feat(transfer): Support multiple public SSH keys

apis/transfer/generator-config.yaml

@@ -3,6 +3,7 @@ ignore:
     - CreateUserInput.ServerId
     - CreateUserInput.UserName
     - CreateUserInput.Role
+    - CreateUserInput.SshPublicKeyBody
     - CreateServerInput.EndpointDetails
     - CreateServerInput.Certificate
     - CreateServerInput.LoggingRole
@@ -19,7 +20,18 @@ resources:
         404:
           code: ResourceNotFoundException
   User:
+    fields:
+      SshPublicKeys:
+        is_read_only: true
+        from:
+          operation: DescribeUser
+          path: User.SshPublicKeys
+      ARN:
+        is_read_only: true
+        from:
+          operation: DescribeUser
+          path: User.Arn
     exceptions:
       errors:
         404:
-          code: ResourceNotFoundException    
+          code: ResourceNotFoundException

apis/transfer/v1alpha1/custom_types.go

@@ -53,6 +53,46 @@ type CustomUserParameters struct {
 	// RoleSelector selects references to a IAM role.
 	// +optional
 	RoleSelector *xpv1.Selector `json:"roleSelector,omitempty"`
+
+	// The public portion of the Secure Shell (SSH) key used to authenticate the
+	// user to the server.
+	//
+	// The three standard SSH public key format elements are <key type>, <body base64>,
+	// and an optional <comment>, with spaces between each element.
+	//
+	// Transfer Family accepts RSA, ECDSA, and ED25519 keys.
+	//
+	//    * For RSA keys, the key type is ssh-rsa.
+	//
+	//    * For ED25519 keys, the key type is ssh-ed25519.
+	//
+	//    * For ECDSA keys, the key type is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384,
+	//    or ecdsa-sha2-nistp521, depending on the size of the key you generated.
+	//
+	// Deprecated: This property is deprecated in favor of SSHPublicKeys.
+	// Changes here will not be reflected in the external resource.
+	SshPublicKeyBody *string `json:"sshPublicKeyBody,omitempty"`
+
+	// SSHPublicKeys that should be added to the server.
+	SSHPublicKeys []SSHPublicKeySpec `json:"sshPublicKeys,omitempty"`
+}
+
+type SSHPublicKeySpec struct {
+	// Body is the public portion of the Secure Shell (SSH) key used to authenticate the
+	// user to the server.
+	//
+	// The three standard SSH public key format elements are <key type>, <body base64>,
+	// and an optional <comment>, with spaces between each element.
+	//
+	// Transfer Family accepts RSA, ECDSA, and ED25519 keys.
+	//
+	//    * For RSA keys, the key type is ssh-rsa.
+	//
+	//    * For ED25519 keys, the key type is ssh-ed25519.
+	//
+	//    * For ECDSA keys, the key type is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384,
+	//    or ecdsa-sha2-nistp521, depending on the size of the key you generated.
+	Body string `json:"body"`
 }
 
 // CustomServerParameters includes custom additional fields for ServerParameters.

examples/transfer/user.yaml

@@ -11,11 +11,12 @@ spec:
       name: somerole
     serverIDRef:
       name: example
-    sshPublicKeyBody: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7qmegDxzv1omqG2cWM+i+qaEGzCoSBwqCeXyGUU93sTqtNYYHJVGj6YZqXeXEGzJtKm2A/uo59Y+WmqhJgW7HcT2Hqvo80NfbIRhqE9TJETyBe
-  GiiC8qpiYgPC2zigCNvTsRXh0CH5FJ1qy4QEBjztQDWOqSrsoOSJEEWCJiKJizTiXDmlGdiKE409GBo8lvlbMRWbrMj3iX825WTqy/T0Pio1kqANDotLnPA0sRXUPVyzc/ghzqRHzFetzP9j7C0nh
-  EvjiJphiuYvhbgix79FrCQG0lXBGcAWzsWUeAoT/d3kQu79+UTWxm+z4pnJ7gkKVMejqrWys560SdAqD264dc5UBRGI9j6XxVKdraSaEitDneONrSAt2tE/RwRxh2ASxqQfdF88zyDI8/ma608tHc
-  FROaNsn5hF+/wzjRK9akdhp5WjA5HXhg2OlkwKvSMhGlSgotRj5pr4Ebxjegysy1mEWRFN/vh/oNq4uHQy8adpfogaVELkI/Z2nuAdQk+uMy6D1hrKhUWubmBPxTbG00IWF25Tyuz8hnFRP9+gB/P
-  NRlF59/EHy27a72nirvuOyfxKnx/Mn+FD9Ah59OSLhWuo3sN9Im8yc2cliecwMz+DmTtE7TwzNw9v2zfxU9JDQwyLtppULiGpmKFOLHjz+SVGxSbVsWS//IyNK1GrQ=="
+    sshPublicKeys:
+      - body: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7qmegDxzv1omqG2cWM+i+qaEGzCoSBwqCeXyGUU93sTqtNYYHJVGj6YZqXeXEGzJtKm2A/uo59Y+WmqhJgW7HcT2Hqvo80NfbIRhqE9TJETyBe
+          GiiC8qpiYgPC2zigCNvTsRXh0CH5FJ1qy4QEBjztQDWOqSrsoOSJEEWCJiKJizTiXDmlGdiKE409GBo8lvlbMRWbrMj3iX825WTqy/T0Pio1kqANDotLnPA0sRXUPVyzc/ghzqRHzFetzP9j7C0nh
+          EvjiJphiuYvhbgix79FrCQG0lXBGcAWzsWUeAoT/d3kQu79+UTWxm+z4pnJ7gkKVMejqrWys560SdAqD264dc5UBRGI9j6XxVKdraSaEitDneONrSAt2tE/RwRxh2ASxqQfdF88zyDI8/ma608tHc
+          FROaNsn5hF+/wzjRK9akdhp5WjA5HXhg2OlkwKvSMhGlSgotRj5pr4Ebxjegysy1mEWRFN/vh/oNq4uHQy8adpfogaVELkI/Z2nuAdQk+uMy6D1hrKhUWubmBPxTbG00IWF25Tyuz8hnFRP9+gB/P
+          NRlF59/EHy27a72nirvuOyfxKnx/Mn+FD9Ah59OSLhWuo3sN9Im8yc2cliecwMz+DmTtE7TwzNw9v2zfxU9JDQwyLtppULiGpmKFOLHjz+SVGxSbVsWS//IyNK1GrQ=="
     tags:
       - key: myKey
         value: myValue

package/crds/transfer.aws.crossplane.io_users.yaml

@@ -317,8 +317,30 @@ spec:
                       * For RSA keys, the key type is ssh-rsa. \n * For ED25519 keys,
                       the key type is ssh-ed25519. \n * For ECDSA keys, the key type
                       is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521,
-                      depending on the size of the key you generated."
+                      depending on the size of the key you generated. \n Deprecated:
+                      This property is deprecated in favor of SSHPublicKeys. Changes
+                      here will not be reflected in the external resource."
                     type: string
+                  sshPublicKeys:
+                    description: SSHPublicKeys that should be added to the server.
+                    items:
+                      properties:
+                        body:
+                          description: "Body is the public portion of the Secure Shell
+                            (SSH) key used to authenticate the user to the server.
+                            \n The three standard SSH public key format elements are
+                            <key type>, <body base64>, and an optional <comment>,
+                            with spaces between each element. \n Transfer Family accepts
+                            RSA, ECDSA, and ED25519 keys. \n * For RSA keys, the key
+                            type is ssh-rsa. \n * For ED25519 keys, the key type is
+                            ssh-ed25519. \n * For ECDSA keys, the key type is either
+                            ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521,
+                            depending on the size of the key you generated."
+                          type: string
+                      required:
+                      - body
+                      type: object
+                    type: array
                   tags:
                     description: Key-value pairs that can be used to group and search
                       for users. Tags are metadata attached to users for any purpose.
@@ -499,10 +521,28 @@ spec:
               atProvider:
                 description: UserObservation defines the observed state of User
                 properties:
+                  arn:
+                    description: Specifies the unique Amazon Resource Name (ARN) for
+                      the user that was requested to be described.
+                    type: string
                   serverID:
                     description: The identifier of the server that the user is attached
                       to.
                     type: string
+                  sshPublicKeys:
+                    description: Specifies the public key portion of the Secure Shell
+                      (SSH) keys stored for the described user.
+                    items:
+                      properties:
+                        dateImported:
+                          format: date-time
+                          type: string
+                        sshPublicKeyBody:
+                          type: string
+                        sshPublicKeyID:
+                          type: string
+                      type: object
+                    type: array
                   userName:
                     description: A unique string that identifies a Transfer Family
                       user.

pkg/clients/mock/generate.go

@@ -20,6 +20,7 @@ limitations under the License.
 //go:generate go run -tags generate github.com/golang/mock/mockgen --build_flags=--mod=mod -copyright_file ../../../hack/boilerplate.go.txt -package ec2iface -destination ./ec2iface/zz_ec2_api.go github.com/aws/aws-sdk-go/service/ec2/ec2iface EC2API
 //go:generate go run -tags generate github.com/golang/mock/mockgen --build_flags=--mod=mod -copyright_file ../../../hack/boilerplate.go.txt -package eksiface  -destination ./eksiface/zz_eks_api.go github.com/aws/aws-sdk-go/service/eks/eksiface EKSAPI
 //go:generate go run -tags generate github.com/golang/mock/mockgen --build_flags=--mod=mod -copyright_file ../../../hack/boilerplate.go.txt -package kmsiface -destination ./kmsiface/zz_kms_api.go github.com/aws/aws-sdk-go/service/kms/kmsiface KMSAPI
+//go:generate go run -tags generate github.com/golang/mock/mockgen --build_flags=--mod=mod -copyright_file ../../../hack/boilerplate.go.txt -package transferiface -destination ./transferiface/zz_transfer_api.go github.com/aws/aws-sdk-go/service/transfer/transferiface TransferAPI
 //go:generate go run -tags generate github.com/golang/mock/mockgen --build_flags=--mod=mod -copyright_file ../../../hack/boilerplate.go.txt -package kube -destination ./kube/zz_client.go sigs.k8s.io/controller-runtime/pkg/client Client
 //go:generate go run -tags generate github.com/golang/mock/mockgen --build_flags=--mod=mod -copyright_file ../../../hack/boilerplate.go.txt -package cognitoidentityprovider -destination ./cognitoidentityprovider/zz_resolver_service.go github.com/crossplane-contrib/provider-aws/pkg/clients/cognitoidentityprovider ResolverService