aws-controllers-k8s
diff --git a/‎apis/v1alpha1/ack-generate-metadata.yaml‎
Lines changed: 4 additions & 4 deletions b/‎apis/v1alpha1/ack-generate-metadata.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎apis/v1alpha1/certificate.go‎
Lines changed: 13 additions & 3 deletions b/‎apis/v1alpha1/certificate.go‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎apis/v1alpha1/generator.yaml‎
Lines changed: 36 additions & 5 deletions b/‎apis/v1alpha1/generator.yaml‎
Lines changed: 36 additions & 5 deletions
diff --git a/‎apis/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 25 additions & 0 deletions b/‎apis/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎cmd/controller/main.go‎
Lines changed: 2 additions & 0 deletions b/‎cmd/controller/main.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config/crd/bases/acm.services.k8s.aws_certificates.yaml‎
Lines changed: 82 additions & 2 deletions b/‎config/crd/bases/acm.services.k8s.aws_certificates.yaml‎
Lines changed: 82 additions & 2 deletions
diff --git a/‎config/rbac/cluster-role-controller.yaml‎
Lines changed: 8 additions & 0 deletions b/‎config/rbac/cluster-role-controller.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎documentation.yaml‎
Lines changed: 15 additions & 0 deletions b/‎documentation.yaml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎generator.yaml‎
Lines changed: 36 additions & 5 deletions b/‎generator.yaml‎
Lines changed: 36 additions & 5 deletions
diff --git a/‎go.mod‎
Lines changed: 2 additions & 1 deletion b/‎go.mod‎
Lines changed: 2 additions & 1 deletion
@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2024-10-10T03:56:31Z"
+  build_date: "2024-11-06T19:23:27Z"
   build_hash: 36c2d234498c2bc4f60773ab8df632af4067f43b
-  go_version: go1.23.2
+  go_version: go1.22.4
   version: v0.39.1
-api_directory_checksum: e337526dd1438ddb861e06bd92b5f640ba9ed537
+api_directory_checksum: b055cc57ac2cc8b07e374803c280b65d1a72f3bf
 api_version: v1alpha1
 aws_sdk_go_version: v1.49.0
 generator_config_info:
-  file_checksum: 910047b7946c5968bbc58b6334099deb005e95cc
+  file_checksum: df0b4d7fe83a679c01131dc4af1844b5ff8105b3
   original_file_name: generator.yaml
 last_modification:
   reason: API generation
@@ -35,24 +35,55 @@ resources:
         code: input.SetValidationMethod("DNS")
       sdk_read_one_pre_set_output:
         template_path: hooks/certificate/sdk_read_one_pre_set_output.go.tpl
+      sdk_file_end:
+        template_path: hooks/certificate/sdk_file_end.go.tpl
+      late_initialize_post_read_one:
+        template_path: hooks/certificate/late_initialize_post_read_one.go.tpl
     exceptions:
       terminal_codes:
         - InvalidParameter
         - InvalidDomainValidationOptionsException 
         - InvalidTagException
         - TagPolicyException
         - TooManyTagsException 
+        - InvalidArnException
     reconcile:
       requeue_on_success_seconds: 60
     fields:
-      DomainValidationOptions:
+      DomainName:
+        is_primary_key: false
+        is_required: false
+      Certificate:
+        type: "bytes"
+        is_secret: true
+        is_immutable: true
+        compare:
+          is_ignored: true
+      PrivateKey:
+        type: "bytes"
+        is_secret: true
+        is_immutable: true
+        compare:
+          is_ignored: true
+      CertificateArn:
+        type: string
+        is_immutable: true
+      CertificateChain:
+        type: "bytes"
+        is_immutable: true
+        is_secret: true
+        compare:
+          is_ignored: true
+      CertificateAuthorityARN:
+        references:
+          service_name: acmpca
+          resource: CertificateAuthority
+          path: Status.ACKResourceMetadata.ARN
+        is_immutable: true
+      KeyAlgorithm:
         late_initialize: {}
       Options:
         late_initialize: {}
-      SubjectAlternativeNames:
-        late_initialize: {}
-      KeyAlgorithm:
-        late_initialize: {}
       # NOTE(jaypipes): The Create operation (RequestCertificate) has a
       # response with only a single field (certificateArn). All of the status
       # fields for the certificate are in the ReadOne operation
 
@@ -39,6 +39,31 @@ spec:
           spec:
             description: CertificateSpec defines the desired state of Certificate.
             properties:
+              certificate:
+                description: |-
+                  The Certificate to import into AWS Certificate Manager (ACM) to use with services that are integrated with ACM.
+                  This field is only valid when importing an existing certificate into ACM.
+                properties:
+                  key:
+                    description: Key is the key within the secret
+                    type: string
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                required:
+                - key
+                type: object
+                x-kubernetes-map-type: atomic
+              certificateARN:
+                description: |-
+                  The Amazon Resource Name (ARN) of an imported certificate to replace. This field is only valid when importing
+                  an existing certificate into ACM.
+                type: string
               certificateAuthorityARN:
                 description: |-
                   The Amazon Resource Name (ARN) of the private certificate authority (CA)
@@ -50,6 +75,43 @@ spec:
 
                   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
                 type: string
+              certificateAuthorityRef:
+                description: "AWSResourceReferenceWrapper provides a wrapper around
+                  *AWSResourceReference\ntype to provide more user friendly syntax
+                  for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t
+                  \ name: my-api"
+                properties:
+                  from:
+                    description: |-
+                      AWSResourceReference provides all the values necessary to reference another
+                      k8s resource for finding the identifier(Id/ARN/Name)
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    type: object
+                type: object
+              certificateChain:
+                description: |-
+                  SecretKeyReference combines a k8s corev1.SecretReference with a
+                  specific key within the referred-to Secret
+                properties:
+                  key:
+                    description: Key is the key within the secret
+                    type: string
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                required:
+                - key
+                type: object
+                x-kubernetes-map-type: atomic
               domainName:
                 description: |-
                   Fully qualified domain name (FQDN), such as www.example.com, that you want
@@ -104,6 +166,26 @@ spec:
                   certificateTransparencyLoggingPreference:
                     type: string
                 type: object
+              privateKey:
+                description: |-
+                  The private key that matches the public key in the certificate. This field is only valid when importing
+                  an existing certificate into ACM.
+                properties:
+                  key:
+                    description: Key is the key within the secret
+                    type: string
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                required:
+                - key
+                type: object
+                x-kubernetes-map-type: atomic
               subjectAlternativeNames:
                 description: |-
                   Additional FQDNs to be included in the Subject Alternative Name extension
@@ -143,8 +225,6 @@ spec:
                       type: string
                   type: object
                 type: array
-            required:
-            - domainName
             type: object
           status:
             description: CertificateStatus defines the observed state of Certificate
 
@@ -42,6 +42,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - acmpca.services.k8s.aws
+  resources:
+  - certificateauthorities
+  - certificateauthorities/status
+  verbs:
+  - get
+  - list
 - apiGroups:
   - services.k8s.aws
   resources:
 
@@ -0,0 +1,15 @@
+resources:
+  Certificate:
+    fields:
+      Certificate:
+        prepend: |
+          The Certificate to import into AWS Certificate Manager (ACM) to use with services that are integrated with ACM.
+          This field is only valid when importing an existing certificate into ACM.
+      PrivateKey:
+        prepend: |
+          The private key that matches the public key in the certificate. This field is only valid when importing
+          an existing certificate into ACM.
+      CertificateARN:
+        prepend: |
+          The Amazon Resource Name (ARN) of an imported certificate to replace. This field is only valid when importing
+          an existing certificate into ACM.
@@ -35,24 +35,55 @@ resources:
         code: input.SetValidationMethod("DNS")
       sdk_read_one_pre_set_output:
         template_path: hooks/certificate/sdk_read_one_pre_set_output.go.tpl
+      sdk_file_end:
+        template_path: hooks/certificate/sdk_file_end.go.tpl
+      late_initialize_post_read_one:
+        template_path: hooks/certificate/late_initialize_post_read_one.go.tpl
     exceptions:
       terminal_codes:
         - InvalidParameter
         - InvalidDomainValidationOptionsException 
         - InvalidTagException
         - TagPolicyException
         - TooManyTagsException 
+        - InvalidArnException
     reconcile:
       requeue_on_success_seconds: 60
     fields:
-      DomainValidationOptions:
+      DomainName:
+        is_primary_key: false
+        is_required: false
+      Certificate:
+        type: "bytes"
+        is_secret: true
+        is_immutable: true
+        compare:
+          is_ignored: true
+      PrivateKey:
+        type: "bytes"
+        is_secret: true
+        is_immutable: true
+        compare:
+          is_ignored: true
+      CertificateArn:
+        type: string
+        is_immutable: true
+      CertificateChain:
+        type: "bytes"
+        is_immutable: true
+        is_secret: true
+        compare:
+          is_ignored: true
+      CertificateAuthorityARN:
+        references:
+          service_name: acmpca
+          resource: CertificateAuthority
+          path: Status.ACKResourceMetadata.ARN
+        is_immutable: true
+      KeyAlgorithm:
         late_initialize: {}
       Options:
         late_initialize: {}
-      SubjectAlternativeNames:
-        late_initialize: {}
-      KeyAlgorithm:
-        late_initialize: {}
       # NOTE(jaypipes): The Create operation (RequestCertificate) has a
       # response with only a single field (certificateArn). All of the status
       # fields for the certificate are in the ReadOne operation
 
@@ -5,8 +5,9 @@ go 1.22.0
 toolchain go1.22.5
 
 require (
+	github.com/aws-controllers-k8s/acmpca-controller v0.0.17
 	github.com/aws-controllers-k8s/runtime v0.39.0
-	github.com/aws/aws-sdk-go v1.49.0
+	github.com/aws/aws-sdk-go v1.49.6
 	github.com/go-logr/logr v1.4.2
 	github.com/spf13/pflag v1.0.5
 	k8s.io/api v0.31.0