Update to ACK runtime v0.39.0, code-generator v0.39.1 (#24)

### Update to ACK runtime `v0.39.0`, code-generator `v0.39.1`

----------

* ACK code-generator `v0.39.1` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.39.1)
* ACK runtime `v0.39.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.39.0)

----------

NOTE:
This PR increments the release version of service controller from `v0.0.10` to `v0.0.11`

Once this PR is merged, release `v0.0.11` will be automatically created for `secretsmanager-controller`

**Please close this PR, if you do not want the new patch release for `secretsmanager-controller`**

----------

#### stdout for `make build-controller`:

```
building ack-generate ... ok.
==== building secretsmanager-controller ====
Copying common custom resource definitions into secretsmanager
Building Kubernetes API objects for secretsmanager
Generating deepcopy code for secretsmanager
Generating custom resource definitions for secretsmanager
Building service controller for secretsmanager
Generating RBAC manifests for secretsmanager
Running gofmt against generated code for secretsmanager
Updating additional GitHub repository maintenance files
==== building secretsmanager-controller release artifacts ====
Building release artifacts for secretsmanager-v0.0.11
Generating common custom resource definitions
Generating custom resource definitions for secretsmanager
Generating RBAC manifests for secretsmanager
```

----------

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,8 +1,8 @@
 ack_generate_info:
-  build_date: "2024-08-29T17:04:53Z"
-  build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc
-  go_version: go1.22.5
-  version: v0.38.1
+  build_date: "2024-10-10T04:01:18Z"
+  build_hash: 36c2d234498c2bc4f60773ab8df632af4067f43b
+  go_version: go1.23.2
+  version: v0.39.1
 api_directory_checksum: cc390ec9f86ff4675e9b88a2a5ef5dd9aedf3b0c
 api_version: v1alpha1
 aws_sdk_go_version: v1.49.0

config/controller/kustomization.yaml

@@ -6,4 +6,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: public.ecr.aws/aws-controllers-k8s/secretsmanager-controller
-  newTag: 0.0.10
+  newTag: 0.0.11

config/crd/bases/secretsmanager.services.k8s.aws_secrets.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.2
   name: secrets.secretsmanager.services.k8s.aws
 spec:
   group: secretsmanager.services.k8s.aws
@@ -54,15 +54,12 @@ spec:
                   example alias/aws/secretsmanager. For more information, see About aliases
                   (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
 
-
                   To use a KMS key in a different account, use the key ARN or the alias ARN.
 
-
                   If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager.
                   If that key doesn't yet exist, then Secrets Manager creates it for you automatically
                   the first time it encrypts the secret value.
 
-
                   If the secret is in a different Amazon Web Services account from the credentials
                   calling the API, then you can't use aws/secretsmanager to encrypt the secret,
                   and you must create and use a customer managed KMS key.
@@ -71,11 +68,9 @@ spec:
                 description: |-
                   The name of the new secret.
 
-
                   The secret name can contain ASCII letters, numbers, and the following characters:
                   /_+=.@-
 
-
                   Do not end your secret name with a hyphen followed by six characters. If
                   you do so, you risk confusion and unexpected results when searching for a
                   secret by partial ARN. Secrets Manager automatically adds a hyphen and six
@@ -98,10 +93,8 @@ spec:
                   The text data to encrypt and store in this new version of the secret. We
                   recommend you use a JSON structure of key/value pairs for your secret value.
 
-
                   Either SecretString or SecretBinary must have a value, but not both.
 
-
                   If you create a secret by using the Secrets Manager console then Secrets
                   Manager puts the protected secret text in only the SecretString parameter.
                   The Secrets Manager console stores the information as a JSON structure of
@@ -127,29 +120,24 @@ spec:
                   A list of tags to attach to the secret. Each tag is a key and value pair
                   of strings in a JSON text string, for example:
 
-
                   [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
 
-
                   Secrets Manager tag key names are case sensitive. A tag with the key "ABC"
                   is a different tag from one with key "abc".
 
-
                   If you check tags in permissions policies as part of your security strategy,
                   then adding or removing a tag can change permissions. If the completion of
                   this operation would result in you losing your permissions for this secret,
                   then Secrets Manager blocks the operation and returns an Access Denied error.
                   For more information, see Control access to secrets using tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac)
                   and Limit access to identities with tags that match secrets' tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
 
-
                   For information about how to format a JSON parameter for the various command
                   line tool environments, see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json).
                   If your command-line tool or SDK requires quotation marks around the parameter,
                   you should use single quotes to avoid confusion with the double quotes required
                   in the JSON text.
 
-
                   For tag quotas and naming restrictions, see Service quotas for Tagging (https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas)
                   in the Amazon Web Services General Reference guide.
                 items:
@@ -181,7 +169,6 @@ spec:
                       when it has verified that an "adopted" resource (a resource where the
                       ARN annotation was set by the Kubernetes user on the CR) exists and
                       matches the supplied CR's Spec field values.
-                      TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse
                       https://github.com/aws/aws-controllers-k8s/issues/270
                     type: string
                   ownerAccountID:
@@ -239,14 +226,11 @@ spec:
                 description: |-
                   A list of the replicas of this secret and their status:
 
-
                      * Failed, which indicates that the replica was not created.
 
-
                      * InProgress, which indicates that Secrets Manager is in the process of
                      creating the replica.
 
-
                      * InSync, which indicates that the replica was created.
                 items:
                   description: |-

config/crd/common/bases/services.k8s.aws_adoptedresources.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.2
   name: adoptedresources.services.k8s.aws
 spec:
   group: services.k8s.aws
@@ -78,11 +78,9 @@ spec:
                       automatically converts this to an arbitrary string-string map.
                       https://github.com/kubernetes-sigs/controller-tools/issues/385
 
-
                       Active discussion about inclusion of this field in the spec is happening in this PR:
                       https://github.com/kubernetes-sigs/controller-tools/pull/395
 
-
                       Until this is allowed, or if it never is, we will produce a subset of the object meta
                       that contains only the fields which the user is allowed to modify in the metadata.
                     properties:
@@ -105,13 +103,11 @@ spec:
                           and may be truncated by the length of the suffix required to make the value
                           unique on the server.
 
-
                           If this field is specified and the generated name exists, the server will
                           NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
                           ServerTimeout indicating a unique name could not be found in the time allotted, and the client
                           should retry (optionally after the time indicated in the Retry-After header).
 
-
                           Applied only if Name is not specified.
                           More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
                         type: string
@@ -140,7 +136,6 @@ spec:
                           Not all objects are required to be scoped to a namespace - the value of this field for
                           those objects will be empty.
 
-
                           Must be a DNS_LABEL.
                           Cannot be updated.
                           More info: http://kubernetes.io/docs/user-guide/namespaces

config/crd/common/bases/services.k8s.aws_fieldexports.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.2
   name: fieldexports.services.k8s.aws
 spec:
   group: services.k8s.aws

config/rbac/cluster-role-controller.yaml

@@ -8,6 +8,7 @@ rules:
   - ""
   resources:
   - configmaps
+  - secrets
   verbs:
   - get
   - list
@@ -21,15 +22,6 @@ rules:
   - get
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - patch
-  - watch
 - apiGroups:
   - secretsmanager.services.k8s.aws
   resources:
@@ -54,25 +46,6 @@ rules:
   - services.k8s.aws
   resources:
   - adoptedresources
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - adoptedresources/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - services.k8s.aws
-  resources:
   - fieldexports
   verbs:
   - create
@@ -85,6 +58,7 @@ rules:
 - apiGroups:
   - services.k8s.aws
   resources:
+  - adoptedresources/status
   - fieldexports/status
   verbs:
   - get

go.mod

@@ -5,35 +5,36 @@ go 1.22.0
 toolchain go1.22.5
 
 require (
-	github.com/aws-controllers-k8s/runtime v0.38.0
+	github.com/aws-controllers-k8s/runtime v0.39.0
 	github.com/aws/aws-sdk-go v1.49.0
-	github.com/go-logr/logr v1.4.1
+	github.com/go-logr/logr v1.4.2
 	github.com/spf13/pflag v1.0.5
-	k8s.io/api v0.30.1
-	k8s.io/apimachinery v0.30.1
-	k8s.io/client-go v0.30.1
-	sigs.k8s.io/controller-runtime v0.18.4
+	k8s.io/api v0.31.0
+	k8s.io/apimachinery v0.31.0
+	k8s.io/client-go v0.31.0
+	sigs.k8s.io/controller-runtime v0.19.0
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/itchyny/gojq v0.12.6 // indirect
 	github.com/itchyny/timefmt-go v0.1.3 // indirect
@@ -42,35 +43,34 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.18.0 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/samber/lo v1.37.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/oauth2 v0.12.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.30.1 // indirect
-	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/apiextensions-apiserver v0.31.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect