✨ controlplane/rosa: allow configuring private link

.golangci.yml

@@ -159,6 +159,8 @@ linters-settings:
         alias: apimachinerytypes
       - pkg: "sigs.k8s.io/cluster-api/exp/api/v1beta1"
         alias: expclusterv1
+      - pkg: "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
+        alias: clustersmgmtv1
   staticcheck:
     go: "1.21"
   stylecheck:

Makefile

@@ -76,7 +76,7 @@ DOCKER_BUILDKIT=1
 export ACK_GINKGO_DEPRECATIONS := 1.16.4
 
 # Set --output-base for conversion-gen if we are not within GOPATH
-ifneq ($(abspath $(REPO_ROOT)),$(shell go env GOPATH)/src/sigs.k8s.io/cluster-api-provider-aws)
+ifneq ($(abspath $(REPO_ROOT)),$(abspath $(shell go env GOPATH)/src/sigs.k8s.io/cluster-api-provider-aws))
 	GEN_OUTPUT_BASE := --output-base=$(REPO_ROOT)
 else
 	export GOPATH := $(shell go env GOPATH)

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

@@ -55,6 +55,28 @@ spec:
                 items:
                   type: string
                 type: array
+              aws:
+                description: AWS configures aspects of the ROSA HCP workload cluster
+                  that are specific to AWS.
+                properties:
+                  privateLink:
+                    description: PrivateLink configures whether Private Link is enabled
+                      for the cluster
+                    type: boolean
+                  privateLinkConfiguration:
+                    description: PrivateLinkConfiguration configures the Private Link
+                      for the cluster
+                    properties:
+                      principals:
+                        description: Principals are the ARNs for principals that are
+                          allowed for the Private Link.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                required:
+                - privateLink
+                type: object
               controlPlaneEndpoint:
                 description: ControlPlaneEndpoint represents the endpoint used to
                   communicate with the control plane.
@@ -277,6 +299,7 @@ spec:
             required:
             - accountID
             - availabilityZones
+            - aws
             - creatorARN
             - installerRoleARN
             - machineCIDR

controlplane/rosa/api/v1beta2/rosacontrolplane_types.go

@@ -74,6 +74,22 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	// - ocmApiUrl: Optional, defaults to 'https://api.openshift.com'
 	// +optional
 	CredentialsSecretRef *corev1.LocalObjectReference `json:"credentialsSecretRef,omitempty"`
+
+	// AWS configures aspects of the ROSA HCP workload cluster that are specific to AWS.
+	AWS AWSConfiguration `json:"aws"`
+}
+
+type AWSConfiguration struct {
+	// PrivateLink configures whether Private Link is enabled for the cluster
+	PrivateLink bool `json:"privateLink"`
+
+	// PrivateLinkConfiguration configures the Private Link for the cluster
+	PrivateLinkConfiguration *PrivateLinkConfiguration `json:"privateLinkConfiguration,omitempty"`
+}
+
+type PrivateLinkConfiguration struct {
+	// Principals are the ARNs for principals that are allowed for the Private Link.
+	Principals []string `json:"principals,omitempty"`
 }
 
 // AWSRolesRef contains references to various AWS IAM roles required for operators to make calls against the AWS API.