fix: Make ResourceID field "mutable"

In practice, due to in-controller enforcement, the only valid change is
to set from empty string -> actual resource ID.

apis/bigquerydatatransfer/v1alpha1/config_types.go

@@ -82,8 +82,6 @@ type BigQueryDataTransferConfigSpec struct {
 
 	Parent `json:",inline"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The BigQueryDataTransferConfig name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/bigquerydatatransfer/v1beta1/transferconfig_types.go

@@ -108,8 +108,6 @@ type BigQueryDataTransferConfigSpec struct {
 
 	Parent `json:",inline"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The BigQueryDataTransferConfig name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/certificatemanager/v1alpha1/dnsauthorization_types.go

@@ -40,8 +40,7 @@ type CertificateManagerDNSAuthorizationSpec struct {
 	// +required
 	ProjectRef refs.ProjectRef `json:"projectRef"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	/* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
+	/* Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
 	// +optional
 	ResourceID *string `json:"resourceID,omitempty"`
 }

apis/certificatemanager/v1beta1/dnsauthorization_types.go

@@ -44,8 +44,7 @@ type CertificateManagerDNSAuthorizationSpec struct {
 	// +optional
 	Location string `json:"location"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	/* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
+	/* Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
 	// +optional
 	ResourceID *string `json:"resourceID,omitempty"`
 }

apis/compute/v1beta1/targettcpproxy_types.go

@@ -53,8 +53,7 @@ type ComputeTargetTCPProxySpec struct {
 	// the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"].
 	ProxyHeader *string `json:"proxyHeader,omitempty"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID is immutable"
-	// Immutable. The ComputeTargetTCPProxy name. If not given, the metadata.name will be used.
+	// The ComputeTargetTCPProxy name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 }
 

apis/containerattached/v1beta1/cluster_types.go

@@ -28,8 +28,7 @@ type ContainerAttachedClusterSpec struct {
 	/* The ID of the project in which the resource belongs.*/
 	ProjectRef *refs.ProjectRef `json:"projectRef"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable, Optional.
+	// Optional.
 	// The ContainerAttachedCluster name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/discoveryengine/v1alpha1/discoveryenginedatastore_types.go

@@ -25,8 +25,6 @@ var DiscoveryEngineDataStoreGVK = GroupVersion.WithKind("DiscoveryEngineDataStor
 // DiscoveryEngineDataStoreSpec defines the desired state of DiscoveryEngineDataStore
 // +kcc:proto=google.cloud.discoveryengine.v1.DataStore
 type DiscoveryEngineDataStoreSpec struct {
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The DiscoveryEngineDataStore name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/kms/v1alpha1/keyhandle_types.go

@@ -27,8 +27,6 @@ var KMSKeyHandleGVK = GroupVersion.WithKind("KMSKeyHandle")
 // KMSKeyHandleSpec defines the desired state of KMSKeyHandle
 // +kcc:proto=google.cloud.kms.v1.KeyHandle
 type KMSKeyHandleSpec struct {
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The KMS Key Handle ID used for resource creation or acquisition.
 	// For creation: If specified, this value is used as the key handle ID. If not provided, a UUID will be generated and assigned as the key handle ID.
 	// For acquisition: This field must be provided to identify the key handle resource to acquire.

apis/kms/v1beta1/keyhandle_types.go

@@ -27,8 +27,6 @@ var KMSKeyHandleGVK = SchemeGroupVersion.WithKind("KMSKeyHandle")
 // KMSKeyHandleSpec defines the desired state of KMSKeyHandle
 // +kcc:proto=google.cloud.kms.v1.KeyHandle
 type KMSKeyHandleSpec struct {
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The KMS Key Handle ID used for resource creation or acquisition.
 	// For creation: If specified, this value is used as the key handle ID. If not provided, a UUID will be generated and assigned as the key handle ID.
 	// For acquisition: This field must be provided to identify the key handle resource to acquire.

apis/privilegedaccessmanager/v1alpha1/entitlement_types.go

@@ -48,10 +48,8 @@ type PrivilegedAccessManagerEntitlementSpec struct {
 	// +required
 	Location *string `json:"location"`
 
-	// Immutable.
 	// The PrivilegedAccessManagerEntitlement name. If not given, the
 	// 'metadata.name' will be used.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
 	// +optional
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/privilegedaccessmanager/v1beta1/privilegedaccessmanagerentitlement_types.go

@@ -51,7 +51,6 @@ type PrivilegedAccessManagerEntitlementSpec struct {
 	// Immutable.
 	// The PrivilegedAccessManagerEntitlement name. If not given, the
 	// 'metadata.name' will be used.
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
 	// +optional
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/secretmanager/v1beta1/secret_types.go

@@ -28,8 +28,6 @@ var SecretManagerSecretGVK = GroupVersion.WithKind("SecretManagerSecret")
 // SecretManagerSecretSpec defines the desired state of SecretManagerSecret
 // +kcc:proto=google.cloud.secretmanager.v1.Secret
 type SecretManagerSecretSpec struct {
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The SecretManagerSecret name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/securesourcemanager/v1alpha1/repository_types.go

@@ -35,8 +35,6 @@ type SecureSourceManagerRepositorySpec struct {
 	// +required
 	Location string `json:"location"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The SecureSourceManagerRepository name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/spanner/v1beta1/instance_types.go

@@ -45,8 +45,6 @@ type SpannerInstanceSpec struct {
 	// +optional
 	ProcessingUnits *int32 `json:"processingUnits,omitempty"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The SpannerInstance name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 }

apis/workstations/v1alpha1/cluster_types.go

@@ -36,8 +36,6 @@ type WorkstationClusterSpec struct {
 	// The location of the cluster.
 	Location string `json:"location,omitempty"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The WorkstationCluster name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/workstations/v1alpha1/config_types.go

@@ -274,8 +274,6 @@ type WorkstationConfigSpec struct {
 	// Parent is a reference to the parent WorkstationCluster for this WorkstationConfig.
 	Parent *WorkstationClusterRef `json:"parentRef"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The WorkstationConfig name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/workstations/v1alpha1/workstation_types.go

@@ -27,8 +27,6 @@ type WorkstationSpec struct {
 	// Parent is a reference to the parent WorkstationConfig for this Workstation.
 	Parent *WorkstationConfigRef `json:"parentRef"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The Workstation name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/workstations/v1beta1/cluster_types.go

@@ -36,8 +36,6 @@ type WorkstationClusterSpec struct {
 	// The location of the cluster.
 	Location string `json:"location,omitempty"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The WorkstationCluster name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/workstations/v1beta1/config_types.go

@@ -274,8 +274,6 @@ type WorkstationConfigSpec struct {
 	// Parent is a reference to the parent WorkstationCluster for this WorkstationConfig.
 	Parent *WorkstationClusterRef `json:"parentRef"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The WorkstationConfig name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

apis/workstations/v1beta1/workstation_types.go

@@ -27,8 +27,6 @@ type WorkstationSpec struct {
 	// Parent is a reference to the parent WorkstationConfig for this Workstation.
 	Parent *WorkstationConfigRef `json:"parentRef"`
 
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
-	// Immutable.
 	// The Workstation name. If not given, the metadata.name will be used.
 	ResourceID *string `json:"resourceID,omitempty"`
 

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com.yaml

@@ -232,12 +232,9 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable. The BigQueryDataTransferConfig name. If not
-                  given, the metadata.name will be used.
+                description: The BigQueryDataTransferConfig name. If not given, the
+                  metadata.name will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
               schedule:
                 description: |-
                   Data transfer schedule.
@@ -621,12 +618,9 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable. The BigQueryDataTransferConfig name. If not
-                  given, the metadata.name will be used.
+                description: The BigQueryDataTransferConfig name. If not given, the
+                  metadata.name will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
               schedule:
                 description: |-
                   Data transfer schedule.

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com.yaml

@@ -107,13 +107,10 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable. Optional. The name of the resource. Used for
-                  creation and acquisition. When unset, the value of `metadata.name`
-                  is used as the default.
+                description: Optional. The name of the resource. Used for creation
+                  and acquisition. When unset, the value of `metadata.name` is used
+                  as the default.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
             required:
             - domain
             - projectRef
@@ -270,13 +267,10 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable. Optional. The name of the resource. Used for
-                  creation and acquisition. When unset, the value of `metadata.name`
-                  is used as the default.
+                description: Optional. The name of the resource. Used for creation
+                  and acquisition. When unset, the value of `metadata.name` is used
+                  as the default.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
             required:
             - domain
             - projectRef

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_computetargettcpproxies.compute.cnrm.cloud.google.com.yaml

@@ -116,12 +116,9 @@ spec:
                   ["NONE", "PROXY_V1"].'
                 type: string
               resourceID:
-                description: Immutable. The ComputeTargetTCPProxy name. If not given,
-                  the metadata.name will be used.
+                description: The ComputeTargetTCPProxy name. If not given, the metadata.name
+                  will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID is immutable
-                  rule: self == oldSelf
             required:
             - backendServiceRef
             type: object

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_containerattachedclusters.containerattached.cnrm.cloud.google.com.yaml

@@ -270,12 +270,9 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable, Optional. The ContainerAttachedCluster name.
-                  If not given, the metadata.name will be used.
+                description: Optional. The ContainerAttachedCluster name. If not given,
+                  the metadata.name will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
             required:
             - distribution
             - fleet

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_discoveryenginedatastores.discoveryengine.cnrm.cloud.google.com.yaml

@@ -121,12 +121,9 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable. The DiscoveryEngineDataStore name. If not
-                  given, the metadata.name will be used.
+                description: The DiscoveryEngineDataStore name. If not given, the
+                  metadata.name will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
               solutionTypes:
                 description: |-
                   The solutions that the data store enrolls. Available solutions for each

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_kmskeyhandles.kms.cnrm.cloud.google.com.yaml

@@ -96,15 +96,12 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: 'Immutable. The KMS Key Handle ID used for resource creation
-                  or acquisition. For creation: If specified, this value is used as
-                  the key handle ID. If not provided, a UUID will be generated and
-                  assigned as the key handle ID. For acquisition: This field must
-                  be provided to identify the key handle resource to acquire.'
+                description: 'The KMS Key Handle ID used for resource creation or
+                  acquisition. For creation: If specified, this value is used as the
+                  key handle ID. If not provided, a UUID will be generated and assigned
+                  as the key handle ID. For acquisition: This field must be provided
+                  to identify the key handle resource to acquire.'
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
               resourceTypeSelector:
                 description: Indicates the resource type that the resulting [CryptoKey][]
                   is meant to protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. See
@@ -239,15 +236,12 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: 'Immutable. The KMS Key Handle ID used for resource creation
-                  or acquisition. For creation: If specified, this value is used as
-                  the key handle ID. If not provided, a UUID will be generated and
-                  assigned as the key handle ID. For acquisition: This field must
-                  be provided to identify the key handle resource to acquire.'
+                description: 'The KMS Key Handle ID used for resource creation or
+                  acquisition. For creation: If specified, this value is used as the
+                  key handle ID. If not provided, a UUID will be generated and assigned
+                  as the key handle ID. For acquisition: This field must be provided
+                  to identify the key handle resource to acquire.'
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
               resourceTypeSelector:
                 description: Indicates the resource type that the resulting [CryptoKey][]
                   is meant to protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. See

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_privilegedaccessmanagerentitlements.privilegedaccessmanager.cnrm.cloud.google.com.yaml

@@ -303,12 +303,9 @@ spec:
                     x-kubernetes-preserve-unknown-fields: true
                 type: object
               resourceID:
-                description: Immutable. The PrivilegedAccessManagerEntitlement name.
-                  If not given, the 'metadata.name' will be used.
+                description: The PrivilegedAccessManagerEntitlement name. If not given,
+                  the 'metadata.name' will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
             required:
             - eligibleUsers
             - location
@@ -673,9 +670,6 @@ spec:
                 description: Immutable. The PrivilegedAccessManagerEntitlement name.
                   If not given, the 'metadata.name' will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
             required:
             - eligibleUsers
             - location

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_secretmanagersecrets.secretmanager.cnrm.cloud.google.com.yaml

@@ -239,12 +239,9 @@ spec:
                     type: object
                 type: object
               resourceID:
-                description: Immutable. The SecretManagerSecret name. If not given,
-                  the metadata.name will be used.
+                description: The SecretManagerSecret name. If not given, the metadata.name
+                  will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
               rotation:
                 description: Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret].
                   May be excluded if there is no rotation policy.

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_securesourcemanagerrepositories.securesourcemanager.cnrm.cloud.google.com.yaml

@@ -268,12 +268,9 @@ spec:
                     type: string
                 type: object
               resourceID:
-                description: Immutable. The SecureSourceManagerRepository name. If
-                  not given, the metadata.name will be used.
+                description: The SecureSourceManagerRepository name. If not given,
+                  the metadata.name will be used.
                 type: string
-                x-kubernetes-validations:
-                - message: ResourceID field is immutable
-                  rule: self == oldSelf
             required:
             - instanceRef
             - location