aws-controllers-k8s
diff --git a/‎apis/v1alpha1/ack-generate-metadata.yaml
+3-3 b/‎apis/v1alpha1/ack-generate-metadata.yaml
+3-3
diff --git a/‎apis/v1alpha1/generator.yaml
+6 b/‎apis/v1alpha1/generator.yaml
+6
diff --git a/‎apis/v1alpha1/resource_share.go
+2-1 b/‎apis/v1alpha1/resource_share.go
+2-1
diff --git a/‎apis/v1alpha1/zz_generated.deepcopy.go
+11 b/‎apis/v1alpha1/zz_generated.deepcopy.go
+11
diff --git a/‎config/crd/bases/ram.services.k8s.aws_resourceshares.yaml
+19 b/‎config/crd/bases/ram.services.k8s.aws_resourceshares.yaml
+19
diff --git a/‎generator.yaml
+6 b/‎generator.yaml
+6
diff --git a/‎helm/crds/ram.services.k8s.aws_resourceshares.yaml
+19 b/‎helm/crds/ram.services.k8s.aws_resourceshares.yaml
+19
diff --git a/‎pkg/resource/permission/hooks.go
+3-3 b/‎pkg/resource/permission/hooks.go
+3-3
diff --git a/‎pkg/resource/resource_share/delta.go
+3 b/‎pkg/resource/resource_share/delta.go
+3
diff --git a/‎pkg/resource/resource_share/hooks.go
+115 b/‎pkg/resource/resource_share/hooks.go
+115
@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2024-09-12T18:34:16Z"
+  build_date: "2024-09-19T23:44:11Z"
   build_hash: f8f98563404066ac3340db0a049d2e530e5c51cc
   go_version: go1.23.0
   version: v0.38.1
-api_directory_checksum: 19270bb8fa89ed2776f8700ce02abfdc3ef1a002
+api_directory_checksum: 0156ad977aa0dd2b311f1064cb8520b8d8a490c1
 api_version: v1alpha1
 aws_sdk_go_version: v1.49.0
 generator_config_info:
-  file_checksum: e58ff8e517224d3dbbeaaa3cc8b0d084e06a2e50
+  file_checksum: 63d687c51f31cd6876aa96904116ed9dc135f3b2
   original_file_name: generator.yaml
 last_modification:
   reason: API generation
@@ -9,6 +9,10 @@ ignore:
 resources:
   ResourceShare:
     fields:
+      PermissionARNs:
+        references:
+          resource: Permission
+          path: Status.ACKResourceMetadata.ARN
       Tags:
         from:
           operation: TagResource
@@ -22,6 +26,8 @@ resources:
         template_path: hooks/resource_share/sdk_update_pre_build_request.go.tpl
       sdk_read_many_post_build_request:
         template_path: hooks/resource_share/sdk_find_read_many_post_build_request.go.tpl
+      sdk_read_many_post_set_output:
+        template_path: hooks/resource_share/sdk_read_many_post_set_output.go.tpl
       sdk_file_end:
         template_path: hooks/resource_share/sdk_file_end.go.tpl
   Permission:
 
@@ -64,6 +64,25 @@ spec:
                 items:
                   type: string
                 type: array
+              permissionRefs:
+                items:
+                  description: "AWSResourceReferenceWrapper provides a wrapper around
+                    *AWSResourceReference\ntype to provide more user friendly syntax
+                    for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t
+                    \ name: my-api"
+                  properties:
+                    from:
+                      description: |-
+                        AWSResourceReference provides all the values necessary to reference another
+                        k8s resource for finding the identifier(Id/ARN/Name)
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                  type: object
+                type: array
               principals:
                 description: |-
                   Specifies a list of one or more principals to associate with the resource
 
@@ -9,6 +9,10 @@ ignore:
 resources:
   ResourceShare:
     fields:
+      PermissionARNs:
+        references:
+          resource: Permission
+          path: Status.ACKResourceMetadata.ARN
       Tags:
         from:
           operation: TagResource
@@ -22,6 +26,8 @@ resources:
         template_path: hooks/resource_share/sdk_update_pre_build_request.go.tpl
       sdk_read_many_post_build_request:
         template_path: hooks/resource_share/sdk_find_read_many_post_build_request.go.tpl
+      sdk_read_many_post_set_output:
+        template_path: hooks/resource_share/sdk_read_many_post_set_output.go.tpl
       sdk_file_end:
         template_path: hooks/resource_share/sdk_file_end.go.tpl
   Permission:
 
@@ -64,6 +64,25 @@ spec:
                 items:
                   type: string
                 type: array
+              permissionRefs:
+                items:
+                  description: "AWSResourceReferenceWrapper provides a wrapper around
+                    *AWSResourceReference\ntype to provide more user friendly syntax
+                    for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t
+                    \ name: my-api"
+                  properties:
+                    from:
+                      description: |-
+                        AWSResourceReference provides all the values necessary to reference another
+                        k8s resource for finding the identifier(Id/ARN/Name)
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                  type: object
+                type: array
               principals:
                 description: |-
                   Specifies a list of one or more principals to associate with the resource
 
@@ -48,13 +48,13 @@ func (rm *resourceManager) customUpdatePermission(
 		}
 		ackcondition.SetSynced(&resource{ko}, corev1.ConditionTrue, nil, nil)
 	}
-	
+
 	if delta.DifferentAt("Spec.PolicyTemplate") {
 		err := rm.updatePermission(ctx, desired)
 		if err != nil {
 			return nil, err
 		}
-		// resource takes time to retrieve the latest version. Syncing after 
+		// resource takes time to retrieve the latest version. Syncing after
 		// 30 seconds gets the job done
 		ackcondition.SetSynced(&resource{ko}, corev1.ConditionFalse, nil, nil)
 	}
@@ -325,4 +325,4 @@ func (rm *resourceManager) newTag(
 		res.SetValue(*c.Value)
 	}
 	return res
-}
+}
@@ -117,3 +117,118 @@ func compareTags(
 		}
 	}
 }
+
+func (rm *resourceManager) syncPermissions(
+	ctx context.Context,
+	desired *resource,
+	latest *resource,
+) (err error) {
+	rlog := ackrtlog.FromContext(ctx)
+	exit := rlog.Trace("rm.syncPermissions")
+	defer func() {
+		exit(err)
+	}()
+
+	resourceArn := latest.ko.Status.ACKResourceMetadata.ARN
+
+	desiredPermissions := desired.ko.Spec.PermissionARNs
+	latestPermissions := latest.ko.Spec.PermissionARNs
+
+	toAdd, toDelete := comparePermissionArns(desiredPermissions, latestPermissions)
+
+	if len(toDelete) > 0 {
+		rlog.Debug("disassociating permissions from ResourceShare resource", "permissionArns", toDelete)
+		for _, permission := range toDelete {
+			_, err = rm.sdkapi.DisassociateResourceSharePermissionWithContext(
+				ctx,
+				&svcsdk.DisassociateResourceSharePermissionInput{
+					ResourceShareArn: (*string)(resourceArn),
+					PermissionArn:    permission,
+				},
+			)
+			rm.metrics.RecordAPICall("UPDATE", "DisassociateResourceSharePermission", err)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	if len(toAdd) > 0 {
+		rlog.Debug("associating permissions to ResourceShare resource", "permissionArns", toAdd)
+		for _, permission := range toAdd {
+			_, err = rm.sdkapi.AssociateResourceSharePermissionWithContext(
+				ctx,
+				&svcsdk.AssociateResourceSharePermissionInput{
+					ResourceShareArn: (*string)(resourceArn),
+					PermissionArn:    permission,
+				},
+			)
+			rm.metrics.RecordAPICall("UPDATE", "AssociateResourceSharePermission", err)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func comparePermissionArns(a, b []*string) ([]*string, []*string) {
+	toAdd := make([]*string, 0, len(a))
+	toDelete := make([]*string, 0, len(a))
+
+	am := make(map[string]bool)
+
+	for _, v := range a {
+		am[*v] = true
+	}
+
+	for _, v := range b {
+		if _, ok := am[*v]; !ok {
+			toDelete = append(toDelete, v)
+		}
+	}
+
+	bm := make(map[string]bool)
+	for _, v := range b {
+		bm[*v] = true
+	}
+
+	for _, v := range a {
+		if _, ok := bm[*v]; !ok {
+			toAdd = append(toDelete, v)
+		}
+	}
+
+	return toAdd, toDelete
+}
+
+func (rm *resourceManager) getPermissionArns(ctx context.Context, r *resource) (err error) {
+	rlog := ackrtlog.FromContext(ctx)
+	exit := rlog.Trace("rm.getPermissions")
+	defer func() {
+		exit(err)
+	}()
+	if r == nil || r.ko == nil || r.ko.Status.ACKResourceMetadata == nil || r.ko.Status.ACKResourceMetadata.ARN == nil {
+		return nil
+	}
+	resp, err := rm.sdkapi.ListResourceSharePermissions(
+		&svcsdk.ListResourceSharePermissionsInput{
+			ResourceShareArn: (*string)(r.ko.Status.ACKResourceMetadata.ARN),
+		},
+	)
+	rm.metrics.RecordAPICall("READ_MANY", "ListResourceSharePermissions", err)
+	if err != nil {
+		return err
+	}
+
+	if resp.Permissions != nil {
+		permissionArns := make([]*string, 0, len(resp.Permissions))
+		for _, p := range resp.Permissions {
+			permissionArns = append(permissionArns, p.Arn)
+		}
+		r.ko.Spec.PermissionARNs = permissionArns
+	}
+
+	return nil
+}
Original file line number	Diff line number	Diff line change
`@@ -48,13 +48,13 @@ func (rm *resourceManager) customUpdatePermission(`
`48`	`48`	`}`
`49`	`49`	`ackcondition.SetSynced(&resource{ko}, corev1.ConditionTrue, nil, nil)`
`50`	`50`	`}`
`51`		`-`
	`51`	`+`
`52`	`52`	`if delta.DifferentAt("Spec.PolicyTemplate") {`
`53`	`53`	`err := rm.updatePermission(ctx, desired)`
`54`	`54`	`if err != nil {`
`55`	`55`	`return nil, err`
`56`	`56`	`}`
`57`		`- // resource takes time to retrieve the latest version. Syncing after`
	`57`	`+ // resource takes time to retrieve the latest version. Syncing after`
`58`	`58`	`// 30 seconds gets the job done`
`59`	`59`	`ackcondition.SetSynced(&resource{ko}, corev1.ConditionFalse, nil, nil)`
`60`	`60`	`}`
`@@ -325,4 +325,4 @@ func (rm *resourceManager) newTag(`
`325`	`325`	`res.SetValue(*c.Value)`
`326`	`326`	`}`
`327`	`327`	`return res`
`328`		`-}`
	`328`	`+}`