From 4f007602176983f1b54872e6c9b38ef4a79b10af Mon Sep 17 00:00:00 2001
From: Gemma Hou <yuhou@google.com>
Date: Tue, 4 Feb 2025 22:21:41 +0000
Subject: [PATCH 1/2] Add CloudIdentityGroup mappers and fuzz

---
 apis/cloudidentity/v1beta1/group_types.go     |  21 ++--
 .../v1beta1/zz_generated.deepcopy.go          |  27 ++---
 ...s.cloudidentity.cnrm.cloud.google.com.yaml |   2 +-
 .../direct/cloudidentity/group_fuzzer.go      |  47 ++++++++
 .../direct/cloudidentity/group_mapper.go      | 103 ++++++++++++++++++
 pkg/controller/direct/register/register.go    |   1 +
 .../cloudidentity/cloudidentitygroup.md       |   2 +-
 7 files changed, 168 insertions(+), 35 deletions(-)
 create mode 100644 pkg/controller/direct/cloudidentity/group_fuzzer.go
 create mode 100644 pkg/controller/direct/cloudidentity/group_mapper.go

diff --git a/apis/cloudidentity/v1beta1/group_types.go b/apis/cloudidentity/v1beta1/group_types.go
index 5d2d344f6a..676e60fbd3 100644
--- a/apis/cloudidentity/v1beta1/group_types.go
+++ b/apis/cloudidentity/v1beta1/group_types.go
@@ -15,7 +15,7 @@
 package v1beta1
 
 import (
-	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/k8s/v1alpha1"
+	commonv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/common/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -43,7 +43,7 @@ type CloudIdentityGroupSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="GroupKey field is immutable"
 	// Immutable. EntityKey of the Group.
 	// +required
-	GroupKey EntityKey `json:"groupKey"`
+	GroupKey *EntityKey `json:"groupKey"`
 
 	// Immutable. The initial configuration options for creating a Group. See the [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"].
 	InitialGroupConfig *string `json:"initialGroupConfig,omitempty"`
@@ -62,10 +62,9 @@ type CloudIdentityGroupSpec struct {
 }
 
 // CloudIdentityGroupStatus defines the config connector machine state of CloudIdentityGroup
+// +kcc:proto=mockgcp.cloud.cloudidentity.groups.v1beta1.Group
 type CloudIdentityGroupStatus struct {
-	/* Conditions represent the latest available observations of the
-	   object's current state. */
-	Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
+	commonv1alpha1.CommonStatus `json:",inline"`
 
 	// The time when the `Group` was created.
 	// +kcc:proto:field=mockgcp.cloud.cloudidentity.groups.v1beta1.Group.create_time
@@ -75,18 +74,12 @@ type CloudIdentityGroupStatus struct {
 	// +kcc:proto:field=mockgcp.cloud.cloudidentity.groups.v1beta1.Group.name
 	Name *string `json:"name,omitempty"`
 
-	// A unique specifier for the CloudIdentityGroup resource in GCP.
-	ExternalRef *string `json:"externalRef,omitempty"`
-
-	// ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.
-	ObservedGeneration *int64 `json:"observedGeneration,omitempty"`
-
-	// ObservedState is the state of the resource as most recently observed in GCP.
-	ObservedState *CloudIdentityGroupObservedState `json:"observedState,omitempty"`
-
 	// The time when the `Group` was last updated.
 	// +kcc:proto:field=mockgcp.cloud.cloudidentity.groups.v1beta1.Group.update_time
 	UpdateTime *string `json:"updateTime,omitempty"`
+
+	// ObservedState is the state of the resource as most recently observed in GCP.
+	ObservedState *CloudIdentityGroupObservedState `json:"observedState,omitempty"`
 }
 
 // CloudIdentityGroupObservedState is the state of the CloudIdentityGroup resource as most recently observed in GCP.
diff --git a/apis/cloudidentity/v1beta1/zz_generated.deepcopy.go b/apis/cloudidentity/v1beta1/zz_generated.deepcopy.go
index fdca977017..f8b373b367 100644
--- a/apis/cloudidentity/v1beta1/zz_generated.deepcopy.go
+++ b/apis/cloudidentity/v1beta1/zz_generated.deepcopy.go
@@ -19,7 +19,6 @@
 package v1beta1
 
 import (
-	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/k8s/v1alpha1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -117,7 +116,11 @@ func (in *CloudIdentityGroupSpec) DeepCopyInto(out *CloudIdentityGroupSpec) {
 		*out = new(string)
 		**out = **in
 	}
-	in.GroupKey.DeepCopyInto(&out.GroupKey)
+	if in.GroupKey != nil {
+		in, out := &in.GroupKey, &out.GroupKey
+		*out = new(EntityKey)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.InitialGroupConfig != nil {
 		in, out := &in.InitialGroupConfig, &out.InitialGroupConfig
 		*out = new(string)
@@ -155,11 +158,7 @@ func (in *CloudIdentityGroupSpec) DeepCopy() *CloudIdentityGroupSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CloudIdentityGroupStatus) DeepCopyInto(out *CloudIdentityGroupStatus) {
 	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]v1alpha1.Condition, len(*in))
-		copy(*out, *in)
-	}
+	in.CommonStatus.DeepCopyInto(&out.CommonStatus)
 	if in.CreateTime != nil {
 		in, out := &in.CreateTime, &out.CreateTime
 		*out = new(string)
@@ -170,26 +169,16 @@ func (in *CloudIdentityGroupStatus) DeepCopyInto(out *CloudIdentityGroupStatus)
 		*out = new(string)
 		**out = **in
 	}
-	if in.ExternalRef != nil {
-		in, out := &in.ExternalRef, &out.ExternalRef
+	if in.UpdateTime != nil {
+		in, out := &in.UpdateTime, &out.UpdateTime
 		*out = new(string)
 		**out = **in
 	}
-	if in.ObservedGeneration != nil {
-		in, out := &in.ObservedGeneration, &out.ObservedGeneration
-		*out = new(int64)
-		**out = **in
-	}
 	if in.ObservedState != nil {
 		in, out := &in.ObservedState, &out.ObservedState
 		*out = new(CloudIdentityGroupObservedState)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.UpdateTime != nil {
-		in, out := &in.UpdateTime, &out.UpdateTime
-		*out = new(string)
-		**out = **in
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudIdentityGroupStatus.
diff --git a/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_cloudidentitygroups.cloudidentity.cnrm.cloud.google.com.yaml b/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_cloudidentitygroups.cloudidentity.cnrm.cloud.google.com.yaml
index a317814d2c..50d90697f4 100644
--- a/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_cloudidentitygroups.cloudidentity.cnrm.cloud.google.com.yaml
+++ b/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_cloudidentitygroups.cloudidentity.cnrm.cloud.google.com.yaml
@@ -167,7 +167,7 @@ spec:
                 description: The time when the `Group` was created.
                 type: string
               externalRef:
-                description: A unique specifier for the CloudIdentityGroup resource
+                description: A unique Config Connector specifier for the resource
                   in GCP.
                 type: string
               name:
diff --git a/pkg/controller/direct/cloudidentity/group_fuzzer.go b/pkg/controller/direct/cloudidentity/group_fuzzer.go
new file mode 100644
index 0000000000..d5394a4f91
--- /dev/null
+++ b/pkg/controller/direct/cloudidentity/group_fuzzer.go
@@ -0,0 +1,47 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cloudidentity
+
+import (
+	pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/cloudidentity/groups/v1beta1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/fuzztesting"
+)
+
+func init() {
+	fuzztesting.RegisterKRMFuzzer(cloudIdentityGroupFuzzer())
+}
+
+func cloudIdentityGroupFuzzer() fuzztesting.KRMFuzzer {
+	f := fuzztesting.NewKRMTypedFuzzer(&pb.Group{},
+		CloudIdentityGroupSpec_FromProto, CloudIdentityGroupSpec_ToProto,
+		CloudIdentityGroupStatus_FromProto, CloudIdentityGroupStatus_ToProto,
+	)
+
+	f.UnimplementedFields.Insert(".posix_groups")
+	f.UnimplementedFields.Insert(".dynamic_group_metadata")
+
+	f.SpecFields.Insert(".display_name")
+	f.SpecFields.Insert(".description")
+	f.SpecFields.Insert(".group_key")
+	f.SpecFields.Insert(".labels")
+	f.SpecFields.Insert(".parent")
+
+	f.StatusFields.Insert(".name")
+	f.StatusFields.Insert(".create_time")
+	f.StatusFields.Insert(".update_time")
+	f.StatusFields.Insert(".additional_group_keys")
+
+	return f
+}
diff --git a/pkg/controller/direct/cloudidentity/group_mapper.go b/pkg/controller/direct/cloudidentity/group_mapper.go
new file mode 100644
index 0000000000..290cb0c796
--- /dev/null
+++ b/pkg/controller/direct/cloudidentity/group_mapper.go
@@ -0,0 +1,103 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cloudidentity
+
+import (
+	krm "github.com/GoogleCloudPlatform/k8s-config-connector/apis/cloudidentity/v1beta1"
+	_ "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
+	pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/cloudidentity/groups/v1beta1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct"
+)
+
+func CloudIdentityGroupObservedState_FromProto(mapCtx *direct.MapContext, in *pb.Group) *krm.CloudIdentityGroupObservedState {
+	if in == nil {
+		return nil
+	}
+	out := &krm.CloudIdentityGroupObservedState{}
+	out.AdditionalGroupKeys = direct.Slice_FromProto(mapCtx, in.AdditionalGroupKeys, EntityKey_FromProto)
+	return out
+}
+func CloudIdentityGroupObservedState_ToProto(mapCtx *direct.MapContext, in *krm.CloudIdentityGroupObservedState) *pb.Group {
+	if in == nil {
+		return nil
+	}
+	out := &pb.Group{}
+	out.AdditionalGroupKeys = direct.Slice_ToProto(mapCtx, in.AdditionalGroupKeys, EntityKey_ToProto)
+	return out
+}
+func CloudIdentityGroupSpec_FromProto(mapCtx *direct.MapContext, in *pb.Group) *krm.CloudIdentityGroupSpec {
+	if in == nil {
+		return nil
+	}
+	out := &krm.CloudIdentityGroupSpec{}
+	out.Description = in.Description
+	out.DisplayName = in.DisplayName
+	out.GroupKey = EntityKey_FromProto(mapCtx, in.GetGroupKey())
+	out.Labels = in.Labels
+	out.Parent = in.Parent
+	return out
+}
+func CloudIdentityGroupSpec_ToProto(mapCtx *direct.MapContext, in *krm.CloudIdentityGroupSpec) *pb.Group {
+	if in == nil {
+		return nil
+	}
+	out := &pb.Group{}
+	out.Description = in.Description
+	out.DisplayName = in.DisplayName
+	out.GroupKey = EntityKey_ToProto(mapCtx, in.GroupKey)
+	out.Labels = in.Labels
+	out.Parent = in.Parent
+	return out
+}
+func CloudIdentityGroupStatus_FromProto(mapCtx *direct.MapContext, in *pb.Group) *krm.CloudIdentityGroupStatus {
+	if in == nil {
+		return nil
+	}
+	out := &krm.CloudIdentityGroupStatus{}
+	out.CreateTime = direct.StringTimestamp_FromProto(mapCtx, in.GetCreateTime())
+	out.Name = in.Name
+	out.UpdateTime = direct.StringTimestamp_FromProto(mapCtx, in.GetUpdateTime())
+	out.ObservedState = CloudIdentityGroupObservedState_FromProto(mapCtx, in)
+	return out
+}
+func CloudIdentityGroupStatus_ToProto(mapCtx *direct.MapContext, in *krm.CloudIdentityGroupStatus) *pb.Group {
+	if in == nil {
+		return nil
+	}
+	out := &pb.Group{}
+	out.CreateTime = direct.StringTimestamp_ToProto(mapCtx, in.CreateTime)
+	out.Name = in.Name
+	out.UpdateTime = direct.StringTimestamp_ToProto(mapCtx, in.UpdateTime)
+	out.AdditionalGroupKeys = CloudIdentityGroupObservedState_ToProto(mapCtx, in.ObservedState).AdditionalGroupKeys
+	return out
+}
+func EntityKey_FromProto(mapCtx *direct.MapContext, in *pb.EntityKey) *krm.EntityKey {
+	if in == nil {
+		return nil
+	}
+	out := &krm.EntityKey{}
+	out.ID = direct.ValueOf(in.Id)
+	out.Namespace = in.Namespace
+	return out
+}
+func EntityKey_ToProto(mapCtx *direct.MapContext, in *krm.EntityKey) *pb.EntityKey {
+	if in == nil {
+		return nil
+	}
+	out := &pb.EntityKey{}
+	out.Id = direct.LazyPtr(in.ID)
+	out.Namespace = in.Namespace
+	return out
+}
diff --git a/pkg/controller/direct/register/register.go b/pkg/controller/direct/register/register.go
index 9dce92703d..1be8aaebbc 100644
--- a/pkg/controller/direct/register/register.go
+++ b/pkg/controller/direct/register/register.go
@@ -24,6 +24,7 @@ import (
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/bigquerydatatransfer"
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/certificatemanager"
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/cloudbuild"
+	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/cloudidentity"
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/compute/firewallpolicyrule"
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/compute/forwardingrule"
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/compute/targettcpproxy"
diff --git a/scripts/generate-google3-docs/resource-reference/generated/resource-docs/cloudidentity/cloudidentitygroup.md b/scripts/generate-google3-docs/resource-reference/generated/resource-docs/cloudidentity/cloudidentitygroup.md
index dd015726d7..3df0be9512 100644
--- a/scripts/generate-google3-docs/resource-reference/generated/resource-docs/cloudidentity/cloudidentitygroup.md
+++ b/scripts/generate-google3-docs/resource-reference/generated/resource-docs/cloudidentity/cloudidentitygroup.md
@@ -264,7 +264,7 @@ updateTime: string
         <td><code>externalRef</code></td>
         <td>
             <p><code class="apitype">string</code></p>
-            <p>{% verbatim %}A unique specifier for the CloudIdentityGroup resource in GCP.{% endverbatim %}</p>
+            <p>{% verbatim %}A unique Config Connector specifier for the resource in GCP.{% endverbatim %}</p>
         </td>
     </tr>
     <tr>

From 92d0cc46249a21ae095964dbbf4339df45b2e8c5 Mon Sep 17 00:00:00 2001
From: Gemma Hou <yuhou@google.com>
Date: Mon, 10 Feb 2025 22:38:13 +0000
Subject: [PATCH 2/2] Add CloudIdentityGroup mappers and fuzz

---
 pkg/controller/direct/cloudidentity/group_mapper.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/controller/direct/cloudidentity/group_mapper.go b/pkg/controller/direct/cloudidentity/group_mapper.go
index 290cb0c796..b58578b967 100644
--- a/pkg/controller/direct/cloudidentity/group_mapper.go
+++ b/pkg/controller/direct/cloudidentity/group_mapper.go
@@ -80,7 +80,10 @@ func CloudIdentityGroupStatus_ToProto(mapCtx *direct.MapContext, in *krm.CloudId
 	out.CreateTime = direct.StringTimestamp_ToProto(mapCtx, in.CreateTime)
 	out.Name = in.Name
 	out.UpdateTime = direct.StringTimestamp_ToProto(mapCtx, in.UpdateTime)
-	out.AdditionalGroupKeys = CloudIdentityGroupObservedState_ToProto(mapCtx, in.ObservedState).AdditionalGroupKeys
+	observedState := CloudIdentityGroupObservedState_ToProto(mapCtx, in.ObservedState)
+	if observedState != nil {
+		out.AdditionalGroupKeys = observedState.AdditionalGroupKeys
+	}
 	return out
 }
 func EntityKey_FromProto(mapCtx *direct.MapContext, in *pb.EntityKey) *krm.EntityKey {