resources/function_architectures.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | role: $LAMBDA_ROLE 13 | architectures: [$ARCHITECTURES] 14 | runtime: python3.9 15 | handler: main 16 | description: function created by ACK lambda-controller e2e tests 17 | reservedConcurrentExecutions: $RESERVED_CONCURRENT_EXECUTIONS 18 | codeSigningConfigARN: "$CODE_SIGNING_CONFIG_ARN" -------------------------------------------------------------------------------- /test/e2e/resources/function_code_s3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | architectures: [$ARCHITECTURES] 10 | code: 11 | s3Bucket: $BUCKET_NAME 12 | s3Key: $LAMBDA_FILE_NAME 13 | sha256: $HASH 14 | role: $LAMBDA_ROLE 15 | runtime: python3.9 16 | handler: main 17 | description: function created by ACK lambda-controller e2e tests 18 | reservedConcurrentExecutions: $RESERVED_CONCURRENT_EXECUTIONS 19 | codeSigningConfigARN: "$CODE_SIGNING_CONFIG_ARN" -------------------------------------------------------------------------------- /test/e2e/resources/function_event_invoke_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | functionEventInvokeConfig: 13 | destinationConfig: 14 | onSuccess: 15 | destination: $ON_SUCCESS_DESTINATION 16 | onFailure: 17 | destination: $ON_FAILURE_DESTINATION 18 | maximumEventAgeInSeconds: $MAXIMUM_EVENT_AGE_IN_SECONDS 19 | maximumRetryAttempts: $MAXIMUM_RETRY_ATTEMPTS 20 | role: $LAMBDA_ROLE 21 | runtime: python3.9 22 | handler: main 23 | description: function created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/function_features.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | role: $LAMBDA_ROLE 13 | runtime: python3.9 14 | handler: main 15 | deadLetterConfig: 16 | targetARN: $DEAD_LETTER_CONFIG_TARGET_ARN 17 | description: function created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/function_layers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | role: $LAMBDA_ROLE 13 | runtime: python3.9 14 | handler: main 15 | layers: [$LAYERS] 16 | description: function created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/function_package_type_image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | imageURI: $IMAGE_URL 11 | role: $LAMBDA_ROLE 12 | description: function created by ACK lambda-controller e2e tests 13 | packageType: Image -------------------------------------------------------------------------------- /test/e2e/resources/function_snapstart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Function 3 | metadata: 4 | name: $FUNCTION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_NAME 9 | code: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | role: $LAMBDA_ROLE 13 | runtime: java11 14 | handler: main 15 | description: function created by ACK lambda-controller e2e tests 16 | reservedConcurrentExecutions: $RESERVED_CONCURRENT_EXECUTIONS 17 | codeSigningConfigARN: "$CODE_SIGNING_CONFIG_ARN" -------------------------------------------------------------------------------- /test/e2e/resources/function_url_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: FunctionURLConfig 3 | metadata: 4 | name: $FUNCTION_URL_CONFIG_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | authType: $AUTH_TYPE -------------------------------------------------------------------------------- /test/e2e/resources/function_url_config_ref.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: FunctionURLConfig 3 | metadata: 4 | name: $FUNCTION_URL_CONFIG_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | name: $FUNCTION_URL_CONFIG_NAME 9 | functionRef: 10 | from: 11 | name: $FUNCTION_REF_NAME 12 | authType: $AUTH_TYPE -------------------------------------------------------------------------------- /test/e2e/resources/lambda_function/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM public.ecr.aws/lambda/python:3.8 2 | 3 | COPY main.py main.py 4 | 5 | CMD [ "main.handler" ] -------------------------------------------------------------------------------- /test/e2e/resources/lambda_function/Makefile: -------------------------------------------------------------------------------- 1 | AWS_REGION ?= "us-west-2" 2 | ECR_REPOSITORY ?= ack-e2e-testing-lambda-controller 3 | IMAGE_TAG ?= v1 4 | 5 | AWS_ACCOUNT_ID ?= $(shell aws sts get-caller-identity --query "Account" --output text) 6 | IMAGE_URL ?= $(AWS_ACCOUNT_ID).dkr.ecr.us-west-2.amazonaws.com/$(ECR_REPOSITORY):$(IMAGE_TAG) 7 | 8 | build-image: 9 | docker build -t $(IMAGE_URL) . 10 | 11 | publish-image: 12 | docker push $(IMAGE_URL) 13 | 14 | create-ecr-repository: 15 | aws ecr create-repository --region $(AWS_REGION) --repository-name $(ECR_REPOSITORY) >/dev/null 16 | 17 | docker-ecr-auth: 18 | aws ecr get-login-password --region us-west-2 | \ 19 | docker login --username AWS --password-stdin\ 20 | $(AWS_ACCOUNT_ID).dkr.ecr.us-west-2.amazonaws.com 21 | 22 | all: build-image publish-image -------------------------------------------------------------------------------- /test/e2e/resources/lambda_function/main.py: -------------------------------------------------------------------------------- 1 | if __name__ == "__main__": 2 | print("Hello ACK!") -------------------------------------------------------------------------------- /test/e2e/resources/lambda_function/updated_main.py: -------------------------------------------------------------------------------- 1 | if __name__ == "__main__": 2 | print("Updated Hello ACK!") -------------------------------------------------------------------------------- /test/e2e/resources/layer_version.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: LayerVersion 3 | metadata: 4 | name: $LAYER_VERSION 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | layerName: $LAYER_VERSION 9 | content: 10 | s3Bucket: $BUCKET_NAME 11 | s3Key: $LAMBDA_FILE_NAME 12 | compatibleRuntimes: [nodejs, nodejs16.x, java8, java11, python3.7, python3.8, python3.9, dotnetcore3.1, dotnet6, nodejs4.3-edge, go1.x, ruby2.7, provided, provided.al2] 13 | description: layer version created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/version.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Version 3 | metadata: 4 | name: $VERSION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | description: version created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/version_event_invoke_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Version 3 | metadata: 4 | name: $VERSION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | functionEventInvokeConfig: 10 | destinationConfig: 11 | onSuccess: 12 | destination: $ON_SUCCESS_DESTINATION 13 | onFailure: 14 | destination: $ON_FAILURE_DESTINATION 15 | maximumEventAgeInSeconds: $MAXIMUM_EVENT_AGE_IN_SECONDS 16 | maximumRetryAttempts: $MAXIMUM_RETRY_ATTEMPTS 17 | description: version created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/version_provisioned_concurrency.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Version 3 | metadata: 4 | name: $VERSION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | provisionedConcurrencyConfig: 10 | provisionedConcurrentExecutions: $PROVISIONED_CONCURRENT_EXECUTIONS 11 | description: version created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/version_ref.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Version 3 | metadata: 4 | name: $VERSION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionRef: 9 | from: 10 | name: $FUNCTION_REF_NAME 11 | description: version created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/resources/version_with_revision_hash.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: lambda.services.k8s.aws/v1alpha1 2 | kind: Version 3 | metadata: 4 | name: $VERSION_NAME 5 | annotations: 6 | services.k8s.aws/region: $AWS_REGION 7 | spec: 8 | functionName: $FUNCTION_NAME 9 | codeSHA256: $HASH 10 | revisionID: $REVISION_ID 11 | description: version created by ACK lambda-controller e2e tests -------------------------------------------------------------------------------- /test/e2e/service_cleanup.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | """Cleans up the resources created by the bootstrapping process. 15 | """ 16 | 17 | import logging 18 | 19 | from e2e import bootstrap_directory 20 | from acktest.bootstrapping import Resources 21 | 22 | def service_cleanup(): 23 | logging.getLogger().setLevel(logging.INFO) 24 | 25 | resources = Resources.deserialize(bootstrap_directory) 26 | resources.cleanup() 27 | 28 | if __name__ == "__main__": 29 | service_cleanup() -------------------------------------------------------------------------------- /test/e2e/tests/test_code_signing_config.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | """Integration tests for the Lambda code signing config API. 15 | """ 16 | 17 | import pytest 18 | import time 19 | import logging 20 | 21 | from acktest.resources import random_suffix_name 22 | from acktest.aws.identity import get_region 23 | from acktest.k8s import resource as k8s 24 | 25 | from e2e import service_marker, CRD_GROUP, CRD_VERSION, load_lambda_resource 26 | from e2e.replacement_values import REPLACEMENT_VALUES 27 | from e2e.bootstrap_resources import get_bootstrap_resources 28 | from e2e.tests.helper import LambdaValidator 29 | 30 | RESOURCE_PLURAL = "codesigningconfigs" 31 | 32 | CREATE_WAIT_AFTER_SECONDS = 10 33 | UPDATE_WAIT_AFTER_SECONDS = 10 34 | DELETE_WAIT_AFTER_SECONDS = 10 35 | 36 | @service_marker 37 | @pytest.mark.canary 38 | class TestCodeSigningConfig: 39 | def test_smoke(self, lambda_client): 40 | resource_name = random_suffix_name("lambda-csc", 24) 41 | 42 | resources = get_bootstrap_resources() 43 | logging.debug(resources) 44 | 45 | replacements = REPLACEMENT_VALUES.copy() 46 | replacements["AWS_REGION"] = get_region() 47 | replacements["CODE_SIGNING_CONFIG_NAME"] = resource_name 48 | replacements["SIGNING_PROFILE_VERSION_ARN"] = resources.SigningProfile.signing_profile_arn 49 | 50 | # Load Lambda CR 51 | resource_data = load_lambda_resource( 52 | "code_signing_config", 53 | additional_replacements=replacements, 54 | ) 55 | logging.debug(resource_data) 56 | 57 | # Create k8s resource 58 | ref = k8s.CustomResourceReference( 59 | CRD_GROUP, CRD_VERSION, RESOURCE_PLURAL, 60 | resource_name, namespace="default", 61 | ) 62 | k8s.create_custom_resource(ref, resource_data) 63 | cr = k8s.wait_resource_consumed_by_controller(ref) 64 | 65 | assert cr is not None 66 | assert k8s.get_resource_exists(ref) 67 | 68 | codeSigningConfigARN = cr['status']['ackResourceMetadata']['arn'] 69 | 70 | time.sleep(CREATE_WAIT_AFTER_SECONDS) 71 | 72 | lambda_validator = LambdaValidator(lambda_client) 73 | # Check Lambda code signing config exists 74 | assert lambda_validator.code_signing_config_exists(codeSigningConfigARN) 75 | 76 | # Update cr 77 | cr["spec"]["description"] = "new description" 78 | 79 | # Patch k8s resource 80 | k8s.patch_custom_resource(ref, cr) 81 | time.sleep(UPDATE_WAIT_AFTER_SECONDS) 82 | 83 | # Check code signing config description 84 | csc = lambda_validator.get_code_signing_config(codeSigningConfigARN) 85 | assert csc is not None 86 | assert csc["Description"] == "new description" 87 | 88 | # Delete k8s resource 89 | _, deleted = k8s.delete_custom_resource(ref) 90 | assert deleted 91 | 92 | time.sleep(DELETE_WAIT_AFTER_SECONDS) 93 | # Check Lambda code signing config doesn't exist 94 | assert not lambda_validator.code_signing_config_exists(codeSigningConfigARN) 95 | -------------------------------------------------------------------------------- /test/e2e/tests/test_layer_version.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | """Integration tests for the Lambda layer version API. 15 | """ 16 | 17 | import pytest 18 | import time 19 | import logging 20 | 21 | from acktest.resources import random_suffix_name 22 | from acktest.aws.identity import get_region 23 | from acktest.k8s import resource as k8s 24 | 25 | from e2e import service_marker, CRD_GROUP, CRD_VERSION, load_lambda_resource 26 | from e2e.replacement_values import REPLACEMENT_VALUES 27 | from e2e.bootstrap_resources import get_bootstrap_resources 28 | from e2e.service_bootstrap import LAMBDA_FUNCTION_FILE_ZIP 29 | from e2e.tests.helper import LambdaValidator 30 | 31 | RESOURCE_PLURAL = "layerversions" 32 | 33 | CREATE_WAIT_AFTER_SECONDS = 10 34 | UPDATE_WAIT_AFTER_SECONDS = 10 35 | DELETE_WAIT_AFTER_SECONDS = 10 36 | 37 | @service_marker 38 | @pytest.mark.canary 39 | class TestLayerVersion: 40 | 41 | def test_smoke(self, lambda_client): 42 | resource_name = random_suffix_name("lambda-lv", 24) 43 | 44 | resources = get_bootstrap_resources() 45 | logging.debug(resources) 46 | 47 | replacements = REPLACEMENT_VALUES.copy() 48 | replacements["AWS_REGION"] = get_region() 49 | replacements["LAYER_VERSION"] = resource_name 50 | replacements["BUCKET_NAME"] = resources.FunctionsBucket.name 51 | replacements["LAMBDA_FILE_NAME"] = LAMBDA_FUNCTION_FILE_ZIP 52 | 53 | # Load Lambda CR 54 | resource_data = load_lambda_resource( 55 | "layer_version", 56 | additional_replacements=replacements, 57 | ) 58 | logging.debug(resource_data) 59 | 60 | # Create k8s resource 61 | ref = k8s.CustomResourceReference( 62 | CRD_GROUP, CRD_VERSION, RESOURCE_PLURAL, 63 | resource_name, namespace="default", 64 | ) 65 | k8s.create_custom_resource(ref, resource_data) 66 | cr = k8s.wait_resource_consumed_by_controller(ref) 67 | 68 | assert cr is not None 69 | assert k8s.get_resource_exists(ref) 70 | 71 | time.sleep(CREATE_WAIT_AFTER_SECONDS) 72 | 73 | cr = k8s.wait_resource_consumed_by_controller(ref) 74 | 75 | lambda_validator = LambdaValidator(lambda_client) 76 | 77 | version_number = cr['status']['versionNumber'] 78 | 79 | # Check layer version exists 80 | assert lambda_validator.layer_version_exists(resource_name, version_number) 81 | 82 | # Update cr 83 | new_description = "new description" 84 | updates = { 85 | "spec": { 86 | "description": new_description 87 | }, 88 | } 89 | 90 | #Patch k8s resource 91 | k8s.patch_custom_resource(ref, updates) 92 | time.sleep(UPDATE_WAIT_AFTER_SECONDS) 93 | 94 | cr = k8s.wait_resource_consumed_by_controller(ref) 95 | version_number = cr['status']['versionNumber'] 96 | 97 | #Check layer version description 98 | layer_version = lambda_validator.get_layer_version(resource_name, version_number) 99 | assert layer_version is not None 100 | assert layer_version['Description'] == 'new description' 101 | 102 | # Delete k8s resource 103 | _, deleted = k8s.delete_custom_resource(ref) 104 | assert deleted is True 105 | 106 | # Check if all versions are deleted 107 | layer_name = cr['spec']['layerName'] 108 | list = lambda_validator.list_layer_versions(layer_name) 109 | assert len(list["LayerVersions"]) == 0 110 | 111 | time.sleep(DELETE_WAIT_AFTER_SECONDS) 112 | 113 | # Check layer version doesn't exist 114 | assert not lambda_validator.layer_version_exists(resource_name, version_number) 115 | --------------------------------------------------------------------------------