From 7256c0f34cee81c09a9450d37b41908bf2f1a914 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 19 Feb 2025 23:01:48 +0000 Subject: [PATCH] Update to ACK runtime `v0.43.0`, code-generator `v0.43.1` --- apis/v1alpha1/ack-generate-metadata.yaml | 10 +-- apis/v1alpha1/document.go | 38 +++++---- apis/v1alpha1/patch_baseline.go | 22 ++++- apis/v1alpha1/resource_data_sync.go | 7 +- config/controller/kustomization.yaml | 2 +- .../bases/ssm.services.k8s.aws_documents.yaml | 80 +------------------ .../ssm.services.k8s.aws_patchbaselines.yaml | 79 +----------------- ...sm.services.k8s.aws_resourcedatasyncs.yaml | 21 ++--- helm/Chart.yaml | 4 +- helm/crds/ssm.services.k8s.aws_documents.yaml | 80 +------------------ .../ssm.services.k8s.aws_patchbaselines.yaml | 79 +----------------- ...sm.services.k8s.aws_resourcedatasyncs.yaml | 21 ++--- helm/templates/NOTES.txt | 2 +- helm/values.yaml | 2 +- 14 files changed, 78 insertions(+), 369 deletions(-) diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 020e6da..dfa5f79 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,9 +1,9 @@ ack_generate_info: - build_date: "2025-02-18T00:13:39Z" - build_hash: 66c0f840b0bcf6f552be46cf5ee0fb95ad57053e - go_version: go1.23.6 - version: v0.43.0 -api_directory_checksum: 545ebf5268ea47d2b26dd78e9f3f15c0a0acfc0e + build_date: "2025-02-19T23:01:10Z" + build_hash: 8b426c490ff1984d8ce5577e11d6dabe1b6373b8 + go_version: go1.24.0 + version: v0.43.1 +api_directory_checksum: 438d0b6b606a47684055ffd92743d69e0a678c15 api_version: v1alpha1 aws_sdk_go_version: v1.32.6 generator_config_info: diff --git a/apis/v1alpha1/document.go b/apis/v1alpha1/document.go index fb70ad9..815ca12 100644 --- a/apis/v1alpha1/document.go +++ b/apis/v1alpha1/document.go @@ -24,6 +24,7 @@ import ( type DocumentSpec struct { // A list of key-value pairs that describe attachments to a version of a document. + Attachments []*AttachmentsSource `json:"attachments,omitempty"` // The content for the new SSM document in JSON or YAML format. The content // of the document must not exceed 64KB. This quota also includes the content @@ -34,44 +35,49 @@ type DocumentSpec struct { // For examples, see the following topics in the Amazon Web Services Systems // Manager User Guide. // - // - Create an SSM document (console) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-console) - // - // - Create an SSM document (command line) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-cli) + // * Create an SSM document (console) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-console) // - // - Create an SSM document (API) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-api) + // * Create an SSM document (command line) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-cli) // + // * Create an SSM document (API) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-api) + // +kubebuilder:validation:Required + Content *string `json:"content"` // An optional field where you can specify a friendly name for the SSM document. // This value can differ for each version of the document. You can update this // value at a later time using the UpdateDocument operation. + DisplayName *string `json:"displayName,omitempty"` // Specify the document format for the request. The document format can be JSON, // YAML, or TEXT. JSON is the default format. + DocumentFormat *string `json:"documentFormat,omitempty"` // The type of document to create. // // The DeploymentStrategy document type is an internal-use-only document type // reserved for AppConfig. + DocumentType *string `json:"documentType,omitempty"` // A name for the SSM document. // // You can't use the following strings as document name prefixes. These are // reserved by Amazon Web Services for use as document name prefixes: // - // - aws + // * aws // - // - amazon + // * amazon // - // - amzn + // * amzn // - // - AWSEC2 + // * AWSEC2 // - // - AWSConfigRemediation - // - // - AWSSupport + // * AWSConfigRemediation // + // * AWSSupport + // +kubebuilder:validation:Required + Name *string `json:"name"` // A list of SSM documents required by a document. This parameter is used exclusively // by AppConfig. When a user creates an AppConfig configuration in an SSM document, @@ -80,6 +86,7 @@ type DocumentSpec struct { // document for validation purposes. For more information, see What is AppConfig? // (https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) // in the AppConfig User Guide. + Requires []*DocumentRequires `json:"requires,omitempty"` // Optional metadata that you assign to a resource. Tags enable you to categorize // a resource in different ways, such as by purpose, owner, or environment. @@ -87,11 +94,12 @@ type DocumentSpec struct { // of targets or the environment where it will run. In this case, you could // specify the following key-value pairs: // - // - Key=OS,Value=Windows + // * Key=OS,Value=Windows // - // - Key=Environment,Value=Production + // * Key=Environment,Value=Production // // To add tags to an existing SSM document, use the AddTagsToResource operation. + Tags []*Tag `json:"tags,omitempty"` // Specify a target type to define the kinds of resources the document can run // on. For example, to run a document on EC2 instances, specify the following @@ -100,10 +108,12 @@ type DocumentSpec struct { // can't run on any resources. For a list of valid resource types, see Amazon // Web Services resource and property types reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) // in the CloudFormation User Guide. + TargetType *string `json:"targetType,omitempty"` // An optional field specifying the version of the artifact you are creating // with the document. For example, Release12.1. This value is unique across // all versions of a document, and can't be changed. + VersionName *string `json:"versionName,omitempty"` } @@ -114,7 +124,7 @@ type DocumentStatus struct { // constructed ARN for the resource // +kubebuilder:validation:Optional ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` - // All CRS managed by ACK have a common `Status.Conditions` member that + // All CRs managed by ACK have a common `Status.Conditions` member that // contains a collection of `ackv1alpha1.Condition` objects that describe // the various terminal states of the CR and its backend AWS service API // resource diff --git a/apis/v1alpha1/patch_baseline.go b/apis/v1alpha1/patch_baseline.go index b9ef2ad..56543fd 100644 --- a/apis/v1alpha1/patch_baseline.go +++ b/apis/v1alpha1/patch_baseline.go @@ -24,6 +24,7 @@ import ( type PatchBaselineSpec struct { // A set of rules used to include patches in the baseline. + ApprovalRules *PatchRuleGroup `json:"approvalRules,omitempty"` // A list of explicitly approved patches for the baseline. // @@ -31,30 +32,39 @@ type PatchBaselineSpec struct { // rejected patches, see Package name formats for approved and rejected patch // lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) // in the Amazon Web Services Systems Manager User Guide. + ApprovedPatches []*string `json:"approvedPatches,omitempty"` // Defines the compliance level for approved patches. When an approved patch // is reported as missing, this value describes the severity of the compliance // violation. The default value is UNSPECIFIED. + ApprovedPatchesComplianceLevel *string `json:"approvedPatchesComplianceLevel,omitempty"` // Indicates whether the list of approved patches includes non-security updates // that should be applied to the managed nodes. The default value is false. // Applies to Linux managed nodes only. + ApprovedPatchesEnableNonSecurity *bool `json:"approvedPatchesEnableNonSecurity,omitempty"` // User-provided idempotency token. + ClientToken *string `json:"clientToken,omitempty"` // A description of the patch baseline. + Description *string `json:"description,omitempty"` // A set of global filters used to include patches in the baseline. // // The GlobalFilters parameter can be configured only by using the CLI or an // Amazon Web Services SDK. It can't be configured from the Patch Manager console, // and its value isn't displayed in the console. + GlobalFilters *PatchFilterGroup `json:"globalFilters,omitempty"` // The name of the patch baseline. + // +kubebuilder:validation:Required + Name *string `json:"name"` // Defines the operating system the patch baseline applies to. The default value // is WINDOWS. + OperatingSystem *string `json:"operatingSystem,omitempty"` // A list of explicitly rejected patches for the baseline. // @@ -62,6 +72,7 @@ type PatchBaselineSpec struct { // rejected patches, see Package name formats for approved and rejected patch // lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) // in the Amazon Web Services Systems Manager User Guide. + RejectedPatches []*string `json:"rejectedPatches,omitempty"` // The action for Patch Manager to take on patches included in the RejectedPackages // list. @@ -78,17 +89,19 @@ type PatchBaselineSpec struct { // its status is reported as INSTALLED_OTHER. Any package not already installed // on the node is skipped. This is the default action if no option is specified. // - // # BLOCK + // BLOCK // // All OSs: Packages in the rejected patches list, and packages that include // them as dependencies, aren't installed by Patch Manager under any circumstances. // If a package was installed before it was added to the rejected patches list, // or is installed outside of Patch Manager afterward, it's considered noncompliant // with the patch baseline and its status is reported as INSTALLED_REJECTED. + RejectedPatchesAction *string `json:"rejectedPatchesAction,omitempty"` // Information about the patches to use to update the managed nodes, including // target operating systems and source repositories. Applies to Linux managed // nodes only. + Sources []*PatchSource `json:"sources,omitempty"` // Optional metadata that you assign to a resource. Tags enable you to categorize // a resource in different ways, such as by purpose, owner, or environment. @@ -96,11 +109,12 @@ type PatchBaselineSpec struct { // level of patches it specifies and the operating system family it applies // to. In this case, you could specify the following key-value pairs: // - // - Key=PatchSeverity,Value=Critical + // * Key=PatchSeverity,Value=Critical // - // - Key=OS,Value=Windows + // * Key=OS,Value=Windows // // To add tags to an existing patch baseline, use the AddTagsToResource operation. + Tags []*Tag `json:"tags,omitempty"` } @@ -111,7 +125,7 @@ type PatchBaselineStatus struct { // constructed ARN for the resource // +kubebuilder:validation:Optional ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` - // All CRS managed by ACK have a common `Status.Conditions` member that + // All CRs managed by ACK have a common `Status.Conditions` member that // contains a collection of `ackv1alpha1.Condition` objects that describe // the various terminal states of the CR and its backend AWS service API // resource diff --git a/apis/v1alpha1/resource_data_sync.go b/apis/v1alpha1/resource_data_sync.go index 190cddd..eb4b2fb 100644 --- a/apis/v1alpha1/resource_data_sync.go +++ b/apis/v1alpha1/resource_data_sync.go @@ -25,12 +25,16 @@ type ResourceDataSyncSpec struct { // Amazon S3 configuration details for the sync. This parameter is required // if the SyncType value is SyncToDestination. + S3Destination *ResourceDataSyncS3Destination `json:"s3Destination,omitempty"` // A name for the configuration. + // +kubebuilder:validation:Required + SyncName *string `json:"syncName"` // Specify information about the data sources to synchronize. This parameter // is required if the SyncType value is SyncFromSource. + SyncSource *ResourceDataSyncSource `json:"syncSource,omitempty"` // Specify SyncToDestination to create a resource data sync that synchronizes // data to an S3 bucket for Inventory. If you specify SyncToDestination, you @@ -39,6 +43,7 @@ type ResourceDataSyncSpec struct { // accounts and Amazon Web Services Regions, as listed in Organizations for // Explorer. If you specify SyncFromSource, you must provide a value for SyncSource. // The default value is SyncToDestination. + SyncType *string `json:"syncType,omitempty"` } @@ -49,7 +54,7 @@ type ResourceDataSyncStatus struct { // constructed ARN for the resource // +kubebuilder:validation:Optional ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` - // All CRS managed by ACK have a common `Status.Conditions` member that + // All CRs managed by ACK have a common `Status.Conditions` member that // contains a collection of `ackv1alpha1.Condition` objects that describe // the various terminal states of the CR and its backend AWS service API // resource diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index 62c3f18..3f31636 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/ssm-controller - newTag: 1.0.3 + newTag: 1.0.4 diff --git a/config/crd/bases/ssm.services.k8s.aws_documents.yaml b/config/crd/bases/ssm.services.k8s.aws_documents.yaml index bdf31e4..6ef36aa 100644 --- a/config/crd/bases/ssm.services.k8s.aws_documents.yaml +++ b/config/crd/bases/ssm.services.k8s.aws_documents.yaml @@ -40,8 +40,6 @@ spec: description: DocumentSpec defines the desired state of Document. properties: attachments: - description: A list of key-value pairs that describe attachments to - a version of a document. items: description: |- Identifying information about a document attachment, including the file name @@ -58,68 +56,16 @@ spec: type: object type: array content: - description: |- - The content for the new SSM document in JSON or YAML format. The content - of the document must not exceed 64KB. This quota also includes the content - specified for input parameters at runtime. We recommend storing the contents - for your new document in an external JSON or YAML file and referencing the - file in a command. - - For examples, see the following topics in the Amazon Web Services Systems - Manager User Guide. - - * Create an SSM document (console) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-console) - - * Create an SSM document (command line) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-cli) - - * Create an SSM document (API) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-api) type: string displayName: - description: |- - An optional field where you can specify a friendly name for the SSM document. - This value can differ for each version of the document. You can update this - value at a later time using the UpdateDocument operation. type: string documentFormat: - description: |- - Specify the document format for the request. The document format can be JSON, - YAML, or TEXT. JSON is the default format. type: string documentType: - description: |- - The type of document to create. - - The DeploymentStrategy document type is an internal-use-only document type - reserved for AppConfig. type: string name: - description: |- - A name for the SSM document. - - You can't use the following strings as document name prefixes. These are - reserved by Amazon Web Services for use as document name prefixes: - - * aws - - * amazon - - * amzn - - * AWSEC2 - - * AWSConfigRemediation - - * AWSSupport type: string requires: - description: |- - A list of SSM documents required by a document. This parameter is used exclusively - by AppConfig. When a user creates an AppConfig configuration in an SSM document, - the user must also specify a required document for validation purposes. In - this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema - document for validation purposes. For more information, see What is AppConfig? - (https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) - in the AppConfig User Guide. items: description: An SSM document required by the current document. properties: @@ -134,18 +80,6 @@ spec: type: object type: array tags: - description: |- - Optional metadata that you assign to a resource. Tags enable you to categorize - a resource in different ways, such as by purpose, owner, or environment. - For example, you might want to tag an SSM document to identify the types - of targets or the environment where it will run. In this case, you could - specify the following key-value pairs: - - * Key=OS,Value=Windows - - * Key=Environment,Value=Production - - To add tags to an existing SSM document, use the AddTagsToResource operation. items: description: |- Metadata that you assign to your Amazon Web Services resources. Tags enable @@ -161,20 +95,8 @@ spec: type: object type: array targetType: - description: |- - Specify a target type to define the kinds of resources the document can run - on. For example, to run a document on EC2 instances, specify the following - value: /AWS::EC2::Instance. If you specify a value of '/' the document can - run on all types of resources. If you don't specify a value, the document - can't run on any resources. For a list of valid resource types, see Amazon - Web Services resource and property types reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) - in the CloudFormation User Guide. type: string versionName: - description: |- - An optional field specifying the version of the artifact you are creating - with the document. For example, Release12.1. This value is unique across - all versions of a document, and can't be changed. type: string required: - content @@ -245,7 +167,7 @@ spec: type: array conditions: description: |- - All CRS managed by ACK have a common `Status.Conditions` member that + All CRs managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource diff --git a/config/crd/bases/ssm.services.k8s.aws_patchbaselines.yaml b/config/crd/bases/ssm.services.k8s.aws_patchbaselines.yaml index 473a32c..b82f402 100644 --- a/config/crd/bases/ssm.services.k8s.aws_patchbaselines.yaml +++ b/config/crd/bases/ssm.services.k8s.aws_patchbaselines.yaml @@ -40,7 +40,8 @@ spec: description: PatchBaselineSpec defines the desired state of PatchBaseline. properties: approvalRules: - description: A set of rules used to include patches in the baseline. + description: A set of rules defining the approval rules for a patch + baseline. properties: patchRules: items: @@ -92,41 +93,19 @@ spec: type: array type: object approvedPatches: - description: |- - A list of explicitly approved patches for the baseline. - - For information about accepted formats for lists of approved patches and - rejected patches, see Package name formats for approved and rejected patch - lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) - in the Amazon Web Services Systems Manager User Guide. items: type: string type: array approvedPatchesComplianceLevel: - description: |- - Defines the compliance level for approved patches. When an approved patch - is reported as missing, this value describes the severity of the compliance - violation. The default value is UNSPECIFIED. type: string approvedPatchesEnableNonSecurity: - description: |- - Indicates whether the list of approved patches includes non-security updates - that should be applied to the managed nodes. The default value is false. - Applies to Linux managed nodes only. type: boolean clientToken: - description: User-provided idempotency token. type: string description: - description: A description of the patch baseline. type: string globalFilters: - description: |- - A set of global filters used to include patches in the baseline. - - The GlobalFilters parameter can be configured only by using the CLI or an - Amazon Web Services SDK. It can't be configured from the Patch Manager console, - and its value isn't displayed in the console. + description: A set of patch filters, typically used for approval rules. properties: patchFilters: items: @@ -158,54 +137,16 @@ spec: type: array type: object name: - description: The name of the patch baseline. type: string operatingSystem: - description: |- - Defines the operating system the patch baseline applies to. The default value - is WINDOWS. type: string rejectedPatches: - description: |- - A list of explicitly rejected patches for the baseline. - - For information about accepted formats for lists of approved patches and - rejected patches, see Package name formats for approved and rejected patch - lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) - in the Amazon Web Services Systems Manager User Guide. items: type: string type: array rejectedPatchesAction: - description: |- - The action for Patch Manager to take on patches included in the RejectedPackages - list. - - ALLOW_AS_DEPENDENCY - - Linux and macOS: A package in the rejected patches list is installed only - if it is a dependency of another package. It is considered compliant with - the patch baseline, and its status is reported as INSTALLED_OTHER. This is - the default action if no option is specified. - - Windows Server: Windows Server doesn't support the concept of package dependencies. - If a package in the rejected patches list and already installed on the node, - its status is reported as INSTALLED_OTHER. Any package not already installed - on the node is skipped. This is the default action if no option is specified. - - BLOCK - - All OSs: Packages in the rejected patches list, and packages that include - them as dependencies, aren't installed by Patch Manager under any circumstances. - If a package was installed before it was added to the rejected patches list, - or is installed outside of Patch Manager afterward, it's considered noncompliant - with the patch baseline and its status is reported as INSTALLED_REJECTED. type: string sources: - description: |- - Information about the patches to use to update the managed nodes, including - target operating systems and source repositories. Applies to Linux managed - nodes only. items: description: |- Information about the patches to use to update the managed nodes, including @@ -223,18 +164,6 @@ spec: type: object type: array tags: - description: |- - Optional metadata that you assign to a resource. Tags enable you to categorize - a resource in different ways, such as by purpose, owner, or environment. - For example, you might want to tag a patch baseline to identify the severity - level of patches it specifies and the operating system family it applies - to. In this case, you could specify the following key-value pairs: - - * Key=PatchSeverity,Value=Critical - - * Key=OS,Value=Windows - - To add tags to an existing patch baseline, use the AddTagsToResource operation. items: description: |- Metadata that you assign to your Amazon Web Services resources. Tags enable @@ -289,7 +218,7 @@ spec: type: string conditions: description: |- - All CRS managed by ACK have a common `Status.Conditions` member that + All CRs managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource diff --git a/config/crd/bases/ssm.services.k8s.aws_resourcedatasyncs.yaml b/config/crd/bases/ssm.services.k8s.aws_resourcedatasyncs.yaml index 1cc948e..51cf08f 100644 --- a/config/crd/bases/ssm.services.k8s.aws_resourcedatasyncs.yaml +++ b/config/crd/bases/ssm.services.k8s.aws_resourcedatasyncs.yaml @@ -40,9 +40,8 @@ spec: description: ResourceDataSyncSpec defines the desired state of ResourceDataSync. properties: s3Destination: - description: |- - Amazon S3 configuration details for the sync. This parameter is required - if the SyncType value is SyncToDestination. + description: Information about the target S3 bucket for the resource + data sync. properties: awsKMSKeyARN: type: string @@ -67,12 +66,10 @@ spec: type: string type: object syncName: - description: A name for the configuration. type: string syncSource: - description: |- - Specify information about the data sources to synchronize. This parameter - is required if the SyncType value is SyncFromSource. + description: Information about the source of the data included in + the resource data sync. properties: awsOrganizationsSource: description: |- @@ -105,14 +102,6 @@ spec: type: string type: object syncType: - description: |- - Specify SyncToDestination to create a resource data sync that synchronizes - data to an S3 bucket for Inventory. If you specify SyncToDestination, you - must provide a value for S3Destination. Specify SyncFromSource to synchronize - data from a single account and multiple Regions, or multiple Amazon Web Services - accounts and Amazon Web Services Regions, as listed in Organizations for - Explorer. If you specify SyncFromSource, you must provide a value for SyncSource. - The default value is SyncToDestination. type: string required: - syncName @@ -151,7 +140,7 @@ spec: type: object conditions: description: |- - All CRS managed by ACK have a common `Status.Conditions` member that + All CRs managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 46356b3..35eebbe 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: ssm-chart description: A Helm chart for the ACK service controller for Systems Manager (SSM) -version: 1.0.3 -appVersion: 1.0.3 +version: 1.0.4 +appVersion: 1.0.4 home: https://github.com/aws-controllers-k8s/ssm-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/crds/ssm.services.k8s.aws_documents.yaml b/helm/crds/ssm.services.k8s.aws_documents.yaml index 8b6a9bd..6ef36aa 100644 --- a/helm/crds/ssm.services.k8s.aws_documents.yaml +++ b/helm/crds/ssm.services.k8s.aws_documents.yaml @@ -40,8 +40,6 @@ spec: description: DocumentSpec defines the desired state of Document. properties: attachments: - description: A list of key-value pairs that describe attachments to - a version of a document. items: description: |- Identifying information about a document attachment, including the file name @@ -58,68 +56,16 @@ spec: type: object type: array content: - description: |- - The content for the new SSM document in JSON or YAML format. The content - of the document must not exceed 64KB. This quota also includes the content - specified for input parameters at runtime. We recommend storing the contents - for your new document in an external JSON or YAML file and referencing the - file in a command. - - For examples, see the following topics in the Amazon Web Services Systems - Manager User Guide. - - - Create an SSM document (console) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-console) - - - Create an SSM document (command line) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-cli) - - - Create an SSM document (API) (https://docs.aws.amazon.com/systems-manager/latest/userguide/documents-using.html#create-ssm-document-api) type: string displayName: - description: |- - An optional field where you can specify a friendly name for the SSM document. - This value can differ for each version of the document. You can update this - value at a later time using the UpdateDocument operation. type: string documentFormat: - description: |- - Specify the document format for the request. The document format can be JSON, - YAML, or TEXT. JSON is the default format. type: string documentType: - description: |- - The type of document to create. - - The DeploymentStrategy document type is an internal-use-only document type - reserved for AppConfig. type: string name: - description: |- - A name for the SSM document. - - You can't use the following strings as document name prefixes. These are - reserved by Amazon Web Services for use as document name prefixes: - - - aws - - - amazon - - - amzn - - - AWSEC2 - - - AWSConfigRemediation - - - AWSSupport type: string requires: - description: |- - A list of SSM documents required by a document. This parameter is used exclusively - by AppConfig. When a user creates an AppConfig configuration in an SSM document, - the user must also specify a required document for validation purposes. In - this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema - document for validation purposes. For more information, see What is AppConfig? - (https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) - in the AppConfig User Guide. items: description: An SSM document required by the current document. properties: @@ -134,18 +80,6 @@ spec: type: object type: array tags: - description: |- - Optional metadata that you assign to a resource. Tags enable you to categorize - a resource in different ways, such as by purpose, owner, or environment. - For example, you might want to tag an SSM document to identify the types - of targets or the environment where it will run. In this case, you could - specify the following key-value pairs: - - - Key=OS,Value=Windows - - - Key=Environment,Value=Production - - To add tags to an existing SSM document, use the AddTagsToResource operation. items: description: |- Metadata that you assign to your Amazon Web Services resources. Tags enable @@ -161,20 +95,8 @@ spec: type: object type: array targetType: - description: |- - Specify a target type to define the kinds of resources the document can run - on. For example, to run a document on EC2 instances, specify the following - value: /AWS::EC2::Instance. If you specify a value of '/' the document can - run on all types of resources. If you don't specify a value, the document - can't run on any resources. For a list of valid resource types, see Amazon - Web Services resource and property types reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) - in the CloudFormation User Guide. type: string versionName: - description: |- - An optional field specifying the version of the artifact you are creating - with the document. For example, Release12.1. This value is unique across - all versions of a document, and can't be changed. type: string required: - content @@ -245,7 +167,7 @@ spec: type: array conditions: description: |- - All CRS managed by ACK have a common `Status.Conditions` member that + All CRs managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource diff --git a/helm/crds/ssm.services.k8s.aws_patchbaselines.yaml b/helm/crds/ssm.services.k8s.aws_patchbaselines.yaml index e1e7dec..b82f402 100644 --- a/helm/crds/ssm.services.k8s.aws_patchbaselines.yaml +++ b/helm/crds/ssm.services.k8s.aws_patchbaselines.yaml @@ -40,7 +40,8 @@ spec: description: PatchBaselineSpec defines the desired state of PatchBaseline. properties: approvalRules: - description: A set of rules used to include patches in the baseline. + description: A set of rules defining the approval rules for a patch + baseline. properties: patchRules: items: @@ -92,41 +93,19 @@ spec: type: array type: object approvedPatches: - description: |- - A list of explicitly approved patches for the baseline. - - For information about accepted formats for lists of approved patches and - rejected patches, see Package name formats for approved and rejected patch - lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) - in the Amazon Web Services Systems Manager User Guide. items: type: string type: array approvedPatchesComplianceLevel: - description: |- - Defines the compliance level for approved patches. When an approved patch - is reported as missing, this value describes the severity of the compliance - violation. The default value is UNSPECIFIED. type: string approvedPatchesEnableNonSecurity: - description: |- - Indicates whether the list of approved patches includes non-security updates - that should be applied to the managed nodes. The default value is false. - Applies to Linux managed nodes only. type: boolean clientToken: - description: User-provided idempotency token. type: string description: - description: A description of the patch baseline. type: string globalFilters: - description: |- - A set of global filters used to include patches in the baseline. - - The GlobalFilters parameter can be configured only by using the CLI or an - Amazon Web Services SDK. It can't be configured from the Patch Manager console, - and its value isn't displayed in the console. + description: A set of patch filters, typically used for approval rules. properties: patchFilters: items: @@ -158,54 +137,16 @@ spec: type: array type: object name: - description: The name of the patch baseline. type: string operatingSystem: - description: |- - Defines the operating system the patch baseline applies to. The default value - is WINDOWS. type: string rejectedPatches: - description: |- - A list of explicitly rejected patches for the baseline. - - For information about accepted formats for lists of approved patches and - rejected patches, see Package name formats for approved and rejected patch - lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) - in the Amazon Web Services Systems Manager User Guide. items: type: string type: array rejectedPatchesAction: - description: |- - The action for Patch Manager to take on patches included in the RejectedPackages - list. - - ALLOW_AS_DEPENDENCY - - Linux and macOS: A package in the rejected patches list is installed only - if it is a dependency of another package. It is considered compliant with - the patch baseline, and its status is reported as INSTALLED_OTHER. This is - the default action if no option is specified. - - Windows Server: Windows Server doesn't support the concept of package dependencies. - If a package in the rejected patches list and already installed on the node, - its status is reported as INSTALLED_OTHER. Any package not already installed - on the node is skipped. This is the default action if no option is specified. - - # BLOCK - - All OSs: Packages in the rejected patches list, and packages that include - them as dependencies, aren't installed by Patch Manager under any circumstances. - If a package was installed before it was added to the rejected patches list, - or is installed outside of Patch Manager afterward, it's considered noncompliant - with the patch baseline and its status is reported as INSTALLED_REJECTED. type: string sources: - description: |- - Information about the patches to use to update the managed nodes, including - target operating systems and source repositories. Applies to Linux managed - nodes only. items: description: |- Information about the patches to use to update the managed nodes, including @@ -223,18 +164,6 @@ spec: type: object type: array tags: - description: |- - Optional metadata that you assign to a resource. Tags enable you to categorize - a resource in different ways, such as by purpose, owner, or environment. - For example, you might want to tag a patch baseline to identify the severity - level of patches it specifies and the operating system family it applies - to. In this case, you could specify the following key-value pairs: - - - Key=PatchSeverity,Value=Critical - - - Key=OS,Value=Windows - - To add tags to an existing patch baseline, use the AddTagsToResource operation. items: description: |- Metadata that you assign to your Amazon Web Services resources. Tags enable @@ -289,7 +218,7 @@ spec: type: string conditions: description: |- - All CRS managed by ACK have a common `Status.Conditions` member that + All CRs managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource diff --git a/helm/crds/ssm.services.k8s.aws_resourcedatasyncs.yaml b/helm/crds/ssm.services.k8s.aws_resourcedatasyncs.yaml index 1cc948e..51cf08f 100644 --- a/helm/crds/ssm.services.k8s.aws_resourcedatasyncs.yaml +++ b/helm/crds/ssm.services.k8s.aws_resourcedatasyncs.yaml @@ -40,9 +40,8 @@ spec: description: ResourceDataSyncSpec defines the desired state of ResourceDataSync. properties: s3Destination: - description: |- - Amazon S3 configuration details for the sync. This parameter is required - if the SyncType value is SyncToDestination. + description: Information about the target S3 bucket for the resource + data sync. properties: awsKMSKeyARN: type: string @@ -67,12 +66,10 @@ spec: type: string type: object syncName: - description: A name for the configuration. type: string syncSource: - description: |- - Specify information about the data sources to synchronize. This parameter - is required if the SyncType value is SyncFromSource. + description: Information about the source of the data included in + the resource data sync. properties: awsOrganizationsSource: description: |- @@ -105,14 +102,6 @@ spec: type: string type: object syncType: - description: |- - Specify SyncToDestination to create a resource data sync that synchronizes - data to an S3 bucket for Inventory. If you specify SyncToDestination, you - must provide a value for S3Destination. Specify SyncFromSource to synchronize - data from a single account and multiple Regions, or multiple Amazon Web Services - accounts and Amazon Web Services Regions, as listed in Organizations for - Explorer. If you specify SyncFromSource, you must provide a value for SyncSource. - The default value is SyncToDestination. type: string required: - syncName @@ -151,7 +140,7 @@ spec: type: object conditions: description: |- - All CRS managed by ACK have a common `Status.Conditions` member that + All CRs managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index ddf1b58..ddcc106 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/ssm-controller:1.0.3". +This chart deploys "public.ecr.aws/aws-controllers-k8s/ssm-controller:1.0.4". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/values.yaml b/helm/values.yaml index 1a36388..403313f 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/ssm-controller - tag: 1.0.3 + tag: 1.0.4 pullPolicy: IfNotPresent pullSecrets: []