[cna] schema for CNA external resources

graphql-schemas/schema.yml

@@ -994,6 +994,7 @@ confs:
   - { name: sharing, type: AWSAccountSharingOption_v1, isList: true, isInterface: true }
   - { name: terraformState, type: TerraformStateAWS_v1, isRequired: false }
   - { name: rosa, type: RosaOcmSpec_v1, isRequired: false}
+  - { name: cna, type: CNAAWSSpec_v1, isRequired: false }
 
   - name: ecrs
     type: AWSECR_v1
@@ -1008,6 +1009,16 @@ confs:
       schema: /aws/policy-1.yml
       subAttr: account
 
+- name: CNAAWSSpec_v1
+  fields:
+  - { name: defaultRoleARN, type: string }
+  - { name: moduleRoleARNS, type: CNAModuleAWSARN_v1, isList: true }
+
+- name: CNAModuleAWSARN_v1
+  fields:
+  - { name: module, type: string, isRequired: true }
+  - { name: arn, type: string, isRequired: true }
+
 - name: CNAExperimentalProvisioner_v1
   interface: ExternalResourcesProvisioner_v1
   fields:
@@ -1031,18 +1042,66 @@ confs:
     strategy: fieldMap
     field: provider
     fieldMap:
+      aws-assume-role: CNAAssumeRoleAsset_v1
       null-asset: CNANullAsset_v1
+      aws-rds: CNARDSInstance_v1
   fields:
   - { name: provider, type: string, isRequired: true }
+  - { name: identifier, type: string, isRequired: true, isUnique: true }
+
+- name: CNAAssumeRoleAsset_v1
+  interface: CNAsset_v1
+  fields:
+  - { name: provider, type: string, isRequired: true }
+  - { name: identifier, type: string, isRequired: true, isUnique: true }
+  - { name: aws_account, type: AWSAccount_v1, isRequired: true }
+  - { name: defaults, type: CNAAssumeRoleAssetConfig_v1 }
+  - { name: overrides, type: json }
+
+- name: CNAAssumeRoleAssetConfig_v1
+  fields:
+  - { name: slug, type: string }
 
 - name: CNANullAsset_v1
   interface: CNAsset_v1
   fields:
   - { name: provider, type: string, isRequired: true }
   - { name: identifier, type: string, isRequired: true, isUnique: true }
   - { name: description, type: string }
+  - { name: defaults, type: CNANullAssetConfig_v1 }
+  - { name: overrides, type: json }
+
+- name: CNANullAssetConfig_v1
+  fields:
   - { name: addr_block, type: string }
 
+- name: CNARDSInstance_v1
+  interface: CNAsset_v1
+  fields:
+  - { name: provider, type: string, isRequired: true }
+  - { name: identifier, type: string, isRequired: true, isUnique: true }
+  - { name: name, type: string }
+  - { name: defaults, type: CNARDSInstanceDefaults_v1 }
+  - { name: overrides, type: json }
+
+- name: CNARDSInstanceDefaults_v1
+  fields:
+  - { name: vpc, type: AWSVPC_v1, isRequired: true }
+  - { name: db_subnet_group_name, type: string, isRequired: true }
+  - { name: instance_class, type: string, isRequired: true }
+  - { name: allocated_storage, type: int, isRequired: true }
+  - { name: max_allocated_storage, type: int, isRequired: true }
+  - { name: engine, type: string, isRequired: true }
+  - { name: engine_version, type: string, isRequired: true }
+  - { name: username, type: string, isRequired: true }
+  - { name: maintenance_window, type: string }
+  - { name: backup_retention_period, type: int }
+  - { name: backup_window, type: string }
+  - { name: multi_az, type: boolean }
+  - { name: deletion_protection, type: boolean }
+  - { name: apply_immediately, type: boolean }
+
+
 - name: CloudflareAccount_v1
   interface: ExternalResourcesProvisioner_v1
   fields:

schemas/aws/account-1.yml

@@ -105,6 +105,26 @@ properties:
     description: "Rosa related attributes in the aws account."
     "$ref": "/common-1.json#/definitions/crossref"
     "$schemaRef": "/dependencies/rosa-ocm-1.yml"
+  cna:
+    type: object
+    additionalProperties: false
+    properties:
+      defaultRoleARN:
+        type: string
+      moduleRoleARNS:
+        type: array
+        items:
+          additionalProperties: false
+          properties:
+            module:
+              type: string
+            arn:
+              type: string
+          required:
+          - module
+          - arn
+    required:
+    - defaultRoleARN
 required:
 - "$schema"
 - labels

schemas/cna/asset-1.yml

@@ -15,8 +15,15 @@ properties:
     "$ref": "/common-1.json#/definitions/annotations"
   identifier:
     "$ref": "/common-1.json#/definitions/longIdentifier"
-  addr_block:
+  name:
     type: string
+  aws_account:
+    "$ref": "/common-1.json#/definitions/crossref"
+    "$schemaRef": "/aws/account-1.yml"
+  defaults:
+    "$ref": "/common-1.json#/definitions/crossref"
+  overrides:
+    type: object
 oneOf:
 - additionalProperties: false
   properties:
@@ -28,7 +35,93 @@ oneOf:
       "$ref": "/common-1.json#/definitions/longIdentifier"
     description:
       type: string
-    addr_block:
+    defaults:
+      "$ref": "/common-1.json#/definitions/crossref"
+      "$schemaRef": "/cna/null-asset-config-1.yml"
+    overrides:
+      "$ref": "/cna/null-asset-config-1.yml"
+  required:
+  - identifier
+- additionalProperties: false
+  properties:
+    provider:
+      type: string
+      enum:
+      - aws-assume-role
+    identifier:
+      "$ref": "/common-1.json#/definitions/longIdentifier"
+    aws_account:
+      "$ref": "/common-1.json#/definitions/crossref"
+      "$schemaRef": "/aws/account-1.yml"
+    defaults:
+      "$ref": "/common-1.json#/definitions/crossref"
+      "$schemaRef": "/cna/aws-assume-role-config-1.yml"
+    overrides:
+      "$ref": "/cna/aws-assume-role-config-1.yml"
+  required:
+  - identifier
+  - aws_account
+- additionalProperties: false
+  properties:
+    provider:
+      type: string
+      enum:
+      - aws-rds
+    identifier:
+      "$ref": "/common-1.json#/definitions/longIdentifier"
+      description: The name for the CNA
+    name:
       type: string
+      description: |
+        The identifier for the RDS instance.
+        Defaults to the `identifier` field
+    defaults:
+      "$ref": "/common-1.json#/definitions/crossref"
+      "$schemaRef": "/cna/aws-rds-config-1.yml"
+    overrides:
+      type: object
+      additionalProperties: false
+      properties:
+        db_subnet_group_name:
+          type: string
+        instance_class:
+          "$ref": "/common-1.json#/definitions/rdsDbInstanceClass"
+        allocated_storage:
+          type: integer
+          description: allocated storage in Gi
+        max_allocated_storage:
+          type: integer
+          description: max allocated storage in Gi
+        engine_version:
+          type: string
+          description: The engine version to use
+        username:
+          type: string
+        maintenance_window:
+          type: string
+          description: |
+            The window to perform maintenance in.
+            Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00'
+        backup_retention_period:
+          type: integer
+          description: The days to retain backups for
+        backup_window:
+          type: string
+          description: |
+            The daily time range (in UTC) during which automated backups are created if they are enabled.
+            Example: '09:46-10:16'
+            Must not overlap with maintenance_window
+        multi_az:
+          type: boolean
+          description: |
+            Whether to use a multi-az configuration that includes a standby instance to improve
+            availability when a failover is required (certain upgrades, instance hardware issues, etc.)
+        deletion_protection:
+          type: boolean
+          description:
+            Protect against deletion. Defaults to true.
+        apply_immediately:
+          type: boolean
   required:
   - identifier
+  - defaults

schemas/cna/aws-assume-role-config-1.yml

@@ -0,0 +1,12 @@
+---
+"$schema": /metaschema-1.json
+version: '1.0'
+type: object
+additionalProperties: false
+properties:
+  "$schema":
+    type: string
+    enum:
+    - /cna/aws-assume-role-config-1.yml
+  slug:
+    type: string

schemas/cna/aws-rds-config-1.yml

@@ -0,0 +1,75 @@
+---
+"$schema": /metaschema-1.json
+version: '1.0'
+type: object
+additionalProperties: false
+properties:
+  "$schema":
+    type: string
+    enum:
+    - /cna/aws-rds-config-1.yml
+  vpc:
+    "$ref": "/common-1.json#/definitions/crossref"
+    "$schemaRef": "/aws/vpc-1.yml"
+    description: The VPC the RDS instance is created in.
+  db_subnet_group_name:
+    type: string
+    description: |
+      Name of DB subnet group. DB instance will be created in the VPC
+      associated with the DB subnet group.
+      Must exist in the referenced VPC.
+      Mandatory: must be set here or provided via a default.
+  instance_class:
+    "$ref": "/common-1.json#/definitions/rdsDbInstanceClass"
+  allocated_storage:
+    type: integer
+    description: allocated storage in Gi
+  max_allocated_storage:
+    type: integer
+    description: max allocated storage in Gi
+  engine:
+    type: string
+    enum:
+    - postgres
+  engine_version:
+    type: string
+    description: The engine version to use
+  username:
+    type: string
+  maintenance_window:
+    type: string
+    description: |
+      The window to perform maintenance in.
+      Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00'
+  backup_retention_period:
+    type: integer
+    description: The days to retain backups for
+  backup_window:
+    type: string
+    description: |
+      The daily time range (in UTC) during which automated backups are created if they are enabled.
+      Example: '09:46-10:16'
+      Must not overlap with maintenance_window
+  multi_az:
+    type: boolean
+    description: |
+      Whether to use a multi-az configuration that includes a standby instance to improve
+      availability when a failover is required (certain upgrades, instance hardware issues, etc.)
+  deletion_protection:
+    type: boolean
+    description:
+      Protect against deletion. Defaults to true.
+  apply_immediately:
+    type: boolean
+    description: |
+      Indicates whether to apply changes immediately, or wait until the next maintenance window
+required:
+- "$schema"
+- vpc
+- db_subnet_group_name
+- instance_class
+- allocated_storage
+- max_allocated_storage
+- engine
+- engine_version
+- username

schemas/cna/null-asset-config-1.yml

@@ -0,0 +1,12 @@
+---
+"$schema": /metaschema-1.json
+version: '1.0'
+type: object
+additionalProperties: false
+properties:
+  "$schema":
+    type: string
+    enum:
+    - /cna/null-asset-config-1.yml
+  addr_block:
+    type: string

schemas/common-1.json

@@ -171,6 +171,49 @@
         "partial_outage",
         "major_outage"
       ]
+    },
+    "rdsDbInstanceClass": {
+      "type": "string",
+      "enum": [
+        "db.t2.micro",
+        "db.t2.small",
+        "db.t3.small",
+        "db.m3.medium",
+        "db.t3.medium",
+        "db.m4.large",
+        "db.m4.xlarge",
+        "db.m4.2xlarge",
+        "db.m5.large",
+        "db.m5.xlarge",
+        "db.m5.2xlarge",
+        "db.m5.4xlarge",
+        "db.m5.8xlarge",
+        "db.m5.12xlarge",
+        "db.m5.16xlarge",
+        "db.m5.24xlarge",
+        "db.m6.large",
+        "db.m6g.large",
+        "db.m6g.xlarge",
+        "db.m6g.2xlarge",
+        "db.m6g.4xlarge",
+        "db.m6g.8xlarge",
+        "db.m6g.12xlarge",
+        "db.m6g.16xlarge",
+        "db.r4.large",
+        "db.r4.xlarge",
+        "db.r4.2xlarge",
+        "db.r4.4xlarge",
+        "db.r4.8xlarge",
+        "db.r4.16xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.8xlarge",
+        "db.r5.12xlarge",
+        "db.r5.16xlarge",
+        "db.r5.24xlarge"
+      ]
     }
   }
 }