update manifests

Author: odacremolbap

config/300-awscloudwatchlogssource.yaml

@@ -117,6 +117,28 @@ spec:
                         oneOf:
                         - required: [value]
                         - required: [valueFromSecret]
+                      sessionToken:
+                        description: The AWS session token for temporary credentials.
+                        type: object
+                        properties:
+                          value:
+                            description: Literal value of the session token.
+                            type: string
+                            format: password
+                          valueFromSecret:
+                            description: A reference to a Kubernetes Secret object containing the session token.
+                            type: object
+                            properties:
+                              name:
+                                type: string
+                              key:
+                                type: string
+                            required:
+                            - name
+                            - key
+                        oneOf:
+                        - required: [value]
+                        - required: [valueFromSecret]
                       assumeIamRole:
                         description: |-
                           The ARN of an IAM role for cross-account or remote EKS cluster authorization.
@@ -127,14 +149,36 @@ spec:
                     - accessKeyID
                     - secretAccessKey
                   iamRole:
-                    description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions.
-                      For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
-                      at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+                    description: Deprecated, please use "iam" object instead.
                     type: string
                     pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                  iam:
+                    description: The IAM role authentication parameters. For Amazon EKS only.
+
+                    type: object
+                    properties:
+                      roleArn:
+                        description: |-
+                          The ARN of an IAM role which can be impersonated to obtain AWS permissions. For
+                          more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
+                          at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+
+                          Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications
+                          from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM
+                          permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These
+                          can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that
+                          is located inside the 'triggermesh' namespace.
+                        type: string
+                        pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                      serviceAccount:
+                        description: |-
+                          The name of the service account to be assigned on the receive adapter. Can be created externally and
+                          shared between multiple components.
+                        type: string
                 oneOf:
                 - required: [credentials]
                 - required: [iamRole]
+                - required: [iam]
               sink:
                 description: The destination of events generated from Amazon CloudWatch Logs.
                 type: object

config/300-awscloudwatchsource.yaml

@@ -176,6 +176,28 @@ spec:
                         oneOf:
                         - required: [value]
                         - required: [valueFromSecret]
+                      sessionToken:
+                        description: The AWS session token for temporary credentials.
+                        type: object
+                        properties:
+                          value:
+                            description: Literal value of the session token.
+                            type: string
+                            format: password
+                          valueFromSecret:
+                            description: A reference to a Kubernetes Secret object containing the session token.
+                            type: object
+                            properties:
+                              name:
+                                type: string
+                              key:
+                                type: string
+                            required:
+                            - name
+                            - key
+                        oneOf:
+                        - required: [value]
+                        - required: [valueFromSecret]
                       assumeIamRole:
                         description: |-
                           The ARN of an IAM role for cross-account or remote EKS cluster authorization.
@@ -186,14 +208,35 @@ spec:
                     - accessKeyID
                     - secretAccessKey
                   iamRole:
-                    description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions.
-                      For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
-                      at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+                    description: Deprecated, please use "iam" object instead.
                     type: string
                     pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                  iam:
+                    description: The IAM role authentication parameters. For Amazon EKS only.
+                    type: object
+                    properties:
+                      roleArn:
+                        description: |-
+                          The ARN of an IAM role which can be impersonated to obtain AWS permissions. For
+                          more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
+                          at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+
+                          Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications
+                          from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM
+                          permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These
+                          can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that
+                          is located inside the 'triggermesh' namespace.
+                        type: string
+                        pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                      serviceAccount:
+                        description: |-
+                          The name of the service account to be assigned on the receive adapter. Can be created externally and
+                          shared between multiple components.
+                        type: string
                 oneOf:
                 - required: [credentials]
                 - required: [iamRole]
+                - required: [iam]
               sink:
                 description: The destination of events generated from Amazon CloudWatch metrics.
                 type: object

config/300-awscodecommitsource.yaml

@@ -127,6 +127,28 @@ spec:
                         oneOf:
                         - required: [value]
                         - required: [valueFromSecret]
+                      sessionToken:
+                        description: The AWS session token for temporary credentials.
+                        type: object
+                        properties:
+                          value:
+                            description: Literal value of the session token.
+                            type: string
+                            format: password
+                          valueFromSecret:
+                            description: A reference to a Kubernetes Secret object containing the session token.
+                            type: object
+                            properties:
+                              name:
+                                type: string
+                              key:
+                                type: string
+                            required:
+                            - name
+                            - key
+                        oneOf:
+                        - required: [value]
+                        - required: [valueFromSecret]
                       assumeIamRole:
                         description: |-
                           The ARN of an IAM role for cross-account or remote EKS cluster authorization.
@@ -137,14 +159,36 @@ spec:
                     - accessKeyID
                     - secretAccessKey
                   iamRole:
-                    description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions.
-                      For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
-                      at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+                    description: Deprecated, please use "iam" object instead.
                     type: string
                     pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                  iam:
+                    description: The IAM role authentication parameters. For Amazon EKS only.
+
+                    type: object
+                    properties:
+                      roleArn:
+                        description: |-
+                          The ARN of an IAM role which can be impersonated to obtain AWS permissions. For
+                          more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
+                          at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+
+                          Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications
+                          from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM
+                          permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These
+                          can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that
+                          is located inside the 'triggermesh' namespace.
+                        type: string
+                        pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                      serviceAccount:
+                        description: |-
+                          The name of the service account to be assigned on the receive adapter. Can be created externally and
+                          shared between multiple components.
+                        type: string
                 oneOf:
                 - required: [credentials]
                 - required: [iamRole]
+                - required: [iam]
               sink:
                 description: The destination of events sourced from Amazon CodeCommit.
                 type: object

config/300-awscognitoidentitysource.yaml

@@ -114,6 +114,28 @@ spec:
                         oneOf:
                         - required: [value]
                         - required: [valueFromSecret]
+                      sessionToken:
+                        description: The AWS session token for temporary credentials.
+                        type: object
+                        properties:
+                          value:
+                            description: Literal value of the session token.
+                            type: string
+                            format: password
+                          valueFromSecret:
+                            description: A reference to a Kubernetes Secret object containing the session token.
+                            type: object
+                            properties:
+                              name:
+                                type: string
+                              key:
+                                type: string
+                            required:
+                            - name
+                            - key
+                        oneOf:
+                        - required: [value]
+                        - required: [valueFromSecret]
                       assumeIamRole:
                         description: |-
                           The ARN of an IAM role for cross-account or remote EKS cluster authorization.
@@ -124,14 +146,36 @@ spec:
                     - accessKeyID
                     - secretAccessKey
                   iamRole:
-                    description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions.
-                      For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
-                      at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+                    description: Deprecated, please use "iam" object instead.
                     type: string
                     pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                  iam:
+                    description: The IAM role authentication parameters. For Amazon EKS only.
+
+                    type: object
+                    properties:
+                      roleArn:
+                        description: |-
+                          The ARN of an IAM role which can be impersonated to obtain AWS permissions. For
+                          more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
+                          at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+
+                          Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications
+                          from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM
+                          permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These
+                          can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that
+                          is located inside the 'triggermesh' namespace.
+                        type: string
+                        pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                      serviceAccount:
+                        description: |-
+                          The name of the service account to be assigned on the receive adapter. Can be created externally and
+                          shared between multiple components.
+                        type: string
                 oneOf:
                 - required: [credentials]
                 - required: [iamRole]
+                - required: [iam]
               sink:
                 description: The destination of events sourced from the Amazon Cognito Identity Pool.
                 type: object

config/300-awscognitouserpoolsource.yaml

@@ -114,6 +114,28 @@ spec:
                         oneOf:
                         - required: [value]
                         - required: [valueFromSecret]
+                      sessionToken:
+                        description: The AWS session token for temporary credentials.
+                        type: object
+                        properties:
+                          value:
+                            description: Literal value of the session token.
+                            type: string
+                            format: password
+                          valueFromSecret:
+                            description: A reference to a Kubernetes Secret object containing the session token.
+                            type: object
+                            properties:
+                              name:
+                                type: string
+                              key:
+                                type: string
+                            required:
+                            - name
+                            - key
+                        oneOf:
+                        - required: [value]
+                        - required: [valueFromSecret]
                       assumeIamRole:
                         description: |-
                           The ARN of an IAM role for cross-account or remote EKS cluster authorization.
@@ -124,14 +146,36 @@ spec:
                     - accessKeyID
                     - secretAccessKey
                   iamRole:
-                    description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions.
-                      For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
-                      at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+                    description: Deprecated, please use "iam" object instead.
                     type: string
                     pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                  iam:
+                    description: The IAM role authentication parameters. For Amazon EKS only.
+
+                    type: object
+                    properties:
+                      roleArn:
+                        description: |-
+                          The ARN of an IAM role which can be impersonated to obtain AWS permissions. For
+                          more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide
+                          at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
+
+                          Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications
+                          from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM
+                          permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These
+                          can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that
+                          is located inside the 'triggermesh' namespace.
+                        type: string
+                        pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$
+                      serviceAccount:
+                        description: |-
+                          The name of the service account to be assigned on the receive adapter. Can be created externally and
+                          shared between multiple components.
+                        type: string
                 oneOf:
                 - required: [credentials]
                 - required: [iamRole]
+                - required: [iam]
               sink:
                 description: The destination of events sourced from the Amazon Cognito User Pool.
                 type: object