aws-controllers-k8s · ack-prow · Mar 25, 2025 · Mar 25, 2025
diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2025-02-20T18:13:42Z"
-  build_hash: a326346bd3a6973254d247c9ab2dc76790c36241
+  build_date: "2025-03-25T01:59:31Z"
+  build_hash: 3722729cebe6d3c03c7e442655ef0846f91566a2
   go_version: go1.24.0
-  version: v0.43.2
-api_directory_checksum: 086df7708184fcedddb2910d4980cdff3bf9de8f
+  version: v0.43.2-7-g3722729
+api_directory_checksum: b37edb8bba9d3847d4bdf1e842b7a597821c8c37
 api_version: v1alpha1
 aws_sdk_go_version: v1.32.6
 generator_config_info:
-  file_checksum: 7e92f95044b114e8b39e4b28ea82afbdc992a3cb
+  file_checksum: 3dbfbaabdb68f05226834184bacb6be1028ba38d
   original_file_name: generator.yaml
 last_modification:
   reason: API generation
diff --git a/apis/v1alpha1/alias.go b/apis/v1alpha1/alias.go
diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml
@@ -27,6 +27,8 @@ ignore:
   - PublishVersionOutput.LoggingConfig
   - PublishVersionOutput.RuntimeVersionConfig
   - VpcConfig.Ipv6AllowedForDualStack
+  - AddPermissionInput.FunctionName # We grab this from the Alias resource
+  - AddPermissionInput.Qualifier # We grab this from the Alias resource   
 operations:
   GetFunction:
     output_wrapper_field_path: Configuration
@@ -161,7 +163,14 @@ resources:
         from:
           operation: PutProvisionedConcurrencyConfig
           path: .
+      Permissions:
+        custom_field:
+          list_of: AddPermissionInput
+        compare:
+          is_ignored: true
     hooks:
+      delta_pre_compare:
+        code: customPreCompare(delta, a, b)
       sdk_update_pre_build_request:
         template_path: hooks/alias/sdk_update_pre_build_request.go.tpl
       sdk_read_one_post_set_output:

diff --git a/apis/v1alpha1/types.go b/apis/v1alpha1/types.go
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/lambda.services.k8s.aws_aliases.yaml b/config/crd/bases/lambda.services.k8s.aws_aliases.yaml
@@ -132,6 +132,31 @@ spec:
               name:
                 description: The name of the alias.
                 type: string
+              permissions:
+                description: Permissions configures a set of Lambda permissions to
+                  grant to an alias.
+                items:
+                  properties:
+                    action:
+                      type: string
+                    eventSourceToken:
+                      type: string
+                    functionURLAuthType:
+                      type: string
+                    principal:
+                      type: string
+                    principalOrgID:
+                      type: string
+                    revisionID:
+                      type: string
+                    sourceARN:
+                      type: string
+                    sourceAccount:
+                      type: string
+                    statementID:
+                      type: string
+                  type: object
+                type: array
               provisionedConcurrencyConfig:
                 description: |-
                   Configures provisioned concurrency to a function's alias

diff --git a/documentation.yaml b/documentation.yaml
@@ -21,6 +21,8 @@ resources:
               The maximum number of times to retry when the function returns an error.
   Alias:
     fields:
+      Permissions:
+        prepend: Permissions configures a set of Lambda permissions to grant to an alias.
       FunctionEventInvokeConfig:
         prepend: |
           Configures options for asynchronous invocation on an alias.

diff --git a/generator.yaml b/generator.yaml
@@ -27,6 +27,8 @@ ignore:
   - PublishVersionOutput.LoggingConfig
   - PublishVersionOutput.RuntimeVersionConfig
   - VpcConfig.Ipv6AllowedForDualStack
+  - AddPermissionInput.FunctionName # We grab this from the Alias resource
+  - AddPermissionInput.Qualifier # We grab this from the Alias resource   
 operations:
   GetFunction:
     output_wrapper_field_path: Configuration
@@ -161,7 +163,14 @@ resources:
         from:
           operation: PutProvisionedConcurrencyConfig
           path: .
+      Permissions:
+        custom_field:
+          list_of: AddPermissionInput
+        compare:
+          is_ignored: true
     hooks:
+      delta_pre_compare:
+        code: customPreCompare(delta, a, b)
       sdk_update_pre_build_request:
         template_path: hooks/alias/sdk_update_pre_build_request.go.tpl
       sdk_read_one_post_set_output:

diff --git a/go.mod b/go.mod
@@ -17,6 +17,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/lambda v1.69.8
 	github.com/aws/smithy-go v1.22.2
 	github.com/go-logr/logr v1.4.2
+	github.com/micahhausler/aws-iam-policy v0.4.2
 	github.com/spf13/pflag v1.0.5
 	k8s.io/api v0.31.0
 	k8s.io/apimachinery v0.31.0

diff --git a/go.sum b/go.sum
@@ -126,6 +126,8 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/micahhausler/aws-iam-policy v0.4.2 h1:HF7bERLnpqEmffV9/wTT4jZ7TbSNVk0JbpXo1Cj3up0=
+github.com/micahhausler/aws-iam-policy v0.4.2/go.mod h1:Ojgst9ZFn+VEEJpqtuw/LxVGqEf2+hwWBlkYWvF/XWM=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

diff --git a/helm/crds/lambda.services.k8s.aws_aliases.yaml b/helm/crds/lambda.services.k8s.aws_aliases.yaml
@@ -132,6 +132,31 @@ spec:
               name:
                 description: The name of the alias.
                 type: string
+              permissions:
+                description: Permissions configures a set of Lambda permissions to
+                  grant to an alias.
+                items:
+                  properties:
+                    action:
+                      type: string
+                    eventSourceToken:
+                      type: string
+                    functionURLAuthType:
+                      type: string
+                    principal:
+                      type: string
+                    principalOrgID:
+                      type: string
+                    revisionID:
+                      type: string
+                    sourceARN:
+                      type: string
+                    sourceAccount:
+                      type: string
+                    statementID:
+                      type: string
+                  type: object
+                type: array
               provisionedConcurrencyConfig:
                 description: |-
                   Configures provisioned concurrency to a function's alias

diff --git a/pkg/resource/alias/delta.go b/pkg/resource/alias/delta.go