Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: aws-controllers-k8s/acmpca-controller
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.0.19
Choose a base ref
...
head repository: aws-controllers-k8s/acmpca-controller
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 11 commits
  • 63 files changed
  • 5 contributors

Commits on Oct 10, 2024

  1. Update to ACK runtime v0.39.0, code-generator v0.39.1 (#71) 

    ### Update to ACK runtime `v0.39.0`, code-generator `v0.39.1`

----------

* ACK code-generator `v0.39.1` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.39.1)
* ACK runtime `v0.39.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.39.0)

----------

NOTE:
This PR increments the release version of service controller from `v0.0.19` to `v0.0.20`

Once this PR is merged, release `v0.0.20` will be automatically created for `acmpca-controller`

**Please close this PR, if you do not want the new patch release for `acmpca-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building acmpca-controller ====
Copying common custom resource definitions into acmpca
Building Kubernetes API objects for acmpca
Generating deepcopy code for acmpca
Generating custom resource definitions for acmpca
Building service controller for acmpca
Generating RBAC manifests for acmpca
Running gofmt against generated code for acmpca
Updating additional GitHub repository maintenance files
==== building acmpca-controller release artifacts ====
Building release artifacts for acmpca-v0.0.20
Generating common custom resource definitions
Generating custom resource definitions for acmpca
Generating RBAC manifests for acmpca
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ack-bot
    ack-bot authored Oct 10, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    764826d View commit details

Commits on Oct 25, 2024

  1. Update README and add Samples (#52) 

    Description of changes:
1. Update README
2. Add Samples folder with tutorial to set up a CA hierarchy 

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ndbhat
    ndbhat authored Oct 25, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    5deff67 View commit details

Commits on Nov 15, 2024

  1. Add changes after building with latest code-gen (#72) 

    Description of changes:
Changes after building with latest code-gen

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ndbhat
    ndbhat authored Nov 15, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    10f3984 View commit details

Commits on Nov 18, 2024

  1. Release artifacts for release v1.0.0 (#73) 

    Description of changes: Release artifacts for release v1.0.0

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @HanleyYin
    HanleyYin authored Nov 18, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    09ccb34 View commit details

Commits on Jan 14, 2025

  1. Update to ACK runtime v0.40.0, code-generator v0.40.0 (#74) 

    ### Update to ACK runtime `v0.40.0`, code-generator `v0.40.0`

----------

* ACK code-generator `v0.40.0` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.40.0)
* ACK runtime `v0.40.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.40.0)

----------

NOTE:
This PR increments the release version of service controller from `v1.0.0` to `v1.0.1`

Once this PR is merged, release `v1.0.1` will be automatically created for `acmpca-controller`

**Please close this PR, if you do not want the new patch release for `acmpca-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building acmpca-controller ====
Copying common custom resource definitions into acmpca
Building Kubernetes API objects for acmpca
Generating deepcopy code for acmpca
Generating custom resource definitions for acmpca
Building service controller for acmpca
Generating RBAC manifests for acmpca
Running gofmt against generated code for acmpca
Updating additional GitHub repository maintenance files
==== building acmpca-controller release artifacts ====
Building release artifacts for acmpca-v1.0.1
Generating common custom resource definitions
Generating custom resource definitions for acmpca
Generating RBAC manifests for acmpca
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ack-bot
    ack-bot authored Jan 14, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    32db091 View commit details

Commits on Jan 23, 2025

  1. Update to ACK runtime v0.41.0, code-generator v0.41.0 (#75) 

    ### Update to ACK runtime `v0.41.0`, code-generator `v0.41.0`

----------

* ACK code-generator `v0.41.0` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.41.0)
* ACK runtime `v0.41.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.41.0)

----------

NOTE:
This PR increments the release version of service controller from `v1.0.1` to `v1.0.2`

Once this PR is merged, release `v1.0.2` will be automatically created for `acmpca-controller`

**Please close this PR, if you do not want the new patch release for `acmpca-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building acmpca-controller ====
Copying common custom resource definitions into acmpca
Building Kubernetes API objects for acmpca
Generating deepcopy code for acmpca
Generating custom resource definitions for acmpca
Building service controller for acmpca
Generating RBAC manifests for acmpca
Running gofmt against generated code for acmpca
Updating additional GitHub repository maintenance files
==== building acmpca-controller release artifacts ====
Building release artifacts for acmpca-v1.0.2
Generating common custom resource definitions
Generating custom resource definitions for acmpca
Generating RBAC manifests for acmpca
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ack-bot
    ack-bot authored Jan 23, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    74c5a31 View commit details

Commits on Feb 5, 2025

  1. Generate controller using aws-sdk-go-v2 (#76) 

    By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @TiberiuGC
    TiberiuGC authored Feb 5, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    cc12d1d View commit details

Commits on Feb 6, 2025

  1. Update to ACK runtime v0.42.0, code-generator v0.42.0 (#77) 

    ### Update to ACK runtime `v0.42.0`, code-generator `v0.42.0`

----------

* ACK code-generator `v0.42.0` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.42.0)
* ACK runtime `v0.42.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.42.0)

----------

NOTE:
This PR increments the release version of service controller from `v1.0.2` to `v1.0.3`

Once this PR is merged, release `v1.0.3` will be automatically created for `acmpca-controller`

**Please close this PR, if you do not want the new patch release for `acmpca-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building acmpca-controller ====
Copying common custom resource definitions into acmpca
Building Kubernetes API objects for acmpca
Generating deepcopy code for acmpca
Generating custom resource definitions for acmpca
Building service controller for acmpca
Running GO mod tidy
Generating RBAC manifests for acmpca
Running gofmt against generated code for acmpca
Updating additional GitHub repository maintenance files
==== building acmpca-controller release artifacts ====
Building release artifacts for acmpca-v1.0.3
Generating common custom resource definitions
Generating custom resource definitions for acmpca
Generating RBAC manifests for acmpca
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ack-bot
    ack-bot authored Feb 6, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    10ab00f View commit details

Commits on Feb 18, 2025

  1. Update to ACK runtime v0.43.0, code-generator v0.43.0 (#78) 

    ### Update to ACK runtime `v0.43.0`, code-generator `v0.43.0`

----------

* ACK code-generator `v0.43.0` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.43.0)
* ACK runtime `v0.43.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.43.0)

----------

NOTE:
This PR increments the release version of service controller from `v1.0.3` to `v1.0.4`

Once this PR is merged, release `v1.0.4` will be automatically created for `acmpca-controller`

**Please close this PR, if you do not want the new patch release for `acmpca-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
installing controller-gen v0.16.2 ... ok.
==== building acmpca-controller ====
Copying common custom resource definitions into acmpca
Building Kubernetes API objects for acmpca
Generating deepcopy code for acmpca
Generating custom resource definitions for acmpca
Building service controller for acmpca
Running GO mod tidy
Generating RBAC manifests for acmpca
Running gofmt against generated code for acmpca
Updating additional GitHub repository maintenance files
==== building acmpca-controller release artifacts ====
Building release artifacts for acmpca-v1.0.4
Generating common custom resource definitions
Generating custom resource definitions for acmpca
Generating RBAC manifests for acmpca
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ack-bot
    ack-bot authored Feb 18, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    c42ea5e View commit details

Commits on Feb 21, 2025

  1. remove immutability tests (#81) 

    Description of changes:
Remove immutability test before code-gen `v0.43.2` release.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @rushmash91
    rushmash91 authored Feb 21, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    dc230ed View commit details

  2. Update to ACK runtime v0.43.0, code-generator v0.43.2 (#80) 

    ### Update to ACK runtime `v0.43.0`, code-generator `v0.43.2`

----------

* ACK code-generator `v0.43.2` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.43.2)
* ACK runtime `v0.43.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.43.0)

----------

NOTE:
This PR increments the release version of service controller from `v1.0.4` to `v1.0.5`

Once this PR is merged, release `v1.0.5` will be automatically created for `acmpca-controller`

**Please close this PR, if you do not want the new patch release for `acmpca-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
installing controller-gen v0.16.2 ... ok.
==== building acmpca-controller ====
Copying common custom resource definitions into acmpca
Building Kubernetes API objects for acmpca
Generating deepcopy code for acmpca
Generating custom resource definitions for acmpca
Building service controller for acmpca
Running GO mod tidy
Generating RBAC manifests for acmpca
Running gofmt against generated code for acmpca
Updating additional GitHub repository maintenance files
==== building acmpca-controller release artifacts ====
Building release artifacts for acmpca-v1.0.5
Generating common custom resource definitions
Generating custom resource definitions for acmpca
Generating RBAC manifests for acmpca
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
    @ack-bot
    ack-bot authored Feb 21, 2025
    Loading
    Loading status checks…
    Copy the full SHA
    5d06cec View commit details
Showing with 1,522 additions and 1,138 deletions.
  1. +1 −2 OWNERS
  2. +11 −8 OWNERS_ALIASES
  3. +72 −2 README.md
  4. +7 −7 apis/v1alpha1/ack-generate-metadata.yaml
  5. +12 −4 apis/v1alpha1/certificate.go
  6. +8 −5 apis/v1alpha1/certificate_authority.go
  7. +10 −6 apis/v1alpha1/certificate_authority_activation.go
  8. +25 −22 apis/v1alpha1/enums.go
  9. +52 −50 apis/v1alpha1/generator.yaml
  10. +21 −8 apis/v1alpha1/types.go
  11. +20 −0 apis/v1alpha1/zz_generated.deepcopy.go
  12. +8 −8 cmd/controller/main.go
  13. +4 −0 config/controller/deployment.yaml
  14. +1 −1 config/controller/kustomization.yaml
  15. +24 −39 config/crd/bases/acmpca.services.k8s.aws_certificateauthorities.yaml
  16. +15 −5 config/crd/bases/acmpca.services.k8s.aws_certificateauthorityactivations.yaml
  17. +28 −18 config/crd/bases/acmpca.services.k8s.aws_certificates.yaml
  18. +1 −6 config/crd/common/bases/services.k8s.aws_adoptedresources.yaml
  19. +1 −1 config/crd/common/bases/services.k8s.aws_fieldexports.yaml
  20. +4 −66 config/rbac/cluster-role-controller.yaml
  21. +52 −50 generator.yaml
  22. +41 −27 go.mod
  23. +102 −71 go.sum
  24. +2 −2 helm/Chart.yaml
  25. +24 −39 helm/crds/acmpca.services.k8s.aws_certificateauthorities.yaml
  26. +15 −5 helm/crds/acmpca.services.k8s.aws_certificateauthorityactivations.yaml
  27. +28 −18 helm/crds/acmpca.services.k8s.aws_certificates.yaml
  28. +1 −6 helm/crds/services.k8s.aws_adoptedresources.yaml
  29. +1 −1 helm/crds/services.k8s.aws_fieldexports.yaml
  30. +1 −1 helm/templates/NOTES.txt
  31. +4 −66 helm/templates/_helpers.tpl
  32. +3 −3 helm/templates/caches-role-binding.yaml
  33. +1 −0 helm/templates/deployment.yaml
  34. +5 −1 helm/values.yaml
  35. +5 −5 pkg/resource/certificate/descriptor.go
  36. +38 −12 pkg/resource/certificate/manager.go
  37. +3 −3 pkg/resource/certificate/manager_factory.go
  38. +16 −0 pkg/resource/certificate/resource.go
  39. +134 −167 pkg/resource/certificate/sdk.go
  40. +5 −5 pkg/resource/certificate_authority/descriptor.go
  41. +10 −9 pkg/resource/certificate_authority/hooks.go
  42. +56 −12 pkg/resource/certificate_authority/manager.go
  43. +3 −3 pkg/resource/certificate_authority/manager_factory.go
  44. +1 −0 pkg/resource/certificate_authority/references.go
  45. +16 −0 pkg/resource/certificate_authority/resource.go
  46. +179 −209 pkg/resource/certificate_authority/sdk.go
  47. +46 −2 pkg/resource/certificate_authority/tags.go
  48. +5 −5 pkg/resource/certificate_authority_activation/descriptor.go
  49. +15 −13 pkg/resource/certificate_authority_activation/hooks.go
  50. +38 −12 pkg/resource/certificate_authority_activation/manager.go
  51. +3 −3 pkg/resource/certificate_authority_activation/manager_factory.go
  52. +5 −0 pkg/resource/certificate_authority_activation/resource.go
  53. +20 −39 pkg/resource/certificate_authority_activation/sdk.go
  54. +47 −0 samples/hierarchy/README.md
  55. +189 −0 samples/hierarchy/ca_hierarchy.yaml
  56. +2 −2 templates/hooks/certificate/sdk_create_post_build_request.go.tpl
  57. +2 −2 templates/hooks/certificate/sdk_create_post_request.go.tpl
  58. +1 −1 templates/hooks/certificate_authority/sdk_create_post_build_request.go.tpl
  59. +2 −2 templates/hooks/certificate_authority_activation/sdk_create_post_build_request.go.tpl
  60. +2 −2 templates/hooks/certificate_authority_activation/sdk_create_post_request.go.tpl
  61. +4 −4 templates/hooks/certificate_authority_activation/sdk_create_post_set_output.go.tpl
  62. +0 −50 test/e2e/tests/test_ca.py
  63. +70 −28 test/e2e/tests/test_ca_hierarchy.py
3 changes: 1 addition & 2 deletions OWNERS
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
# See the OWNERS docs at https://go.k8s.io/owners

approvers:
- core-ack-team
- service-team
- core-ack-team
19 changes: 11 additions & 8 deletions OWNERS_ALIASES
View file
Original file line number Diff line number Diff line change
@@ -3,11 +3,14 @@
aliases:
core-ack-team:
- a-hilaly
- RedbackThomson
- jljaco
# TODO: Add your team members' GitHub aliases to the team alias
service-team:
- ndbhat
- anbaig
- divyansh-gupta
- Hamidhasan
- jlbutler
- michaelhtm
- TiberiuGC
- rushmash91
# emeritus-core-ack-team:
# - jaypipes
# - jljaco
# - mhausenblas
# - RedbackThomson
# - vijtrip2
# - ivelichkovich
74 changes: 72 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,83 @@
# ACK service controller for AWS Certificate Manager Private Certificate Authority
# ACK service controller for AWS Private Certificate Authority

This repository contains source code for the AWS Controllers for Kubernetes
(ACK) service controller for ACM-PCA.
(ACK) service controller for AWS Private Certificate Authority.

Please [log issues][ack-issues] and feedback on the main AWS Controllers for
Kubernetes Github project.

[ack-issues]: https://github.com/aws/aws-controllers-k8s/issues

## Resources Supported
The ACK service controller for AWS Private Certificate Authority supports the following resources:
- CertificateAuthority
- Certificate
- CertificateAuthorityActivation

## Getting Started

### Pricing
The ACK service controller for AWS Private Certificate Authority is free of charge. With AWS Private Certificate Authority (AWS Private CA), you pay a monthly fee for the operation of each private certificate authority (CA), the private certificates you issue each month, and the use of the Online Certificate Status Protocol (OCSP). Learn more about [AWS Private Certificate Authority Pricing](https://aws.amazon.com/private-ca/pricing).

### Samples
Go to the [samples directory][samples] and follow the README to create resources.

[samples]: https://github.com/aws-controllers-k8s/acmpca-controller/tree/main/samples

### Use with the Cert-Manager AWS Private CA Issuer Plugin
After creating your CA hierarchy via the ACK service controller for AWS Private Certificate Authority, you can use [cert-manager](https://cert-manager.io/) and the [AWS Private CA Issuer Plugin](https://github.com/cert-manager/aws-privateca-issuer) to deploy managed private certificates in your cluster.

### Kubernetes Secrets
The ACK service controller for AWS Private Certificate Authority uses Kubernetes Secrets to store certificate and certificate chains. Users are expected to create Secrets before creating Certificate and CertificateAuthorityActivation resources. As these resources are created, the Secrets will be injected with either the certificate or certificate chain. Users are responsible for deleting Secrets.

#### Certificate Secret
Before creating the Certificate resource, users must specify the namespace, name, and key of the Secret using the `certificateOutput` field of the Certificate resource, as shown below. If a namespace isn't specified, the namespace of the Certificate resource will be used.

```
apiVersion: v1
kind: Secret
metadata:
name: certificate-secret
namespace: default
data:
certificate: ""
---
apiVersion: acmpca.services.k8s.aws/v1alpha1
kind: Certificate
metadata:
name: my-certificate
spec:
certificateOutput:
namespace: default
name: certificate-secret
key: certificate
...
```

#### CertificateChain Secret
Before creating the CertificateAuthorityActivation resource, users must specify the namespace, name, and key of the Secret using the `completeCertificateChainOutput` field of the CertificateAuthorityActivation resource, as shown below. If a namespace isn't specified, the namespace of the CertificateAuthorityActivation resource will be used.

```
apiVersion: v1
kind: Secret
metadata:
name: certificate-chain-secret
namespace: default
data:
certificateChain: ""
---
apiVersion: acmpca.services.k8s.aws/v1alpha1
kind: CertificateAuthorityActivation
metadata:
name: my-ca-activation
spec:
completeCertificateChainOutput:
namespace: default
name: certificate-chain-secret
key: certificateChain
...
```

## Contributing

We welcome community contributions and pull requests.
14 changes: 7 additions & 7 deletions apis/v1alpha1/ack-generate-metadata.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
ack_generate_info:
build_date: "2024-09-05T13:35:46Z"
build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc
go_version: go1.22.5
version: v0.38.1
api_directory_checksum: bd1c805e13428d024256fc04295c87e9bee1524c
build_date: "2025-02-21T00:50:58Z"
build_hash: a326346bd3a6973254d247c9ab2dc76790c36241
go_version: go1.24.0
version: v0.43.2
api_directory_checksum: b40da118f1911726e790de72e761cf61b62f1a5e
api_version: v1alpha1
aws_sdk_go_version: v1.49.6
aws_sdk_go_version: 1.32.6
generator_config_info:
file_checksum: 8c8ac630b5041df827e873b967655a762fa3877b
file_checksum: f7ab836c2ac49ebc67301d15d78022bc176a4e69
original_file_name: generator.yaml
last_modification:
reason: API generation
16 changes: 12 additions & 4 deletions apis/v1alpha1/certificate.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 8 additions & 5 deletions apis/v1alpha1/certificate_authority.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 10 additions & 6 deletions apis/v1alpha1/certificate_authority_activation.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading