From 12103b0efcb804354997c7b9ccbe63a06c8d7f8b Mon Sep 17 00:00:00 2001
From: nithyatsu <nithyasu@microsoft.com>
Date: Mon, 24 Jun 2024 15:31:42 -0700
Subject: [PATCH] irsa credential model

---
 .../zz_generated_constants.go                 |  3 ++
 .../zz_generated_interfaces.go                |  2 +-
 .../v20231001preview/zz_generated_models.go   | 23 +++++++++++
 .../zz_generated_models_serde.go              | 39 +++++++++++++++++++
 .../zz_generated_polymorphic_helpers.go       |  2 +
 .../preview/2023-10-01-preview/openapi.json   | 34 +++++++++++++++-
 typespec/UCP/aws-credentials.tsp              | 15 +++++++
 7 files changed, 116 insertions(+), 2 deletions(-)

diff --git a/pkg/ucp/api/v20231001preview/zz_generated_constants.go b/pkg/ucp/api/v20231001preview/zz_generated_constants.go
index 3818bcaa716..3706ae2adb5 100644
--- a/pkg/ucp/api/v20231001preview/zz_generated_constants.go
+++ b/pkg/ucp/api/v20231001preview/zz_generated_constants.go
@@ -18,12 +18,15 @@ type AWSCredentialKind string
 const (
 	// AWSCredentialKindAccessKey - The AWS Access Key credential
 	AWSCredentialKindAccessKey AWSCredentialKind = "AccessKey"
+	// AWSCredentialKindIRSA - The AWS IRSA credential
+	AWSCredentialKindIRSA AWSCredentialKind = "IRSA"
 )
 
 // PossibleAWSCredentialKindValues returns the possible values for the AWSCredentialKind const type.
 func PossibleAWSCredentialKindValues() []AWSCredentialKind {
 	return []AWSCredentialKind{	
 		AWSCredentialKindAccessKey,
+		AWSCredentialKindIRSA,
 	}
 }
 
diff --git a/pkg/ucp/api/v20231001preview/zz_generated_interfaces.go b/pkg/ucp/api/v20231001preview/zz_generated_interfaces.go
index 72b5581ffd9..3ace1ee7065 100644
--- a/pkg/ucp/api/v20231001preview/zz_generated_interfaces.go
+++ b/pkg/ucp/api/v20231001preview/zz_generated_interfaces.go
@@ -10,7 +10,7 @@ package v20231001preview
 // AwsCredentialPropertiesClassification provides polymorphic access to related types.
 // Call the interface's GetAwsCredentialProperties() method to access the common type.
 // Use a type switch to determine the concrete type.  The possible types are:
-// - *AwsAccessKeyCredentialProperties, *AwsCredentialProperties
+// - *AwsAccessKeyCredentialProperties, *AwsCredentialProperties, *AwsIRSACredentialProperties
 type AwsCredentialPropertiesClassification interface {
 	// GetAwsCredentialProperties returns the AwsCredentialProperties content of the underlying type.
 	GetAwsCredentialProperties() *AwsCredentialProperties
diff --git a/pkg/ucp/api/v20231001preview/zz_generated_models.go b/pkg/ucp/api/v20231001preview/zz_generated_models.go
index 9a57b377e78..c2a6991954e 100644
--- a/pkg/ucp/api/v20231001preview/zz_generated_models.go
+++ b/pkg/ucp/api/v20231001preview/zz_generated_models.go
@@ -87,6 +87,29 @@ type AwsCredentialResourceTagsUpdate struct {
 	Tags map[string]*string
 }
 
+// AwsIRSACredentialProperties - AWS credential storage properties
+type AwsIRSACredentialProperties struct {
+	// REQUIRED; The AWS credential kind
+	Kind *AWSCredentialKind
+
+	// REQUIRED; RoleARN for AWS IRSA identity
+	RoleARN *string
+
+	// REQUIRED; The storage properties
+	Storage CredentialStoragePropertiesClassification
+
+	// READ-ONLY; The status of the asynchronous operation.
+	ProvisioningState *ProvisioningState
+}
+
+// GetAwsCredentialProperties implements the AwsCredentialPropertiesClassification interface for type AwsIRSACredentialProperties.
+func (a *AwsIRSACredentialProperties) GetAwsCredentialProperties() *AwsCredentialProperties {
+	return &AwsCredentialProperties{
+		Kind: a.Kind,
+		ProvisioningState: a.ProvisioningState,
+	}
+}
+
 // AwsPlaneResource - The AWS plane resource
 type AwsPlaneResource struct {
 	// REQUIRED; The geo-location where the resource lives
diff --git a/pkg/ucp/api/v20231001preview/zz_generated_models_serde.go b/pkg/ucp/api/v20231001preview/zz_generated_models_serde.go
index 28932179ca2..32d327b2ea9 100644
--- a/pkg/ucp/api/v20231001preview/zz_generated_models_serde.go
+++ b/pkg/ucp/api/v20231001preview/zz_generated_models_serde.go
@@ -197,6 +197,45 @@ func (a *AwsCredentialResourceTagsUpdate) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+// MarshalJSON implements the json.Marshaller interface for type AwsIRSACredentialProperties.
+func (a AwsIRSACredentialProperties) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]any)
+	objectMap["kind"] = AWSCredentialKindIRSA
+	populate(objectMap, "provisioningState", a.ProvisioningState)
+	populate(objectMap, "roleARN", a.RoleARN)
+	populate(objectMap, "storage", a.Storage)
+	return json.Marshal(objectMap)
+}
+
+// UnmarshalJSON implements the json.Unmarshaller interface for type AwsIRSACredentialProperties.
+func (a *AwsIRSACredentialProperties) UnmarshalJSON(data []byte) error {
+	var rawMsg map[string]json.RawMessage
+	if err := json.Unmarshal(data, &rawMsg); err != nil {
+		return fmt.Errorf("unmarshalling type %T: %v", a, err)
+	}
+	for key, val := range rawMsg {
+		var err error
+		switch key {
+		case "kind":
+				err = unpopulate(val, "Kind", &a.Kind)
+			delete(rawMsg, key)
+		case "provisioningState":
+				err = unpopulate(val, "ProvisioningState", &a.ProvisioningState)
+			delete(rawMsg, key)
+		case "roleARN":
+				err = unpopulate(val, "RoleARN", &a.RoleARN)
+			delete(rawMsg, key)
+		case "storage":
+			a.Storage, err = unmarshalCredentialStoragePropertiesClassification(val)
+			delete(rawMsg, key)
+		}
+		if err != nil {
+			return fmt.Errorf("unmarshalling type %T: %v", a, err)
+		}
+	}
+	return nil
+}
+
 // MarshalJSON implements the json.Marshaller interface for type AwsPlaneResource.
 func (a AwsPlaneResource) MarshalJSON() ([]byte, error) {
 	objectMap := make(map[string]any)
diff --git a/pkg/ucp/api/v20231001preview/zz_generated_polymorphic_helpers.go b/pkg/ucp/api/v20231001preview/zz_generated_polymorphic_helpers.go
index 4b05fb540c6..062b4f23b6d 100644
--- a/pkg/ucp/api/v20231001preview/zz_generated_polymorphic_helpers.go
+++ b/pkg/ucp/api/v20231001preview/zz_generated_polymorphic_helpers.go
@@ -21,6 +21,8 @@ func unmarshalAwsCredentialPropertiesClassification(rawMsg json.RawMessage) (Aws
 	switch m["kind"] {
 	case string(AWSCredentialKindAccessKey):
 		b = &AwsAccessKeyCredentialProperties{}
+	case string(AWSCredentialKindIRSA):
+		b = &AwsIRSACredentialProperties{}
 	default:
 		b = &AwsCredentialProperties{}
 	}
diff --git a/swagger/specification/ucp/resource-manager/UCP/preview/2023-10-01-preview/openapi.json b/swagger/specification/ucp/resource-manager/UCP/preview/2023-10-01-preview/openapi.json
index 7dca6e2eb9f..355cff86e36 100644
--- a/swagger/specification/ucp/resource-manager/UCP/preview/2023-10-01-preview/openapi.json
+++ b/swagger/specification/ucp/resource-manager/UCP/preview/2023-10-01-preview/openapi.json
@@ -1649,7 +1649,8 @@
       "type": "string",
       "description": "AWS credential kind",
       "enum": [
-        "AccessKey"
+        "AccessKey",
+        "IRSA"
       ],
       "x-ms-enum": {
         "name": "AWSCredentialKind",
@@ -1659,6 +1660,11 @@
             "name": "AccessKey",
             "value": "AccessKey",
             "description": "The AWS Access Key credential"
+          },
+          {
+            "name": "IRSA",
+            "value": "IRSA",
+            "description": "The AWS IRSA credential"
           }
         ]
       }
@@ -1772,6 +1778,32 @@
         }
       }
     },
+    "AwsIRSACredentialProperties": {
+      "type": "object",
+      "description": "AWS credential storage properties",
+      "properties": {
+        "roleARN": {
+          "type": "string",
+          "format": "password",
+          "description": "RoleARN for AWS IRSA identity",
+          "x-ms-secret": true
+        },
+        "storage": {
+          "$ref": "#/definitions/CredentialStorageProperties",
+          "description": "The storage properties"
+        }
+      },
+      "required": [
+        "roleARN",
+        "storage"
+      ],
+      "allOf": [
+        {
+          "$ref": "#/definitions/AwsCredentialProperties"
+        }
+      ],
+      "x-ms-discriminator-value": "IRSA"
+    },
     "AwsPlaneResource": {
       "type": "object",
       "description": "The AWS plane resource",
diff --git a/typespec/UCP/aws-credentials.tsp b/typespec/UCP/aws-credentials.tsp
index 3ee8ea359bd..084091e287a 100644
--- a/typespec/UCP/aws-credentials.tsp
+++ b/typespec/UCP/aws-credentials.tsp
@@ -63,6 +63,8 @@ model AwsPlaneNameParameter {
 enum AWSCredentialKind {
   @doc("The AWS Access Key credential")
   AccessKey,
+  @doc("The AWS IRSA credential")
+  IRSA,
 }
 
 @discriminator("kind")
@@ -93,6 +95,19 @@ model AwsAccessKeyCredentialProperties extends AwsCredentialProperties {
   storage: CredentialStorageProperties;
 }
 
+@doc("AWS credential storage properties")
+model AwsIRSACredentialProperties extends AwsCredentialProperties {
+  @doc("Access Key kind")
+  kind: AWSCredentialKind.IRSA;
+
+  @doc("RoleARN for AWS IRSA identity")
+  @secret
+  roleARN: string;
+
+  @doc("The storage properties")
+  storage: CredentialStorageProperties;
+}
+
 alias AwsCredentialBaseParameter<TResource> = CredentialBaseParameters<
   TResource,
   AwsPlaneNameParameter