Update to ACK runtime v0.43.0, code-generator v0.43.1

apis/v1alpha1/ack-generate-metadata.yaml

@@ -1,9 +1,9 @@
 ack_generate_info:
-  build_date: "2025-02-18T01:07:06Z"
-  build_hash: 66c0f840b0bcf6f552be46cf5ee0fb95ad57053e
-  go_version: go1.23.6
-  version: v0.43.0
-api_directory_checksum: 78a5d23ba8b0c12225d1afd2506d5524d9a7aa68
+  build_date: "2025-02-19T23:31:41Z"
+  build_hash: 8b426c490ff1984d8ce5577e11d6dabe1b6373b8
+  go_version: go1.24.0
+  version: v0.43.1
+api_directory_checksum: d47552708cce6913653d845ed96e31d27957b6ad
 api_version: v1alpha1
 aws_sdk_go_version: v1.32.6
 generator_config_info:

config/controller/kustomization.yaml

@@ -6,4 +6,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: public.ecr.aws/aws-controllers-k8s/acm-controller
-  newTag: 1.0.4
+  newTag: 1.0.5

config/crd/bases/acm.services.k8s.aws_certificates.yaml

@@ -41,8 +41,8 @@ spec:
             properties:
               certificate:
                 description: |-
-                  The Certificate to import into AWS Certificate Manager (ACM) to use with services that are integrated with ACM.
-                  This field is only valid when importing an existing certificate into ACM.
+                  SecretKeyReference combines a k8s corev1.SecretReference with a
+                  specific key within the referred-to Secret
                 properties:
                   key:
                     description: Key is the key within the secret
@@ -59,22 +59,19 @@ spec:
                 - key
                 type: object
                 x-kubernetes-map-type: atomic
+                x-kubernetes-validations:
+                - message: Value is immutable once set
+                  rule: self == oldSelf
               certificateARN:
-                description: |-
-                  The Amazon Resource Name (ARN) of an imported certificate to replace. This field is only valid when importing
-                  an existing certificate into ACM.
                 type: string
+                x-kubernetes-validations:
+                - message: Value is immutable once set
+                  rule: self == oldSelf
               certificateAuthorityARN:
-                description: |-
-                  The Amazon Resource Name (ARN) of the private certificate authority (CA)
-                  that will be used to issue the certificate. If you do not provide an ARN
-                  and you are trying to request a private certificate, ACM will attempt to
-                  issue a public certificate. For more information about private CAs, see the
-                  Amazon Web Services Private Certificate Authority (https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html)
-                  user guide. The ARN must have the following form:
-
-                  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
                 type: string
+                x-kubernetes-validations:
+                - message: Value is immutable once set
+                  rule: self == oldSelf
               certificateAuthorityRef:
                 description: "AWSResourceReferenceWrapper provides a wrapper around
                   *AWSResourceReference\ntype to provide more user friendly syntax
@@ -112,23 +109,12 @@ spec:
                 - key
                 type: object
                 x-kubernetes-map-type: atomic
+                x-kubernetes-validations:
+                - message: Value is immutable once set
+                  rule: self == oldSelf
               domainName:
-                description: |-
-                  Fully qualified domain name (FQDN), such as www.example.com, that you want
-                  to secure with an ACM certificate. Use an asterisk (*) to create a wildcard
-                  certificate that protects several sites in the same domain. For example,
-                  *.example.com protects www.example.com, site.example.com, and images.example.com.
-
-                  In compliance with RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280),
-                  the length of the domain name (technically, the Common Name) that you provide
-                  cannot exceed 64 octets (characters), including periods. To add a longer
-                  domain name, specify it in the Subject Alternative Name field, which supports
-                  names up to 253 octets in length.
                 type: string
               domainValidationOptions:
-                description: |-
-                  The domain name that you want ACM to use to send you emails so that you can
-                  validate domain ownership.
                 items:
                   description: |-
                     Contains information about the domain names that you want ACM to use to send
@@ -141,50 +127,24 @@ spec:
                   type: object
                 type: array
               keyAlgorithm:
-                description: |-
-                  Specifies the algorithm of the public and private key pair that your certificate
-                  uses to encrypt data. RSA is the default key algorithm for ACM certificates.
-                  Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering
-                  security comparable to RSA keys but with greater computing efficiency. However,
-                  ECDSA is not supported by all network clients. Some Amazon Web Services services
-                  may require RSA keys, or only support ECDSA keys of a particular size, while
-                  others allow the use of either RSA and ECDSA keys to ensure that compatibility
-                  is not broken. Check the requirements for the Amazon Web Services service
-                  where you plan to deploy your certificate. For more information about selecting
-                  an algorithm, see Key algorithms (https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms).
-
-                  Algorithms supported for an ACM certificate request include:
-
-                     * RSA_2048
-
-                     * EC_prime256v1
-
-                     * EC_secp384r1
-
-                  Other listed algorithms are for imported certificates only.
-
-                  When you request a private PKI certificate signed by a CA from Amazon Web
-                  Services Private CA, the specified signing algorithm family (RSA or ECDSA)
-                  must match the algorithm family of the CA's secret key.
-
-                  Default: RSA_2048
                 type: string
               options:
                 description: |-
-                  Currently, you can use this parameter to specify whether to add the certificate
-                  to a certificate transparency log. Certificate transparency makes it possible
-                  to detect SSL/TLS certificates that have been mistakenly or maliciously issued.
-                  Certificates that have not been logged typically produce an error message
-                  in a browser. For more information, see Opting Out of Certificate Transparency
-                  Logging (https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency).
+                  Structure that contains options for your certificate. Currently, you can
+                  use this only to specify whether to opt in to or out of certificate transparency
+                  logging. Some browsers require that public certificates issued for your domain
+                  be recorded in a log. Certificates that are not logged typically generate
+                  a browser error. Transparency makes it possible for you to detect SSL/TLS
+                  certificates that have been mistakenly or maliciously issued for your domain.
+                  For general information, see Certificate Transparency Logging (https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency).
                 properties:
                   certificateTransparencyLoggingPreference:
                     type: string
                 type: object
               privateKey:
                 description: |-
-                  The private key that matches the public key in the certificate. This field is only valid when importing
-                  an existing certificate into ACM.
+                  SecretKeyReference combines a k8s corev1.SecretReference with a
+                  specific key within the referred-to Secret
                 properties:
                   key:
                     description: Key is the key within the secret
@@ -201,35 +161,14 @@ spec:
                 - key
                 type: object
                 x-kubernetes-map-type: atomic
+                x-kubernetes-validations:
+                - message: Value is immutable once set
+                  rule: self == oldSelf
               subjectAlternativeNames:
-                description: |-
-                  Additional FQDNs to be included in the Subject Alternative Name extension
-                  of the ACM certificate. For example, add the name www.example.net to a certificate
-                  for which the DomainName field is www.example.com if users can reach your
-                  site by using either name. The maximum number of domain names that you can
-                  add to an ACM certificate is 100. However, the initial quota is 10 domain
-                  names. If you need more than 10 names, you must request a quota increase.
-                  For more information, see Quotas (https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html).
-
-                  The maximum length of a SAN DNS name is 253 octets. The name is made up of
-                  multiple labels separated by periods. No label can be longer than 63 octets.
-                  Consider the following examples:
-
-                     * (63 octets).(63 octets).(63 octets).(61 octets) is legal because the
-                     total length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63
-                     octets.
-
-                     * (64 octets).(63 octets).(63 octets).(61 octets) is not legal because
-                     the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first
-                     label exceeds 63 octets.
-
-                     * (63 octets).(63 octets).(63 octets).(62 octets) is not legal because
-                     the total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets.
                 items:
                   type: string
                 type: array
               tags:
-                description: One or more resource tags to associate with the certificate.
                 items:
                   description: A key-value pair that identifies or specifies metadata
                     about an ACM resource.
@@ -275,7 +214,7 @@ spec:
                 type: object
               conditions:
                 description: |-
-                  All CRS managed by ACK have a common `Status.Conditions` member that
+                  All CRs managed by ACK have a common `Status.Conditions` member that
                   contains a collection of `ackv1alpha1.Condition` objects that describe
                   the various terminal states of the CR and its backend AWS service API
                   resource

helm/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: acm-chart
 description: A Helm chart for the ACK service controller for AWS Certificate Manager (ACM)
-version: 1.0.4
-appVersion: 1.0.4
+version: 1.0.5
+appVersion: 1.0.5
 home: https://github.com/aws-controllers-k8s/acm-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources: