diff --git a/Makefile b/Makefile
index 99603e5..a2ea9ec 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 LIBRARY_VERSION:=0.5.2
-PROVIDER_VERSION:=0.22.0
+PROVIDER_VERSION:=0.24.0
 JSONNET_BIN:=jrsonnet
 CROSSPLANE?=crossplane
 REGISTRY?=ghcr.io
@@ -22,6 +22,7 @@ generator/crds.yaml:
 grafanaplane/zz: $(GENERATOR_DEPTHS)
 	rm -rf grafanaplane/zz && \
 	FILES=$$($(JSONNET_BIN) \
+		  -s  1000 \
 		  -S -c -m grafanaplane \
 		  -J generator/vendor \
 		  -A 'version=$(LIBRARY_VERSION)-$(PROVIDER_VERSION)' \
diff --git a/docs/README.md b/docs/README.md
index a7d147c..fbb3f2c 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -11,7 +11,7 @@ Most of this library is generated: the Compositions/XRDs packages, Configuration
 ## Install
 
 ```
-jb install github.com/grafana/grafana-crossplane-libsonnet/grafanaplane@0.5.2-0.22.0
+jb install github.com/grafana/grafana-crossplane-libsonnet/grafanaplane@0.5.2-0.24.0
 ```
 
 ## Usage
diff --git a/docs/configurations.md b/docs/configurations.md
index 983d5b2..1ff9380 100644
--- a/docs/configurations.md
+++ b/docs/configurations.md
@@ -11,6 +11,8 @@ local configurations = grafanaplane.configurations;
 [
   configuration.alerting,
   configuration.cloud,
+  configuration.cloudprovider,
+  configuration.connections,
   configuration.enterprise,
   configuration.ml,
   configuration.oncall,
diff --git a/docs/raw/cloud/index.md b/docs/raw/cloud/index.md
index aa65750..086260e 100644
--- a/docs/raw/cloud/index.md
+++ b/docs/raw/cloud/index.md
@@ -6,6 +6,7 @@
 
 * [v1alpha1.accessPolicy](v1alpha1/accessPolicy/index.md)
 * [v1alpha1.accessPolicyToken](v1alpha1/accessPolicyToken.md)
+* [v1alpha1.orgMember](v1alpha1/orgMember.md)
 * [v1alpha1.pluginInstallation](v1alpha1/pluginInstallation.md)
 * [v1alpha1.stack](v1alpha1/stack.md)
 * [v1alpha1.stackServiceAccount](v1alpha1/stackServiceAccount.md)
diff --git a/docs/raw/cloud/v1alpha1/orgMember.md b/docs/raw/cloud/v1alpha1/orgMember.md
new file mode 100644
index 0000000..ae2069f
--- /dev/null
+++ b/docs/raw/cloud/v1alpha1/orgMember.md
@@ -0,0 +1,1262 @@
+# orgMember
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withOrg(value)`](#fn-specparametersforproviderwithorg)
+      * [`fn withReceiveBillingEmails(value=true)`](#fn-specparametersforproviderwithreceivebillingemails)
+      * [`fn withRole(value)`](#fn-specparametersforproviderwithrole)
+      * [`fn withUser(value)`](#fn-specparametersforproviderwithuser)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withOrg(value)`](#fn-specparametersinitproviderwithorg)
+      * [`fn withReceiveBillingEmails(value=true)`](#fn-specparametersinitproviderwithreceivebillingemails)
+      * [`fn withRole(value)`](#fn-specparametersinitproviderwithrole)
+      * [`fn withUser(value)`](#fn-specparametersinitproviderwithuser)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+OrgMemberSpec defines the desired state of OrgMember
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+OrgMemberSpec defines the desired state of OrgMember
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withOrg
+
+```jsonnet
+spec.parameters.forProvider.withOrg(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The slug or ID of the organization.
+###### fn spec.parameters.forProvider.withReceiveBillingEmails
+
+```jsonnet
+spec.parameters.forProvider.withReceiveBillingEmails(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+Whether the user should receive billing emails.
+###### fn spec.parameters.forProvider.withRole
+
+```jsonnet
+spec.parameters.forProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The role to assign to the user in the organization.
+###### fn spec.parameters.forProvider.withUser
+
+```jsonnet
+spec.parameters.forProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Username or ID of the user to add to the org's members.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withOrg
+
+```jsonnet
+spec.parameters.initProvider.withOrg(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The slug or ID of the organization.
+###### fn spec.parameters.initProvider.withReceiveBillingEmails
+
+```jsonnet
+spec.parameters.initProvider.withReceiveBillingEmails(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+Whether the user should receive billing emails.
+###### fn spec.parameters.initProvider.withRole
+
+```jsonnet
+spec.parameters.initProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The role to assign to the user in the organization.
+###### fn spec.parameters.initProvider.withUser
+
+```jsonnet
+spec.parameters.initProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Username or ID of the user to add to the org's members.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/cloudprovider/index.md b/docs/raw/cloudprovider/index.md
new file mode 100644
index 0000000..1e942a2
--- /dev/null
+++ b/docs/raw/cloudprovider/index.md
@@ -0,0 +1,9 @@
+# cloudprovider
+
+
+
+## Subpackages
+
+* [v1alpha1.awsAccount](v1alpha1/awsAccount.md)
+* [v1alpha1.awsCloudwatchScrapeJob](v1alpha1/awsCloudwatchScrapeJob/index.md)
+* [v1alpha1.azureCredential](v1alpha1/azureCredential/index.md)
diff --git a/docs/raw/cloudprovider/v1alpha1/awsAccount.md b/docs/raw/cloudprovider/v1alpha1/awsAccount.md
new file mode 100644
index 0000000..58329ef
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsAccount.md
@@ -0,0 +1,1268 @@
+# awsAccount
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withRegions(value)`](#fn-specparametersforproviderwithregions)
+      * [`fn withRegionsMixin(value)`](#fn-specparametersforproviderwithregionsmixin)
+      * [`fn withRoleArn(value)`](#fn-specparametersforproviderwithrolearn)
+      * [`fn withStackId(value)`](#fn-specparametersforproviderwithstackid)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withRegions(value)`](#fn-specparametersinitproviderwithregions)
+      * [`fn withRegionsMixin(value)`](#fn-specparametersinitproviderwithregionsmixin)
+      * [`fn withRoleArn(value)`](#fn-specparametersinitproviderwithrolearn)
+      * [`fn withStackId(value)`](#fn-specparametersinitproviderwithstackid)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AwsAccountSpec defines the desired state of AwsAccount
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AwsAccountSpec defines the desired state of AwsAccount
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withRegions
+
+```jsonnet
+spec.parameters.forProvider.withRegions(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of regions that this AWS Account resource applies to.
+A set of regions that this AWS Account resource applies to.
+###### fn spec.parameters.forProvider.withRegionsMixin
+
+```jsonnet
+spec.parameters.forProvider.withRegionsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of regions that this AWS Account resource applies to.
+A set of regions that this AWS Account resource applies to.
+###### fn spec.parameters.forProvider.withRoleArn
+
+```jsonnet
+spec.parameters.forProvider.withRoleArn(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) An IAM Role ARN string to represent with this AWS Account resource.
+An IAM Role ARN string to represent with this AWS Account resource.
+###### fn spec.parameters.forProvider.withStackId
+
+```jsonnet
+spec.parameters.forProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The StackID of the Grafana Cloud instance.
+The StackID of the Grafana Cloud instance.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withRegions
+
+```jsonnet
+spec.parameters.initProvider.withRegions(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of regions that this AWS Account resource applies to.
+A set of regions that this AWS Account resource applies to.
+###### fn spec.parameters.initProvider.withRegionsMixin
+
+```jsonnet
+spec.parameters.initProvider.withRegionsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of regions that this AWS Account resource applies to.
+A set of regions that this AWS Account resource applies to.
+###### fn spec.parameters.initProvider.withRoleArn
+
+```jsonnet
+spec.parameters.initProvider.withRoleArn(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) An IAM Role ARN string to represent with this AWS Account resource.
+An IAM Role ARN string to represent with this AWS Account resource.
+###### fn spec.parameters.initProvider.withStackId
+
+```jsonnet
+spec.parameters.initProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The StackID of the Grafana Cloud instance.
+The StackID of the Grafana Cloud instance.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/index.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/index.md
new file mode 100644
index 0000000..44924ac
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/index.md
@@ -0,0 +1,1461 @@
+# awsCloudwatchScrapeJob
+
+
+
+## Subpackages
+
+* [spec.parameters.forProvider.customNamespace](spec/parameters/forProvider/customNamespace/index.md)
+* [spec.parameters.forProvider.service](spec/parameters/forProvider/service/index.md)
+* [spec.parameters.initProvider.customNamespace](spec/parameters/initProvider/customNamespace/index.md)
+* [spec.parameters.initProvider.service](spec/parameters/initProvider/service/index.md)
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withAwsAccountResourceId(value)`](#fn-specparametersforproviderwithawsaccountresourceid)
+      * [`fn withCustomNamespace(value)`](#fn-specparametersforproviderwithcustomnamespace)
+      * [`fn withCustomNamespaceMixin(value)`](#fn-specparametersforproviderwithcustomnamespacemixin)
+      * [`fn withEnabled(value=true)`](#fn-specparametersforproviderwithenabled)
+      * [`fn withExportTags(value=true)`](#fn-specparametersforproviderwithexporttags)
+      * [`fn withName(value)`](#fn-specparametersforproviderwithname)
+      * [`fn withRegionsSubsetOverride(value)`](#fn-specparametersforproviderwithregionssubsetoverride)
+      * [`fn withRegionsSubsetOverrideMixin(value)`](#fn-specparametersforproviderwithregionssubsetoverridemixin)
+      * [`fn withService(value)`](#fn-specparametersforproviderwithservice)
+      * [`fn withServiceMixin(value)`](#fn-specparametersforproviderwithservicemixin)
+      * [`fn withStackId(value)`](#fn-specparametersforproviderwithstackid)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withAwsAccountResourceId(value)`](#fn-specparametersinitproviderwithawsaccountresourceid)
+      * [`fn withCustomNamespace(value)`](#fn-specparametersinitproviderwithcustomnamespace)
+      * [`fn withCustomNamespaceMixin(value)`](#fn-specparametersinitproviderwithcustomnamespacemixin)
+      * [`fn withEnabled(value=true)`](#fn-specparametersinitproviderwithenabled)
+      * [`fn withExportTags(value=true)`](#fn-specparametersinitproviderwithexporttags)
+      * [`fn withName(value)`](#fn-specparametersinitproviderwithname)
+      * [`fn withRegionsSubsetOverride(value)`](#fn-specparametersinitproviderwithregionssubsetoverride)
+      * [`fn withRegionsSubsetOverrideMixin(value)`](#fn-specparametersinitproviderwithregionssubsetoverridemixin)
+      * [`fn withService(value)`](#fn-specparametersinitproviderwithservice)
+      * [`fn withServiceMixin(value)`](#fn-specparametersinitproviderwithservicemixin)
+      * [`fn withStackId(value)`](#fn-specparametersinitproviderwithstackid)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AwsCloudwatchScrapeJobSpec defines the desired state of AwsCloudwatchScrapeJob
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AwsCloudwatchScrapeJobSpec defines the desired state of AwsCloudwatchScrapeJob
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withAwsAccountResourceId
+
+```jsonnet
+spec.parameters.forProvider.withAwsAccountResourceId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+###### fn spec.parameters.forProvider.withCustomNamespace
+
+```jsonnet
+spec.parameters.forProvider.withCustomNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.forProvider.withCustomNamespaceMixin
+
+```jsonnet
+spec.parameters.forProvider.withCustomNamespaceMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.forProvider.withEnabled
+
+```jsonnet
+spec.parameters.forProvider.withEnabled(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+(Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+Whether the CloudWatch Scrape Job is enabled or not.
+###### fn spec.parameters.forProvider.withExportTags
+
+```jsonnet
+spec.parameters.forProvider.withExportTags(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+(Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
+###### fn spec.parameters.forProvider.withName
+
+```jsonnet
+spec.parameters.forProvider.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the CloudWatch Scrape Job.
+###### fn spec.parameters.forProvider.withRegionsSubsetOverride
+
+```jsonnet
+spec.parameters.forProvider.withRegionsSubsetOverride(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+###### fn spec.parameters.forProvider.withRegionsSubsetOverrideMixin
+
+```jsonnet
+spec.parameters.forProvider.withRegionsSubsetOverrideMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+###### fn spec.parameters.forProvider.withService
+
+```jsonnet
+spec.parameters.forProvider.withService(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.forProvider.withServiceMixin
+
+```jsonnet
+spec.parameters.forProvider.withServiceMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.forProvider.withStackId
+
+```jsonnet
+spec.parameters.forProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Stack ID of the Grafana Cloud instance.
+The Stack ID of the Grafana Cloud instance.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withAwsAccountResourceId
+
+```jsonnet
+spec.parameters.initProvider.withAwsAccountResourceId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+###### fn spec.parameters.initProvider.withCustomNamespace
+
+```jsonnet
+spec.parameters.initProvider.withCustomNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.initProvider.withCustomNamespaceMixin
+
+```jsonnet
+spec.parameters.initProvider.withCustomNamespaceMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.initProvider.withEnabled
+
+```jsonnet
+spec.parameters.initProvider.withEnabled(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+(Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+Whether the CloudWatch Scrape Job is enabled or not.
+###### fn spec.parameters.initProvider.withExportTags
+
+```jsonnet
+spec.parameters.initProvider.withExportTags(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+(Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
+###### fn spec.parameters.initProvider.withName
+
+```jsonnet
+spec.parameters.initProvider.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the CloudWatch Scrape Job.
+###### fn spec.parameters.initProvider.withRegionsSubsetOverride
+
+```jsonnet
+spec.parameters.initProvider.withRegionsSubsetOverride(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+###### fn spec.parameters.initProvider.withRegionsSubsetOverrideMixin
+
+```jsonnet
+spec.parameters.initProvider.withRegionsSubsetOverrideMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+###### fn spec.parameters.initProvider.withService
+
+```jsonnet
+spec.parameters.initProvider.withService(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.initProvider.withServiceMixin
+
+```jsonnet
+spec.parameters.initProvider.withServiceMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+###### fn spec.parameters.initProvider.withStackId
+
+```jsonnet
+spec.parameters.initProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Stack ID of the Grafana Cloud instance.
+The Stack ID of the Grafana Cloud instance.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/customNamespace/index.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/customNamespace/index.md
new file mode 100644
index 0000000..58be719
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/customNamespace/index.md
@@ -0,0 +1,65 @@
+# customNamespace
+
+
+
+## Subpackages
+
+* [metric](metric.md)
+
+## Index
+
+* [`fn withMetric(value)`](#fn-withmetric)
+* [`fn withMetricMixin(value)`](#fn-withmetricmixin)
+* [`fn withName(value)`](#fn-withname)
+* [`fn withScrapeIntervalSeconds(value)`](#fn-withscrapeintervalseconds)
+
+## Fields
+
+### fn withMetric
+
+```jsonnet
+withMetric(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withMetricMixin
+
+```jsonnet
+withMetricMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the custom namespace to scrape.
+### fn withScrapeIntervalSeconds
+
+```jsonnet
+withScrapeIntervalSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`number`)
+
+(Number) The interval in seconds to scrape the custom namespace.
+The interval in seconds to scrape the custom namespace.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/customNamespace/metric.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/customNamespace/metric.md
new file mode 100644
index 0000000..bb6b63d
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/customNamespace/metric.md
@@ -0,0 +1,48 @@
+# metric
+
+
+
+## Index
+
+* [`fn withName(value)`](#fn-withname)
+* [`fn withStatistics(value)`](#fn-withstatistics)
+* [`fn withStatisticsMixin(value)`](#fn-withstatisticsmixin)
+
+## Fields
+
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the metric to scrape.
+### fn withStatistics
+
+```jsonnet
+withStatistics(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
+### fn withStatisticsMixin
+
+```jsonnet
+withStatisticsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/index.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/index.md
new file mode 100644
index 0000000..247c3c1
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/index.md
@@ -0,0 +1,118 @@
+# service
+
+
+
+## Subpackages
+
+* [metric](metric.md)
+* [resourceDiscoveryTagFilter](resourceDiscoveryTagFilter.md)
+
+## Index
+
+* [`fn withMetric(value)`](#fn-withmetric)
+* [`fn withMetricMixin(value)`](#fn-withmetricmixin)
+* [`fn withName(value)`](#fn-withname)
+* [`fn withResourceDiscoveryTagFilter(value)`](#fn-withresourcediscoverytagfilter)
+* [`fn withResourceDiscoveryTagFilterMixin(value)`](#fn-withresourcediscoverytagfiltermixin)
+* [`fn withScrapeIntervalSeconds(value)`](#fn-withscrapeintervalseconds)
+* [`fn withTagsToAddToMetrics(value)`](#fn-withtagstoaddtometrics)
+* [`fn withTagsToAddToMetricsMixin(value)`](#fn-withtagstoaddtometricsmixin)
+
+## Fields
+
+### fn withMetric
+
+```jsonnet
+withMetric(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withMetricMixin
+
+```jsonnet
+withMetricMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
+### fn withResourceDiscoveryTagFilter
+
+```jsonnet
+withResourceDiscoveryTagFilter(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+### fn withResourceDiscoveryTagFilterMixin
+
+```jsonnet
+withResourceDiscoveryTagFilterMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+### fn withScrapeIntervalSeconds
+
+```jsonnet
+withScrapeIntervalSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`number`)
+
+(Number) The interval in seconds to scrape the custom namespace.
+The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+### fn withTagsToAddToMetrics
+
+```jsonnet
+withTagsToAddToMetrics(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+### fn withTagsToAddToMetricsMixin
+
+```jsonnet
+withTagsToAddToMetricsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/metric.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/metric.md
new file mode 100644
index 0000000..bb6b63d
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/metric.md
@@ -0,0 +1,48 @@
+# metric
+
+
+
+## Index
+
+* [`fn withName(value)`](#fn-withname)
+* [`fn withStatistics(value)`](#fn-withstatistics)
+* [`fn withStatisticsMixin(value)`](#fn-withstatisticsmixin)
+
+## Fields
+
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the metric to scrape.
+### fn withStatistics
+
+```jsonnet
+withStatistics(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
+### fn withStatisticsMixin
+
+```jsonnet
+withStatisticsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/resourceDiscoveryTagFilter.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/resourceDiscoveryTagFilter.md
new file mode 100644
index 0000000..863f493
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/forProvider/service/resourceDiscoveryTagFilter.md
@@ -0,0 +1,35 @@
+# resourceDiscoveryTagFilter
+
+
+
+## Index
+
+* [`fn withKey(value)`](#fn-withkey)
+* [`fn withValue(value)`](#fn-withvalue)
+
+## Fields
+
+### fn withKey
+
+```jsonnet
+withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The key of the tag filter.
+The key of the tag filter.
+### fn withValue
+
+```jsonnet
+withValue(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The value of the tag filter.
+The value of the tag filter.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/customNamespace/index.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/customNamespace/index.md
new file mode 100644
index 0000000..58be719
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/customNamespace/index.md
@@ -0,0 +1,65 @@
+# customNamespace
+
+
+
+## Subpackages
+
+* [metric](metric.md)
+
+## Index
+
+* [`fn withMetric(value)`](#fn-withmetric)
+* [`fn withMetricMixin(value)`](#fn-withmetricmixin)
+* [`fn withName(value)`](#fn-withname)
+* [`fn withScrapeIntervalSeconds(value)`](#fn-withscrapeintervalseconds)
+
+## Fields
+
+### fn withMetric
+
+```jsonnet
+withMetric(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withMetricMixin
+
+```jsonnet
+withMetricMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the custom namespace to scrape.
+### fn withScrapeIntervalSeconds
+
+```jsonnet
+withScrapeIntervalSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`number`)
+
+(Number) The interval in seconds to scrape the custom namespace.
+The interval in seconds to scrape the custom namespace.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/customNamespace/metric.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/customNamespace/metric.md
new file mode 100644
index 0000000..bb6b63d
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/customNamespace/metric.md
@@ -0,0 +1,48 @@
+# metric
+
+
+
+## Index
+
+* [`fn withName(value)`](#fn-withname)
+* [`fn withStatistics(value)`](#fn-withstatistics)
+* [`fn withStatisticsMixin(value)`](#fn-withstatisticsmixin)
+
+## Fields
+
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the metric to scrape.
+### fn withStatistics
+
+```jsonnet
+withStatistics(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
+### fn withStatisticsMixin
+
+```jsonnet
+withStatisticsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/index.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/index.md
new file mode 100644
index 0000000..247c3c1
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/index.md
@@ -0,0 +1,118 @@
+# service
+
+
+
+## Subpackages
+
+* [metric](metric.md)
+* [resourceDiscoveryTagFilter](resourceDiscoveryTagFilter.md)
+
+## Index
+
+* [`fn withMetric(value)`](#fn-withmetric)
+* [`fn withMetricMixin(value)`](#fn-withmetricmixin)
+* [`fn withName(value)`](#fn-withname)
+* [`fn withResourceDiscoveryTagFilter(value)`](#fn-withresourcediscoverytagfilter)
+* [`fn withResourceDiscoveryTagFilterMixin(value)`](#fn-withresourcediscoverytagfiltermixin)
+* [`fn withScrapeIntervalSeconds(value)`](#fn-withscrapeintervalseconds)
+* [`fn withTagsToAddToMetrics(value)`](#fn-withtagstoaddtometrics)
+* [`fn withTagsToAddToMetricsMixin(value)`](#fn-withtagstoaddtometricsmixin)
+
+## Fields
+
+### fn withMetric
+
+```jsonnet
+withMetric(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withMetricMixin
+
+```jsonnet
+withMetricMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
+### fn withResourceDiscoveryTagFilter
+
+```jsonnet
+withResourceDiscoveryTagFilter(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+### fn withResourceDiscoveryTagFilterMixin
+
+```jsonnet
+withResourceDiscoveryTagFilterMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+### fn withScrapeIntervalSeconds
+
+```jsonnet
+withScrapeIntervalSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`number`)
+
+(Number) The interval in seconds to scrape the custom namespace.
+The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+### fn withTagsToAddToMetrics
+
+```jsonnet
+withTagsToAddToMetrics(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+### fn withTagsToAddToMetricsMixin
+
+```jsonnet
+withTagsToAddToMetricsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/metric.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/metric.md
new file mode 100644
index 0000000..bb6b63d
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/metric.md
@@ -0,0 +1,48 @@
+# metric
+
+
+
+## Index
+
+* [`fn withName(value)`](#fn-withname)
+* [`fn withStatistics(value)`](#fn-withstatistics)
+* [`fn withStatisticsMixin(value)`](#fn-withstatisticsmixin)
+
+## Fields
+
+### fn withName
+
+```jsonnet
+withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the CloudWatch Scrape Job.
+The name of the metric to scrape.
+### fn withStatistics
+
+```jsonnet
+withStatistics(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
+### fn withStatisticsMixin
+
+```jsonnet
+withStatisticsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Set of String) A set of statistics to scrape.
+A set of statistics to scrape.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/resourceDiscoveryTagFilter.md b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/resourceDiscoveryTagFilter.md
new file mode 100644
index 0000000..863f493
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters/initProvider/service/resourceDiscoveryTagFilter.md
@@ -0,0 +1,35 @@
+# resourceDiscoveryTagFilter
+
+
+
+## Index
+
+* [`fn withKey(value)`](#fn-withkey)
+* [`fn withValue(value)`](#fn-withvalue)
+
+## Fields
+
+### fn withKey
+
+```jsonnet
+withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The key of the tag filter.
+The key of the tag filter.
+### fn withValue
+
+```jsonnet
+withValue(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The value of the tag filter.
+The value of the tag filter.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/azureCredential/index.md b/docs/raw/cloudprovider/v1alpha1/azureCredential/index.md
new file mode 100644
index 0000000..1505c23
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/azureCredential/index.md
@@ -0,0 +1,1457 @@
+# azureCredential
+
+
+
+## Subpackages
+
+* [spec.parameters.forProvider.resourceDiscoveryTagFilter](spec/parameters/forProvider/resourceDiscoveryTagFilter.md)
+* [spec.parameters.initProvider.resourceDiscoveryTagFilter](spec/parameters/initProvider/resourceDiscoveryTagFilter.md)
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withClientId(value)`](#fn-specparametersforproviderwithclientid)
+      * [`fn withClientSecretSecretRef(value)`](#fn-specparametersforproviderwithclientsecretsecretref)
+      * [`fn withClientSecretSecretRefMixin(value)`](#fn-specparametersforproviderwithclientsecretsecretrefmixin)
+      * [`fn withName(value)`](#fn-specparametersforproviderwithname)
+      * [`fn withResourceDiscoveryTagFilter(value)`](#fn-specparametersforproviderwithresourcediscoverytagfilter)
+      * [`fn withResourceDiscoveryTagFilterMixin(value)`](#fn-specparametersforproviderwithresourcediscoverytagfiltermixin)
+      * [`fn withStackId(value)`](#fn-specparametersforproviderwithstackid)
+      * [`fn withTenantId(value)`](#fn-specparametersforproviderwithtenantid)
+      * [`obj clientSecretSecretRef`](#obj-specparametersforproviderclientsecretsecretref)
+        * [`fn withKey(value)`](#fn-specparametersforproviderclientsecretsecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersforproviderclientsecretsecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersforproviderclientsecretsecretrefwithnamespace)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withClientId(value)`](#fn-specparametersinitproviderwithclientid)
+      * [`fn withClientSecretSecretRef(value)`](#fn-specparametersinitproviderwithclientsecretsecretref)
+      * [`fn withClientSecretSecretRefMixin(value)`](#fn-specparametersinitproviderwithclientsecretsecretrefmixin)
+      * [`fn withName(value)`](#fn-specparametersinitproviderwithname)
+      * [`fn withResourceDiscoveryTagFilter(value)`](#fn-specparametersinitproviderwithresourcediscoverytagfilter)
+      * [`fn withResourceDiscoveryTagFilterMixin(value)`](#fn-specparametersinitproviderwithresourcediscoverytagfiltermixin)
+      * [`fn withStackId(value)`](#fn-specparametersinitproviderwithstackid)
+      * [`fn withTenantId(value)`](#fn-specparametersinitproviderwithtenantid)
+      * [`obj clientSecretSecretRef`](#obj-specparametersinitproviderclientsecretsecretref)
+        * [`fn withKey(value)`](#fn-specparametersinitproviderclientsecretsecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersinitproviderclientsecretsecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersinitproviderclientsecretsecretrefwithnamespace)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AzureCredentialSpec defines the desired state of AzureCredential
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AzureCredentialSpec defines the desired state of AzureCredential
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withClientId
+
+```jsonnet
+spec.parameters.forProvider.withClientId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The client ID of the Azure Credential.
+The client ID of the Azure Credential.
+###### fn spec.parameters.forProvider.withClientSecretSecretRef
+
+```jsonnet
+spec.parameters.forProvider.withClientSecretSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) The client secret of the Azure Credential.
+The client secret of the Azure Credential.
+###### fn spec.parameters.forProvider.withClientSecretSecretRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withClientSecretSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) The client secret of the Azure Credential.
+The client secret of the Azure Credential.
+###### fn spec.parameters.forProvider.withName
+
+```jsonnet
+spec.parameters.forProvider.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the Azure Credential.
+The name of the Azure Credential.
+###### fn spec.parameters.forProvider.withResourceDiscoveryTagFilter
+
+```jsonnet
+spec.parameters.forProvider.withResourceDiscoveryTagFilter(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) The list of tag filters to apply to resources. (see below for nested schema)
+The list of tag filters to apply to resources.
+###### fn spec.parameters.forProvider.withResourceDiscoveryTagFilterMixin
+
+```jsonnet
+spec.parameters.forProvider.withResourceDiscoveryTagFilterMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) The list of tag filters to apply to resources. (see below for nested schema)
+The list of tag filters to apply to resources.
+###### fn spec.parameters.forProvider.withStackId
+
+```jsonnet
+spec.parameters.forProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The StackID of the Grafana Cloud instance.
+The StackID of the Grafana Cloud instance.
+###### fn spec.parameters.forProvider.withTenantId
+
+```jsonnet
+spec.parameters.forProvider.withTenantId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The tenant ID of the Azure Credential.
+The tenant ID of the Azure Credential.
+###### obj spec.parameters.forProvider.clientSecretSecretRef
+
+
+####### fn spec.parameters.forProvider.clientSecretSecretRef.withKey
+
+```jsonnet
+spec.parameters.forProvider.clientSecretSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.forProvider.clientSecretSecretRef.withName
+
+```jsonnet
+spec.parameters.forProvider.clientSecretSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.forProvider.clientSecretSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.forProvider.clientSecretSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withClientId
+
+```jsonnet
+spec.parameters.initProvider.withClientId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The client ID of the Azure Credential.
+The client ID of the Azure Credential.
+###### fn spec.parameters.initProvider.withClientSecretSecretRef
+
+```jsonnet
+spec.parameters.initProvider.withClientSecretSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) The client secret of the Azure Credential.
+The client secret of the Azure Credential.
+###### fn spec.parameters.initProvider.withClientSecretSecretRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withClientSecretSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) The client secret of the Azure Credential.
+The client secret of the Azure Credential.
+###### fn spec.parameters.initProvider.withName
+
+```jsonnet
+spec.parameters.initProvider.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the Azure Credential.
+The name of the Azure Credential.
+###### fn spec.parameters.initProvider.withResourceDiscoveryTagFilter
+
+```jsonnet
+spec.parameters.initProvider.withResourceDiscoveryTagFilter(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) The list of tag filters to apply to resources. (see below for nested schema)
+The list of tag filters to apply to resources.
+###### fn spec.parameters.initProvider.withResourceDiscoveryTagFilterMixin
+
+```jsonnet
+spec.parameters.initProvider.withResourceDiscoveryTagFilterMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+(Block List) The list of tag filters to apply to resources. (see below for nested schema)
+The list of tag filters to apply to resources.
+###### fn spec.parameters.initProvider.withStackId
+
+```jsonnet
+spec.parameters.initProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The StackID of the Grafana Cloud instance.
+The StackID of the Grafana Cloud instance.
+###### fn spec.parameters.initProvider.withTenantId
+
+```jsonnet
+spec.parameters.initProvider.withTenantId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The tenant ID of the Azure Credential.
+The tenant ID of the Azure Credential.
+###### obj spec.parameters.initProvider.clientSecretSecretRef
+
+
+####### fn spec.parameters.initProvider.clientSecretSecretRef.withKey
+
+```jsonnet
+spec.parameters.initProvider.clientSecretSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.initProvider.clientSecretSecretRef.withName
+
+```jsonnet
+spec.parameters.initProvider.clientSecretSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.initProvider.clientSecretSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.initProvider.clientSecretSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/cloudprovider/v1alpha1/azureCredential/spec/parameters/forProvider/resourceDiscoveryTagFilter.md b/docs/raw/cloudprovider/v1alpha1/azureCredential/spec/parameters/forProvider/resourceDiscoveryTagFilter.md
new file mode 100644
index 0000000..863f493
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/azureCredential/spec/parameters/forProvider/resourceDiscoveryTagFilter.md
@@ -0,0 +1,35 @@
+# resourceDiscoveryTagFilter
+
+
+
+## Index
+
+* [`fn withKey(value)`](#fn-withkey)
+* [`fn withValue(value)`](#fn-withvalue)
+
+## Fields
+
+### fn withKey
+
+```jsonnet
+withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The key of the tag filter.
+The key of the tag filter.
+### fn withValue
+
+```jsonnet
+withValue(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The value of the tag filter.
+The value of the tag filter.
\ No newline at end of file
diff --git a/docs/raw/cloudprovider/v1alpha1/azureCredential/spec/parameters/initProvider/resourceDiscoveryTagFilter.md b/docs/raw/cloudprovider/v1alpha1/azureCredential/spec/parameters/initProvider/resourceDiscoveryTagFilter.md
new file mode 100644
index 0000000..863f493
--- /dev/null
+++ b/docs/raw/cloudprovider/v1alpha1/azureCredential/spec/parameters/initProvider/resourceDiscoveryTagFilter.md
@@ -0,0 +1,35 @@
+# resourceDiscoveryTagFilter
+
+
+
+## Index
+
+* [`fn withKey(value)`](#fn-withkey)
+* [`fn withValue(value)`](#fn-withvalue)
+
+## Fields
+
+### fn withKey
+
+```jsonnet
+withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The key of the tag filter.
+The key of the tag filter.
+### fn withValue
+
+```jsonnet
+withValue(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The value of the tag filter.
+The value of the tag filter.
\ No newline at end of file
diff --git a/docs/raw/connections/index.md b/docs/raw/connections/index.md
new file mode 100644
index 0000000..69b6cca
--- /dev/null
+++ b/docs/raw/connections/index.md
@@ -0,0 +1,7 @@
+# connections
+
+
+
+## Subpackages
+
+* [v1alpha1.metricsEndpointScrapeJob](v1alpha1/metricsEndpointScrapeJob.md)
diff --git a/docs/raw/connections/v1alpha1/metricsEndpointScrapeJob.md b/docs/raw/connections/v1alpha1/metricsEndpointScrapeJob.md
new file mode 100644
index 0000000..32f4c16
--- /dev/null
+++ b/docs/raw/connections/v1alpha1/metricsEndpointScrapeJob.md
@@ -0,0 +1,1612 @@
+# metricsEndpointScrapeJob
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withAuthenticationBasicPasswordSecretRef(value)`](#fn-specparametersforproviderwithauthenticationbasicpasswordsecretref)
+      * [`fn withAuthenticationBasicPasswordSecretRefMixin(value)`](#fn-specparametersforproviderwithauthenticationbasicpasswordsecretrefmixin)
+      * [`fn withAuthenticationBasicUsername(value)`](#fn-specparametersforproviderwithauthenticationbasicusername)
+      * [`fn withAuthenticationBearerTokenSecretRef(value)`](#fn-specparametersforproviderwithauthenticationbearertokensecretref)
+      * [`fn withAuthenticationBearerTokenSecretRefMixin(value)`](#fn-specparametersforproviderwithauthenticationbearertokensecretrefmixin)
+      * [`fn withAuthenticationMethod(value)`](#fn-specparametersforproviderwithauthenticationmethod)
+      * [`fn withEnabled(value=true)`](#fn-specparametersforproviderwithenabled)
+      * [`fn withName(value)`](#fn-specparametersforproviderwithname)
+      * [`fn withScrapeIntervalSeconds(value)`](#fn-specparametersforproviderwithscrapeintervalseconds)
+      * [`fn withStackId(value)`](#fn-specparametersforproviderwithstackid)
+      * [`fn withUrl(value)`](#fn-specparametersforproviderwithurl)
+      * [`obj authenticationBasicPasswordSecretRef`](#obj-specparametersforproviderauthenticationbasicpasswordsecretref)
+        * [`fn withKey(value)`](#fn-specparametersforproviderauthenticationbasicpasswordsecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersforproviderauthenticationbasicpasswordsecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersforproviderauthenticationbasicpasswordsecretrefwithnamespace)
+      * [`obj authenticationBearerTokenSecretRef`](#obj-specparametersforproviderauthenticationbearertokensecretref)
+        * [`fn withKey(value)`](#fn-specparametersforproviderauthenticationbearertokensecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersforproviderauthenticationbearertokensecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersforproviderauthenticationbearertokensecretrefwithnamespace)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withAuthenticationBasicPasswordSecretRef(value)`](#fn-specparametersinitproviderwithauthenticationbasicpasswordsecretref)
+      * [`fn withAuthenticationBasicPasswordSecretRefMixin(value)`](#fn-specparametersinitproviderwithauthenticationbasicpasswordsecretrefmixin)
+      * [`fn withAuthenticationBasicUsername(value)`](#fn-specparametersinitproviderwithauthenticationbasicusername)
+      * [`fn withAuthenticationBearerTokenSecretRef(value)`](#fn-specparametersinitproviderwithauthenticationbearertokensecretref)
+      * [`fn withAuthenticationBearerTokenSecretRefMixin(value)`](#fn-specparametersinitproviderwithauthenticationbearertokensecretrefmixin)
+      * [`fn withAuthenticationMethod(value)`](#fn-specparametersinitproviderwithauthenticationmethod)
+      * [`fn withEnabled(value=true)`](#fn-specparametersinitproviderwithenabled)
+      * [`fn withName(value)`](#fn-specparametersinitproviderwithname)
+      * [`fn withScrapeIntervalSeconds(value)`](#fn-specparametersinitproviderwithscrapeintervalseconds)
+      * [`fn withStackId(value)`](#fn-specparametersinitproviderwithstackid)
+      * [`fn withUrl(value)`](#fn-specparametersinitproviderwithurl)
+      * [`obj authenticationBasicPasswordSecretRef`](#obj-specparametersinitproviderauthenticationbasicpasswordsecretref)
+        * [`fn withKey(value)`](#fn-specparametersinitproviderauthenticationbasicpasswordsecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersinitproviderauthenticationbasicpasswordsecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersinitproviderauthenticationbasicpasswordsecretrefwithnamespace)
+      * [`obj authenticationBearerTokenSecretRef`](#obj-specparametersinitproviderauthenticationbearertokensecretref)
+        * [`fn withKey(value)`](#fn-specparametersinitproviderauthenticationbearertokensecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersinitproviderauthenticationbearertokensecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersinitproviderauthenticationbearertokensecretrefwithnamespace)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MetricsEndpointScrapeJobSpec defines the desired state of MetricsEndpointScrapeJob
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MetricsEndpointScrapeJobSpec defines the desired state of MetricsEndpointScrapeJob
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withAuthenticationBasicPasswordSecretRef
+
+```jsonnet
+spec.parameters.forProvider.withAuthenticationBasicPasswordSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+Password for basic authentication, use if scrape job is using basic authentication method
+###### fn spec.parameters.forProvider.withAuthenticationBasicPasswordSecretRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withAuthenticationBasicPasswordSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+Password for basic authentication, use if scrape job is using basic authentication method
+###### fn spec.parameters.forProvider.withAuthenticationBasicUsername
+
+```jsonnet
+spec.parameters.forProvider.withAuthenticationBasicUsername(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Username for basic authentication, use if scrape job is using basic authentication method
+Username for basic authentication, use if scrape job is using basic authentication method
+###### fn spec.parameters.forProvider.withAuthenticationBearerTokenSecretRef
+
+```jsonnet
+spec.parameters.forProvider.withAuthenticationBearerTokenSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+Bearer token used for authentication, use if scrape job is using bearer authentication method
+###### fn spec.parameters.forProvider.withAuthenticationBearerTokenSecretRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withAuthenticationBearerTokenSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+Bearer token used for authentication, use if scrape job is using bearer authentication method
+###### fn spec.parameters.forProvider.withAuthenticationMethod
+
+```jsonnet
+spec.parameters.forProvider.withAuthenticationMethod(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Method to pass authentication credentials: basic or bearer.
+Method to pass authentication credentials: basic or bearer.
+###### fn spec.parameters.forProvider.withEnabled
+
+```jsonnet
+spec.parameters.forProvider.withEnabled(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+(Boolean) Whether the metrics endpoint scrape job is enabled or not.
+Whether the metrics endpoint scrape job is enabled or not.
+###### fn spec.parameters.forProvider.withName
+
+```jsonnet
+spec.parameters.forProvider.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the metrics endpoint scrape job.
+The name of the metrics endpoint scrape job.
+###### fn spec.parameters.forProvider.withScrapeIntervalSeconds
+
+```jsonnet
+spec.parameters.forProvider.withScrapeIntervalSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`number`)
+
+(Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+###### fn spec.parameters.forProvider.withStackId
+
+```jsonnet
+spec.parameters.forProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Stack ID of the Grafana Cloud instance.
+The Stack ID of the Grafana Cloud instance.
+###### fn spec.parameters.forProvider.withUrl
+
+```jsonnet
+spec.parameters.forProvider.withUrl(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The url to scrape metrics from; a valid HTTPs URL is required.
+The url to scrape metrics from; a valid HTTPs URL is required.
+###### obj spec.parameters.forProvider.authenticationBasicPasswordSecretRef
+
+
+####### fn spec.parameters.forProvider.authenticationBasicPasswordSecretRef.withKey
+
+```jsonnet
+spec.parameters.forProvider.authenticationBasicPasswordSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.forProvider.authenticationBasicPasswordSecretRef.withName
+
+```jsonnet
+spec.parameters.forProvider.authenticationBasicPasswordSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.forProvider.authenticationBasicPasswordSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.forProvider.authenticationBasicPasswordSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+###### obj spec.parameters.forProvider.authenticationBearerTokenSecretRef
+
+
+####### fn spec.parameters.forProvider.authenticationBearerTokenSecretRef.withKey
+
+```jsonnet
+spec.parameters.forProvider.authenticationBearerTokenSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.forProvider.authenticationBearerTokenSecretRef.withName
+
+```jsonnet
+spec.parameters.forProvider.authenticationBearerTokenSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.forProvider.authenticationBearerTokenSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.forProvider.authenticationBearerTokenSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withAuthenticationBasicPasswordSecretRef
+
+```jsonnet
+spec.parameters.initProvider.withAuthenticationBasicPasswordSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+Password for basic authentication, use if scrape job is using basic authentication method
+###### fn spec.parameters.initProvider.withAuthenticationBasicPasswordSecretRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withAuthenticationBasicPasswordSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+Password for basic authentication, use if scrape job is using basic authentication method
+###### fn spec.parameters.initProvider.withAuthenticationBasicUsername
+
+```jsonnet
+spec.parameters.initProvider.withAuthenticationBasicUsername(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Username for basic authentication, use if scrape job is using basic authentication method
+Username for basic authentication, use if scrape job is using basic authentication method
+###### fn spec.parameters.initProvider.withAuthenticationBearerTokenSecretRef
+
+```jsonnet
+spec.parameters.initProvider.withAuthenticationBearerTokenSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+Bearer token used for authentication, use if scrape job is using bearer authentication method
+###### fn spec.parameters.initProvider.withAuthenticationBearerTokenSecretRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withAuthenticationBearerTokenSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+Bearer token used for authentication, use if scrape job is using bearer authentication method
+###### fn spec.parameters.initProvider.withAuthenticationMethod
+
+```jsonnet
+spec.parameters.initProvider.withAuthenticationMethod(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Method to pass authentication credentials: basic or bearer.
+Method to pass authentication credentials: basic or bearer.
+###### fn spec.parameters.initProvider.withEnabled
+
+```jsonnet
+spec.parameters.initProvider.withEnabled(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+(Boolean) Whether the metrics endpoint scrape job is enabled or not.
+Whether the metrics endpoint scrape job is enabled or not.
+###### fn spec.parameters.initProvider.withName
+
+```jsonnet
+spec.parameters.initProvider.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The name of the metrics endpoint scrape job.
+The name of the metrics endpoint scrape job.
+###### fn spec.parameters.initProvider.withScrapeIntervalSeconds
+
+```jsonnet
+spec.parameters.initProvider.withScrapeIntervalSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`number`)
+
+(Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+###### fn spec.parameters.initProvider.withStackId
+
+```jsonnet
+spec.parameters.initProvider.withStackId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Stack ID of the Grafana Cloud instance.
+The Stack ID of the Grafana Cloud instance.
+###### fn spec.parameters.initProvider.withUrl
+
+```jsonnet
+spec.parameters.initProvider.withUrl(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The url to scrape metrics from; a valid HTTPs URL is required.
+The url to scrape metrics from; a valid HTTPs URL is required.
+###### obj spec.parameters.initProvider.authenticationBasicPasswordSecretRef
+
+
+####### fn spec.parameters.initProvider.authenticationBasicPasswordSecretRef.withKey
+
+```jsonnet
+spec.parameters.initProvider.authenticationBasicPasswordSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.initProvider.authenticationBasicPasswordSecretRef.withName
+
+```jsonnet
+spec.parameters.initProvider.authenticationBasicPasswordSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.initProvider.authenticationBasicPasswordSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.initProvider.authenticationBasicPasswordSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+###### obj spec.parameters.initProvider.authenticationBearerTokenSecretRef
+
+
+####### fn spec.parameters.initProvider.authenticationBearerTokenSecretRef.withKey
+
+```jsonnet
+spec.parameters.initProvider.authenticationBearerTokenSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.initProvider.authenticationBearerTokenSecretRef.withName
+
+```jsonnet
+spec.parameters.initProvider.authenticationBearerTokenSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.initProvider.authenticationBearerTokenSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.initProvider.authenticationBearerTokenSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/enterprise/index.md b/docs/raw/enterprise/index.md
index c215297..925501d 100644
--- a/docs/raw/enterprise/index.md
+++ b/docs/raw/enterprise/index.md
@@ -4,8 +4,11 @@
 
 ## Subpackages
 
+* [v1alpha1.dataSourceConfigLbacRules](v1alpha1/dataSourceConfigLbacRules.md)
 * [v1alpha1.dataSourcePermission](v1alpha1/dataSourcePermission/index.md)
+* [v1alpha1.dataSourcePermissionItem](v1alpha1/dataSourcePermissionItem.md)
 * [v1alpha1.report](v1alpha1/report/index.md)
 * [v1alpha1.role](v1alpha1/role/index.md)
 * [v1alpha1.roleAssignment](v1alpha1/roleAssignment/index.md)
+* [v1alpha1.roleAssignmentItem](v1alpha1/roleAssignmentItem.md)
 * [v1alpha1.teamExternalGroup](v1alpha1/teamExternalGroup.md)
diff --git a/docs/raw/enterprise/v1alpha1/dataSourceConfigLbacRules.md b/docs/raw/enterprise/v1alpha1/dataSourceConfigLbacRules.md
new file mode 100644
index 0000000..52dfbef
--- /dev/null
+++ b/docs/raw/enterprise/v1alpha1/dataSourceConfigLbacRules.md
@@ -0,0 +1,1212 @@
+# dataSourceConfigLbacRules
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withDatasourceUid(value)`](#fn-specparametersforproviderwithdatasourceuid)
+      * [`fn withRules(value)`](#fn-specparametersforproviderwithrules)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withDatasourceUid(value)`](#fn-specparametersinitproviderwithdatasourceuid)
+      * [`fn withRules(value)`](#fn-specparametersinitproviderwithrules)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DataSourceConfigLbacRulesSpec defines the desired state of DataSourceConfigLbacRules
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DataSourceConfigLbacRulesSpec defines the desired state of DataSourceConfigLbacRules
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withDatasourceUid
+
+```jsonnet
+spec.parameters.forProvider.withDatasourceUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The UID of the datasource.
+###### fn spec.parameters.forProvider.withRules
+
+```jsonnet
+spec.parameters.forProvider.withRules(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+JSON-encoded LBAC rules for the data source. Map of team UIDs to lists of rule strings.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withDatasourceUid
+
+```jsonnet
+spec.parameters.initProvider.withDatasourceUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The UID of the datasource.
+###### fn spec.parameters.initProvider.withRules
+
+```jsonnet
+spec.parameters.initProvider.withRules(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+JSON-encoded LBAC rules for the data source. Map of team UIDs to lists of rule strings.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/enterprise/v1alpha1/dataSourcePermissionItem.md b/docs/raw/enterprise/v1alpha1/dataSourcePermissionItem.md
new file mode 100644
index 0000000..e93d128
--- /dev/null
+++ b/docs/raw/enterprise/v1alpha1/dataSourcePermissionItem.md
@@ -0,0 +1,1776 @@
+# dataSourcePermissionItem
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withDatasourceUid(value)`](#fn-specparametersforproviderwithdatasourceuid)
+      * [`fn withOrgId(value)`](#fn-specparametersforproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersforproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersforproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersforproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersforproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersforproviderwithpermission)
+      * [`fn withRole(value)`](#fn-specparametersforproviderwithrole)
+      * [`fn withTeam(value)`](#fn-specparametersforproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersforproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersforproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersforproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersforproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersforproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationselectorpolicywithresolve)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withDatasourceUid(value)`](#fn-specparametersinitproviderwithdatasourceuid)
+      * [`fn withOrgId(value)`](#fn-specparametersinitproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersinitproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersinitproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersinitproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersinitproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersinitproviderwithpermission)
+      * [`fn withRole(value)`](#fn-specparametersinitproviderwithrole)
+      * [`fn withTeam(value)`](#fn-specparametersinitproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersinitproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersinitproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersinitproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersinitproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersinitproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationselectorpolicywithresolve)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DataSourcePermissionItemSpec defines the desired state of DataSourcePermissionItem
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DataSourcePermissionItemSpec defines the desired state of DataSourcePermissionItem
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withDatasourceUid
+
+```jsonnet
+spec.parameters.forProvider.withDatasourceUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The UID of the datasource.
+The UID of the datasource.
+###### fn spec.parameters.forProvider.withOrgId
+
+```jsonnet
+spec.parameters.forProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.forProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withPermission
+
+```jsonnet
+spec.parameters.forProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.forProvider.withRole
+
+```jsonnet
+spec.parameters.forProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role onto which the permission is to be assigned
+the role onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withTeam
+
+```jsonnet
+spec.parameters.forProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withUser
+
+```jsonnet
+spec.parameters.forProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.forProvider.organizationRef
+
+
+####### fn spec.parameters.forProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.forProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.forProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.forProvider.organizationRef.policy
+
+
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.organizationSelector
+
+
+####### fn spec.parameters.forProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.forProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withDatasourceUid
+
+```jsonnet
+spec.parameters.initProvider.withDatasourceUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The UID of the datasource.
+The UID of the datasource.
+###### fn spec.parameters.initProvider.withOrgId
+
+```jsonnet
+spec.parameters.initProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.initProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withPermission
+
+```jsonnet
+spec.parameters.initProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.initProvider.withRole
+
+```jsonnet
+spec.parameters.initProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role onto which the permission is to be assigned
+the role onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withTeam
+
+```jsonnet
+spec.parameters.initProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withUser
+
+```jsonnet
+spec.parameters.initProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.initProvider.organizationRef
+
+
+####### fn spec.parameters.initProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.initProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.initProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.initProvider.organizationRef.policy
+
+
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.organizationSelector
+
+
+####### fn spec.parameters.initProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.initProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/enterprise/v1alpha1/roleAssignmentItem.md b/docs/raw/enterprise/v1alpha1/roleAssignmentItem.md
new file mode 100644
index 0000000..3b33a6e
--- /dev/null
+++ b/docs/raw/enterprise/v1alpha1/roleAssignmentItem.md
@@ -0,0 +1,1750 @@
+# roleAssignmentItem
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withOrgId(value)`](#fn-specparametersforproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersforproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersforproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersforproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersforproviderwithorganizationselectormixin)
+      * [`fn withRoleUid(value)`](#fn-specparametersforproviderwithroleuid)
+      * [`fn withServiceAccountId(value)`](#fn-specparametersforproviderwithserviceaccountid)
+      * [`fn withTeamId(value)`](#fn-specparametersforproviderwithteamid)
+      * [`fn withUserId(value)`](#fn-specparametersforproviderwithuserid)
+      * [`obj organizationRef`](#obj-specparametersforproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersforproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersforproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersforproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationselectorpolicywithresolve)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withOrgId(value)`](#fn-specparametersinitproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersinitproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersinitproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersinitproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersinitproviderwithorganizationselectormixin)
+      * [`fn withRoleUid(value)`](#fn-specparametersinitproviderwithroleuid)
+      * [`fn withServiceAccountId(value)`](#fn-specparametersinitproviderwithserviceaccountid)
+      * [`fn withTeamId(value)`](#fn-specparametersinitproviderwithteamid)
+      * [`fn withUserId(value)`](#fn-specparametersinitproviderwithuserid)
+      * [`obj organizationRef`](#obj-specparametersinitproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersinitproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersinitproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersinitproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationselectorpolicywithresolve)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+RoleAssignmentItemSpec defines the desired state of RoleAssignmentItem
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+RoleAssignmentItemSpec defines the desired state of RoleAssignmentItem
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withOrgId
+
+```jsonnet
+spec.parameters.forProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.forProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withRoleUid
+
+```jsonnet
+spec.parameters.forProvider.withRoleUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role UID onto which to assign an actor
+the role UID onto which to assign an actor
+###### fn spec.parameters.forProvider.withServiceAccountId
+
+```jsonnet
+spec.parameters.forProvider.withServiceAccountId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the service account onto which the role is to be assigned
+the service account onto which the role is to be assigned
+###### fn spec.parameters.forProvider.withTeamId
+
+```jsonnet
+spec.parameters.forProvider.withTeamId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the role is to be assigned
+the team onto which the role is to be assigned
+###### fn spec.parameters.forProvider.withUserId
+
+```jsonnet
+spec.parameters.forProvider.withUserId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user onto which the role is to be assigned
+the user onto which the role is to be assigned
+###### obj spec.parameters.forProvider.organizationRef
+
+
+####### fn spec.parameters.forProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.forProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.forProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.forProvider.organizationRef.policy
+
+
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.organizationSelector
+
+
+####### fn spec.parameters.forProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.forProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withOrgId
+
+```jsonnet
+spec.parameters.initProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.initProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withRoleUid
+
+```jsonnet
+spec.parameters.initProvider.withRoleUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role UID onto which to assign an actor
+the role UID onto which to assign an actor
+###### fn spec.parameters.initProvider.withServiceAccountId
+
+```jsonnet
+spec.parameters.initProvider.withServiceAccountId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the service account onto which the role is to be assigned
+the service account onto which the role is to be assigned
+###### fn spec.parameters.initProvider.withTeamId
+
+```jsonnet
+spec.parameters.initProvider.withTeamId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the role is to be assigned
+the team onto which the role is to be assigned
+###### fn spec.parameters.initProvider.withUserId
+
+```jsonnet
+spec.parameters.initProvider.withUserId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user onto which the role is to be assigned
+the user onto which the role is to be assigned
+###### obj spec.parameters.initProvider.organizationRef
+
+
+####### fn spec.parameters.initProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.initProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.initProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.initProvider.organizationRef.policy
+
+
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.organizationSelector
+
+
+####### fn spec.parameters.initProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.initProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/index.md b/docs/raw/index.md
index b1b0e1c..92753b2 100644
--- a/docs/raw/index.md
+++ b/docs/raw/index.md
@@ -6,6 +6,8 @@ Generated libraries for all the compositions in case the manually curated functi
 
 * [alerting](alerting/index.md)
 * [cloud](cloud/index.md)
+* [cloudprovider](cloudprovider/index.md)
+* [connections](connections/index.md)
 * [enterprise](enterprise/index.md)
 * [ml](ml/index.md)
 * [nogroup](nogroup/index.md)
diff --git a/docs/raw/ml/index.md b/docs/raw/ml/index.md
index ed8940b..557e6bf 100644
--- a/docs/raw/ml/index.md
+++ b/docs/raw/ml/index.md
@@ -4,6 +4,7 @@
 
 ## Subpackages
 
+* [v1alpha1.alert](v1alpha1/alert.md)
 * [v1alpha1.holiday](v1alpha1/holiday/index.md)
 * [v1alpha1.job](v1alpha1/job.md)
 * [v1alpha1.outlierDetector](v1alpha1/outlierDetector/index.md)
diff --git a/docs/raw/ml/v1alpha1/alert.md b/docs/raw/ml/v1alpha1/alert.md
new file mode 100644
index 0000000..5a07a65
--- /dev/null
+++ b/docs/raw/ml/v1alpha1/alert.md
@@ -0,0 +1,1452 @@
+# alert
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withAnnotations(value)`](#fn-specparametersforproviderwithannotations)
+      * [`fn withAnnotationsMixin(value)`](#fn-specparametersforproviderwithannotationsmixin)
+      * [`fn withAnomalyCondition(value)`](#fn-specparametersforproviderwithanomalycondition)
+      * [`fn withFor(value)`](#fn-specparametersforproviderwithfor)
+      * [`fn withJobId(value)`](#fn-specparametersforproviderwithjobid)
+      * [`fn withLabels(value)`](#fn-specparametersforproviderwithlabels)
+      * [`fn withLabelsMixin(value)`](#fn-specparametersforproviderwithlabelsmixin)
+      * [`fn withNoDataState(value)`](#fn-specparametersforproviderwithnodatastate)
+      * [`fn withOutlierId(value)`](#fn-specparametersforproviderwithoutlierid)
+      * [`fn withThreshold(value)`](#fn-specparametersforproviderwiththreshold)
+      * [`fn withTitle(value)`](#fn-specparametersforproviderwithtitle)
+      * [`fn withWindow(value)`](#fn-specparametersforproviderwithwindow)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withAnnotations(value)`](#fn-specparametersinitproviderwithannotations)
+      * [`fn withAnnotationsMixin(value)`](#fn-specparametersinitproviderwithannotationsmixin)
+      * [`fn withAnomalyCondition(value)`](#fn-specparametersinitproviderwithanomalycondition)
+      * [`fn withFor(value)`](#fn-specparametersinitproviderwithfor)
+      * [`fn withJobId(value)`](#fn-specparametersinitproviderwithjobid)
+      * [`fn withLabels(value)`](#fn-specparametersinitproviderwithlabels)
+      * [`fn withLabelsMixin(value)`](#fn-specparametersinitproviderwithlabelsmixin)
+      * [`fn withNoDataState(value)`](#fn-specparametersinitproviderwithnodatastate)
+      * [`fn withOutlierId(value)`](#fn-specparametersinitproviderwithoutlierid)
+      * [`fn withThreshold(value)`](#fn-specparametersinitproviderwiththreshold)
+      * [`fn withTitle(value)`](#fn-specparametersinitproviderwithtitle)
+      * [`fn withWindow(value)`](#fn-specparametersinitproviderwithwindow)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AlertSpec defines the desired state of Alert
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+AlertSpec defines the desired state of Alert
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withAnnotations
+
+```jsonnet
+spec.parameters.forProvider.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations to add to the alert generated in Grafana.
+###### fn spec.parameters.forProvider.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.forProvider.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations to add to the alert generated in Grafana.
+###### fn spec.parameters.forProvider.withAnomalyCondition
+
+```jsonnet
+spec.parameters.forProvider.withAnomalyCondition(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The condition for when to consider a point as anomalous.
+###### fn spec.parameters.forProvider.withFor
+
+```jsonnet
+spec.parameters.forProvider.withFor(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+How long values must be anomalous before firing an alert.
+###### fn spec.parameters.forProvider.withJobId
+
+```jsonnet
+spec.parameters.forProvider.withJobId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The forecast this alert belongs to.
+###### fn spec.parameters.forProvider.withLabels
+
+```jsonnet
+spec.parameters.forProvider.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels to add to the alert generated in Grafana.
+###### fn spec.parameters.forProvider.withLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels to add to the alert generated in Grafana.
+###### fn spec.parameters.forProvider.withNoDataState
+
+```jsonnet
+spec.parameters.forProvider.withNoDataState(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+How the alert should be processed when no data is returned by the underlying series
+###### fn spec.parameters.forProvider.withOutlierId
+
+```jsonnet
+spec.parameters.forProvider.withOutlierId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The forecast this alert belongs to.
+###### fn spec.parameters.forProvider.withThreshold
+
+```jsonnet
+spec.parameters.forProvider.withThreshold(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The threshold of points over the window that need to be anomalous to alert.
+###### fn spec.parameters.forProvider.withTitle
+
+```jsonnet
+spec.parameters.forProvider.withTitle(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The title of the alert.
+###### fn spec.parameters.forProvider.withWindow
+
+```jsonnet
+spec.parameters.forProvider.withWindow(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+How much time to average values over
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withAnnotations
+
+```jsonnet
+spec.parameters.initProvider.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations to add to the alert generated in Grafana.
+###### fn spec.parameters.initProvider.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.initProvider.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations to add to the alert generated in Grafana.
+###### fn spec.parameters.initProvider.withAnomalyCondition
+
+```jsonnet
+spec.parameters.initProvider.withAnomalyCondition(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The condition for when to consider a point as anomalous.
+###### fn spec.parameters.initProvider.withFor
+
+```jsonnet
+spec.parameters.initProvider.withFor(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+How long values must be anomalous before firing an alert.
+###### fn spec.parameters.initProvider.withJobId
+
+```jsonnet
+spec.parameters.initProvider.withJobId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The forecast this alert belongs to.
+###### fn spec.parameters.initProvider.withLabels
+
+```jsonnet
+spec.parameters.initProvider.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels to add to the alert generated in Grafana.
+###### fn spec.parameters.initProvider.withLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels to add to the alert generated in Grafana.
+###### fn spec.parameters.initProvider.withNoDataState
+
+```jsonnet
+spec.parameters.initProvider.withNoDataState(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+How the alert should be processed when no data is returned by the underlying series
+###### fn spec.parameters.initProvider.withOutlierId
+
+```jsonnet
+spec.parameters.initProvider.withOutlierId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The forecast this alert belongs to.
+###### fn spec.parameters.initProvider.withThreshold
+
+```jsonnet
+spec.parameters.initProvider.withThreshold(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The threshold of points over the window that need to be anomalous to alert.
+###### fn spec.parameters.initProvider.withTitle
+
+```jsonnet
+spec.parameters.initProvider.withTitle(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The title of the alert.
+###### fn spec.parameters.initProvider.withWindow
+
+```jsonnet
+spec.parameters.initProvider.withWindow(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+How much time to average values over
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/oss/index.md b/docs/raw/oss/index.md
index 30c76bc..d9cc82a 100644
--- a/docs/raw/oss/index.md
+++ b/docs/raw/oss/index.md
@@ -7,16 +7,20 @@
 * [v1alpha1.annotation](v1alpha1/annotation.md)
 * [v1alpha1.dashboard](v1alpha1/dashboard.md)
 * [v1alpha1.dashboardPermission](v1alpha1/dashboardPermission/index.md)
+* [v1alpha1.dashboardPermissionItem](v1alpha1/dashboardPermissionItem.md)
 * [v1alpha1.dashboardPublic](v1alpha1/dashboardPublic.md)
 * [v1alpha1.dataSource](v1alpha1/dataSource.md)
+* [v1alpha1.dataSourceConfig](v1alpha1/dataSourceConfig.md)
 * [v1alpha1.folder](v1alpha1/folder.md)
 * [v1alpha1.folderPermission](v1alpha1/folderPermission/index.md)
+* [v1alpha1.folderPermissionItem](v1alpha1/folderPermissionItem.md)
 * [v1alpha1.libraryPanel](v1alpha1/libraryPanel.md)
 * [v1alpha1.organization](v1alpha1/organization.md)
 * [v1alpha1.organizationPreferences](v1alpha1/organizationPreferences.md)
 * [v1alpha1.playlist](v1alpha1/playlist/index.md)
 * [v1alpha1.serviceAccount](v1alpha1/serviceAccount.md)
 * [v1alpha1.serviceAccountPermission](v1alpha1/serviceAccountPermission/index.md)
+* [v1alpha1.serviceAccountPermissionItem](v1alpha1/serviceAccountPermissionItem.md)
 * [v1alpha1.serviceAccountToken](v1alpha1/serviceAccountToken.md)
 * [v1alpha1.ssoSettings](v1alpha1/ssoSettings/index.md)
 * [v1alpha1.team](v1alpha1/team/index.md)
diff --git a/docs/raw/oss/v1alpha1/dashboardPermissionItem.md b/docs/raw/oss/v1alpha1/dashboardPermissionItem.md
new file mode 100644
index 0000000..0cfe9ad
--- /dev/null
+++ b/docs/raw/oss/v1alpha1/dashboardPermissionItem.md
@@ -0,0 +1,1776 @@
+# dashboardPermissionItem
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withDashboardUid(value)`](#fn-specparametersforproviderwithdashboarduid)
+      * [`fn withOrgId(value)`](#fn-specparametersforproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersforproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersforproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersforproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersforproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersforproviderwithpermission)
+      * [`fn withRole(value)`](#fn-specparametersforproviderwithrole)
+      * [`fn withTeam(value)`](#fn-specparametersforproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersforproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersforproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersforproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersforproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersforproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationselectorpolicywithresolve)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withDashboardUid(value)`](#fn-specparametersinitproviderwithdashboarduid)
+      * [`fn withOrgId(value)`](#fn-specparametersinitproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersinitproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersinitproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersinitproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersinitproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersinitproviderwithpermission)
+      * [`fn withRole(value)`](#fn-specparametersinitproviderwithrole)
+      * [`fn withTeam(value)`](#fn-specparametersinitproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersinitproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersinitproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersinitproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersinitproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersinitproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationselectorpolicywithresolve)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DashboardPermissionItemSpec defines the desired state of DashboardPermissionItem
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DashboardPermissionItemSpec defines the desired state of DashboardPermissionItem
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withDashboardUid
+
+```jsonnet
+spec.parameters.forProvider.withDashboardUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The UID of the dashboard.
+The UID of the dashboard.
+###### fn spec.parameters.forProvider.withOrgId
+
+```jsonnet
+spec.parameters.forProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.forProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withPermission
+
+```jsonnet
+spec.parameters.forProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.forProvider.withRole
+
+```jsonnet
+spec.parameters.forProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role onto which the permission is to be assigned
+the role onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withTeam
+
+```jsonnet
+spec.parameters.forProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withUser
+
+```jsonnet
+spec.parameters.forProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.forProvider.organizationRef
+
+
+####### fn spec.parameters.forProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.forProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.forProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.forProvider.organizationRef.policy
+
+
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.organizationSelector
+
+
+####### fn spec.parameters.forProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.forProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withDashboardUid
+
+```jsonnet
+spec.parameters.initProvider.withDashboardUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The UID of the dashboard.
+The UID of the dashboard.
+###### fn spec.parameters.initProvider.withOrgId
+
+```jsonnet
+spec.parameters.initProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.initProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withPermission
+
+```jsonnet
+spec.parameters.initProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.initProvider.withRole
+
+```jsonnet
+spec.parameters.initProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role onto which the permission is to be assigned
+the role onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withTeam
+
+```jsonnet
+spec.parameters.initProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withUser
+
+```jsonnet
+spec.parameters.initProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.initProvider.organizationRef
+
+
+####### fn spec.parameters.initProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.initProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.initProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.initProvider.organizationRef.policy
+
+
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.organizationSelector
+
+
+####### fn spec.parameters.initProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.initProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/oss/v1alpha1/dataSourceConfig.md b/docs/raw/oss/v1alpha1/dataSourceConfig.md
new file mode 100644
index 0000000..435172a
--- /dev/null
+++ b/docs/raw/oss/v1alpha1/dataSourceConfig.md
@@ -0,0 +1,1908 @@
+# dataSourceConfig
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withHttpHeadersSecretRef(value)`](#fn-specparametersforproviderwithhttpheaderssecretref)
+      * [`fn withHttpHeadersSecretRefMixin(value)`](#fn-specparametersforproviderwithhttpheaderssecretrefmixin)
+      * [`fn withJsonDataEncoded(value)`](#fn-specparametersforproviderwithjsondataencoded)
+      * [`fn withOrgId(value)`](#fn-specparametersforproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersforproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersforproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersforproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersforproviderwithorganizationselectormixin)
+      * [`fn withSecureJsonDataEncodedSecretRef(value)`](#fn-specparametersforproviderwithsecurejsondataencodedsecretref)
+      * [`fn withSecureJsonDataEncodedSecretRefMixin(value)`](#fn-specparametersforproviderwithsecurejsondataencodedsecretrefmixin)
+      * [`fn withUid(value)`](#fn-specparametersforproviderwithuid)
+      * [`obj httpHeadersSecretRef`](#obj-specparametersforproviderhttpheaderssecretref)
+        * [`fn withName(value)`](#fn-specparametersforproviderhttpheaderssecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersforproviderhttpheaderssecretrefwithnamespace)
+      * [`obj organizationRef`](#obj-specparametersforproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersforproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersforproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersforproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationselectorpolicywithresolve)
+      * [`obj secureJsonDataEncodedSecretRef`](#obj-specparametersforprovidersecurejsondataencodedsecretref)
+        * [`fn withKey(value)`](#fn-specparametersforprovidersecurejsondataencodedsecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersforprovidersecurejsondataencodedsecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersforprovidersecurejsondataencodedsecretrefwithnamespace)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withHttpHeadersSecretRef(value)`](#fn-specparametersinitproviderwithhttpheaderssecretref)
+      * [`fn withHttpHeadersSecretRefMixin(value)`](#fn-specparametersinitproviderwithhttpheaderssecretrefmixin)
+      * [`fn withJsonDataEncoded(value)`](#fn-specparametersinitproviderwithjsondataencoded)
+      * [`fn withOrgId(value)`](#fn-specparametersinitproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersinitproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersinitproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersinitproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersinitproviderwithorganizationselectormixin)
+      * [`fn withSecureJsonDataEncodedSecretRef(value)`](#fn-specparametersinitproviderwithsecurejsondataencodedsecretref)
+      * [`fn withSecureJsonDataEncodedSecretRefMixin(value)`](#fn-specparametersinitproviderwithsecurejsondataencodedsecretrefmixin)
+      * [`fn withUid(value)`](#fn-specparametersinitproviderwithuid)
+      * [`obj organizationRef`](#obj-specparametersinitproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersinitproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersinitproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersinitproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationselectorpolicywithresolve)
+      * [`obj secureJsonDataEncodedSecretRef`](#obj-specparametersinitprovidersecurejsondataencodedsecretref)
+        * [`fn withKey(value)`](#fn-specparametersinitprovidersecurejsondataencodedsecretrefwithkey)
+        * [`fn withName(value)`](#fn-specparametersinitprovidersecurejsondataencodedsecretrefwithname)
+        * [`fn withNamespace(value)`](#fn-specparametersinitprovidersecurejsondataencodedsecretrefwithnamespace)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DataSourceConfigSpec defines the desired state of DataSourceConfig
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+DataSourceConfigSpec defines the desired state of DataSourceConfig
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withHttpHeadersSecretRef
+
+```jsonnet
+spec.parameters.forProvider.withHttpHeadersSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(Map of String, Sensitive) Custom HTTP headers
+Custom HTTP headers
+###### fn spec.parameters.forProvider.withHttpHeadersSecretRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withHttpHeadersSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(Map of String, Sensitive) Custom HTTP headers
+Custom HTTP headers
+###### fn spec.parameters.forProvider.withJsonDataEncoded
+
+```jsonnet
+spec.parameters.forProvider.withJsonDataEncoded(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+###### fn spec.parameters.forProvider.withOrgId
+
+```jsonnet
+spec.parameters.forProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+The Organization ID. If not set, the Org ID defined in the provider block will be used.
+###### fn spec.parameters.forProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withSecureJsonDataEncodedSecretRef
+
+```jsonnet
+spec.parameters.forProvider.withSecureJsonDataEncodedSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+###### fn spec.parameters.forProvider.withSecureJsonDataEncodedSecretRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withSecureJsonDataEncodedSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+###### fn spec.parameters.forProvider.withUid
+
+```jsonnet
+spec.parameters.forProvider.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Unique identifier. If unset, this will be automatically generated.
+Unique identifier. If unset, this will be automatically generated.
+###### obj spec.parameters.forProvider.httpHeadersSecretRef
+
+
+####### fn spec.parameters.forProvider.httpHeadersSecretRef.withName
+
+```jsonnet
+spec.parameters.forProvider.httpHeadersSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.forProvider.httpHeadersSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.forProvider.httpHeadersSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+###### obj spec.parameters.forProvider.organizationRef
+
+
+####### fn spec.parameters.forProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.forProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.forProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.forProvider.organizationRef.policy
+
+
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.organizationSelector
+
+
+####### fn spec.parameters.forProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.forProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.secureJsonDataEncodedSecretRef
+
+
+####### fn spec.parameters.forProvider.secureJsonDataEncodedSecretRef.withKey
+
+```jsonnet
+spec.parameters.forProvider.secureJsonDataEncodedSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.forProvider.secureJsonDataEncodedSecretRef.withName
+
+```jsonnet
+spec.parameters.forProvider.secureJsonDataEncodedSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.forProvider.secureJsonDataEncodedSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.forProvider.secureJsonDataEncodedSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withHttpHeadersSecretRef
+
+```jsonnet
+spec.parameters.initProvider.withHttpHeadersSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+###### fn spec.parameters.initProvider.withHttpHeadersSecretRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withHttpHeadersSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+###### fn spec.parameters.initProvider.withJsonDataEncoded
+
+```jsonnet
+spec.parameters.initProvider.withJsonDataEncoded(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+###### fn spec.parameters.initProvider.withOrgId
+
+```jsonnet
+spec.parameters.initProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+The Organization ID. If not set, the Org ID defined in the provider block will be used.
+###### fn spec.parameters.initProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withSecureJsonDataEncodedSecretRef
+
+```jsonnet
+spec.parameters.initProvider.withSecureJsonDataEncodedSecretRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+###### fn spec.parameters.initProvider.withSecureJsonDataEncodedSecretRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withSecureJsonDataEncodedSecretRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+###### fn spec.parameters.initProvider.withUid
+
+```jsonnet
+spec.parameters.initProvider.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) Unique identifier. If unset, this will be automatically generated.
+Unique identifier. If unset, this will be automatically generated.
+###### obj spec.parameters.initProvider.organizationRef
+
+
+####### fn spec.parameters.initProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.initProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.initProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.initProvider.organizationRef.policy
+
+
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.organizationSelector
+
+
+####### fn spec.parameters.initProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.initProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.secureJsonDataEncodedSecretRef
+
+
+####### fn spec.parameters.initProvider.secureJsonDataEncodedSecretRef.withKey
+
+```jsonnet
+spec.parameters.initProvider.secureJsonDataEncodedSecretRef.withKey(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The key to select.
+####### fn spec.parameters.initProvider.secureJsonDataEncodedSecretRef.withName
+
+```jsonnet
+spec.parameters.initProvider.secureJsonDataEncodedSecretRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+####### fn spec.parameters.initProvider.secureJsonDataEncodedSecretRef.withNamespace
+
+```jsonnet
+spec.parameters.initProvider.secureJsonDataEncodedSecretRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/oss/v1alpha1/folderPermissionItem.md b/docs/raw/oss/v1alpha1/folderPermissionItem.md
new file mode 100644
index 0000000..189a837
--- /dev/null
+++ b/docs/raw/oss/v1alpha1/folderPermissionItem.md
@@ -0,0 +1,1776 @@
+# folderPermissionItem
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withFolderUid(value)`](#fn-specparametersforproviderwithfolderuid)
+      * [`fn withOrgId(value)`](#fn-specparametersforproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersforproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersforproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersforproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersforproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersforproviderwithpermission)
+      * [`fn withRole(value)`](#fn-specparametersforproviderwithrole)
+      * [`fn withTeam(value)`](#fn-specparametersforproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersforproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersforproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersforproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersforproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersforproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationselectorpolicywithresolve)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withFolderUid(value)`](#fn-specparametersinitproviderwithfolderuid)
+      * [`fn withOrgId(value)`](#fn-specparametersinitproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersinitproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersinitproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersinitproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersinitproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersinitproviderwithpermission)
+      * [`fn withRole(value)`](#fn-specparametersinitproviderwithrole)
+      * [`fn withTeam(value)`](#fn-specparametersinitproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersinitproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersinitproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersinitproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersinitproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersinitproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationselectorpolicywithresolve)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+FolderPermissionItemSpec defines the desired state of FolderPermissionItem
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+FolderPermissionItemSpec defines the desired state of FolderPermissionItem
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withFolderUid
+
+```jsonnet
+spec.parameters.forProvider.withFolderUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The UID of the folder.
+The UID of the folder.
+###### fn spec.parameters.forProvider.withOrgId
+
+```jsonnet
+spec.parameters.forProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.forProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withPermission
+
+```jsonnet
+spec.parameters.forProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.forProvider.withRole
+
+```jsonnet
+spec.parameters.forProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role onto which the permission is to be assigned
+the role onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withTeam
+
+```jsonnet
+spec.parameters.forProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withUser
+
+```jsonnet
+spec.parameters.forProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.forProvider.organizationRef
+
+
+####### fn spec.parameters.forProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.forProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.forProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.forProvider.organizationRef.policy
+
+
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.organizationSelector
+
+
+####### fn spec.parameters.forProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.forProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withFolderUid
+
+```jsonnet
+spec.parameters.initProvider.withFolderUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The UID of the folder.
+The UID of the folder.
+###### fn spec.parameters.initProvider.withOrgId
+
+```jsonnet
+spec.parameters.initProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.initProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withPermission
+
+```jsonnet
+spec.parameters.initProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.initProvider.withRole
+
+```jsonnet
+spec.parameters.initProvider.withRole(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the role onto which the permission is to be assigned
+the role onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withTeam
+
+```jsonnet
+spec.parameters.initProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withUser
+
+```jsonnet
+spec.parameters.initProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.initProvider.organizationRef
+
+
+####### fn spec.parameters.initProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.initProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.initProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.initProvider.organizationRef.policy
+
+
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.organizationSelector
+
+
+####### fn spec.parameters.initProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.initProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/docs/raw/oss/v1alpha1/serviceAccountPermissionItem.md b/docs/raw/oss/v1alpha1/serviceAccountPermissionItem.md
new file mode 100644
index 0000000..042e912
--- /dev/null
+++ b/docs/raw/oss/v1alpha1/serviceAccountPermissionItem.md
@@ -0,0 +1,1750 @@
+# serviceAccountPermissionItem
+
+
+
+## Index
+
+* [`fn new(name)`](#fn-new)
+* [`fn withApiVersion()`](#fn-withapiversion)
+* [`fn withKind()`](#fn-withkind)
+* [`fn withMetadata(value)`](#fn-withmetadata)
+* [`fn withMetadataMixin(value)`](#fn-withmetadatamixin)
+* [`fn withSpec(value)`](#fn-withspec)
+* [`fn withSpecMixin(value)`](#fn-withspecmixin)
+* [`obj metadata`](#obj-metadata)
+  * [`fn withAnnotations(value)`](#fn-metadatawithannotations)
+  * [`fn withAnnotationsMixin(value)`](#fn-metadatawithannotationsmixin)
+  * [`fn withClusterName(value)`](#fn-metadatawithclustername)
+  * [`fn withCreationTimestamp(value)`](#fn-metadatawithcreationtimestamp)
+  * [`fn withDeletionGracePeriodSeconds(value)`](#fn-metadatawithdeletiongraceperiodseconds)
+  * [`fn withDeletionTimestamp(value)`](#fn-metadatawithdeletiontimestamp)
+  * [`fn withFinalizers(value)`](#fn-metadatawithfinalizers)
+  * [`fn withFinalizersMixin(value)`](#fn-metadatawithfinalizersmixin)
+  * [`fn withGenerateName(value)`](#fn-metadatawithgeneratename)
+  * [`fn withGeneration(value)`](#fn-metadatawithgeneration)
+  * [`fn withLabels(value)`](#fn-metadatawithlabels)
+  * [`fn withLabelsMixin(value)`](#fn-metadatawithlabelsmixin)
+  * [`fn withManagedFields(value)`](#fn-metadatawithmanagedfields)
+  * [`fn withManagedFieldsMixin(value)`](#fn-metadatawithmanagedfieldsmixin)
+  * [`fn withName(value)`](#fn-metadatawithname)
+  * [`fn withNamespace(value)`](#fn-metadatawithnamespace)
+  * [`fn withOwnerReferences(value)`](#fn-metadatawithownerreferences)
+  * [`fn withOwnerReferencesMixin(value)`](#fn-metadatawithownerreferencesmixin)
+  * [`fn withResourceVersion(value)`](#fn-metadatawithresourceversion)
+  * [`fn withSelfLink(value)`](#fn-metadatawithselflink)
+  * [`fn withUid(value)`](#fn-metadatawithuid)
+* [`obj spec`](#obj-spec)
+  * [`fn withCompositionRef(value)`](#fn-specwithcompositionref)
+  * [`fn withCompositionRefMixin(value)`](#fn-specwithcompositionrefmixin)
+  * [`fn withCompositionRevisionRef(value)`](#fn-specwithcompositionrevisionref)
+  * [`fn withCompositionRevisionRefMixin(value)`](#fn-specwithcompositionrevisionrefmixin)
+  * [`fn withCompositionSelector(value)`](#fn-specwithcompositionselector)
+  * [`fn withCompositionSelectorMixin(value)`](#fn-specwithcompositionselectormixin)
+  * [`fn withCompositionUpdatePolicy(value)`](#fn-specwithcompositionupdatepolicy)
+  * [`fn withParameters(value)`](#fn-specwithparameters)
+  * [`fn withParametersMixin(value)`](#fn-specwithparametersmixin)
+  * [`fn withWriteConnectionSecretToRef(value)`](#fn-specwithwriteconnectionsecrettoref)
+  * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specwithwriteconnectionsecrettorefmixin)
+  * [`obj compositionRef`](#obj-speccompositionref)
+    * [`fn withName(value)`](#fn-speccompositionrefwithname)
+  * [`obj compositionRevisionRef`](#obj-speccompositionrevisionref)
+    * [`fn withName(value)`](#fn-speccompositionrevisionrefwithname)
+  * [`obj compositionSelector`](#obj-speccompositionselector)
+    * [`fn withMatchLabels(value)`](#fn-speccompositionselectorwithmatchlabels)
+    * [`fn withMatchLabelsMixin(value)`](#fn-speccompositionselectorwithmatchlabelsmixin)
+  * [`obj parameters`](#obj-specparameters)
+    * [`fn withDeletionPolicy(value="Delete")`](#fn-specparameterswithdeletionpolicy)
+    * [`fn withExternalName(value)`](#fn-specparameterswithexternalname)
+    * [`fn withForProvider(value)`](#fn-specparameterswithforprovider)
+    * [`fn withForProviderMixin(value)`](#fn-specparameterswithforprovidermixin)
+    * [`fn withInitProvider(value)`](#fn-specparameterswithinitprovider)
+    * [`fn withInitProviderMixin(value)`](#fn-specparameterswithinitprovidermixin)
+    * [`fn withManagementPolicies(value=["*"])`](#fn-specparameterswithmanagementpolicies)
+    * [`fn withManagementPoliciesMixin(value=["*"])`](#fn-specparameterswithmanagementpoliciesmixin)
+    * [`fn withProviderConfigRef(value={"name": "default"})`](#fn-specparameterswithproviderconfigref)
+    * [`fn withProviderConfigRefMixin(value={"name": "default"})`](#fn-specparameterswithproviderconfigrefmixin)
+    * [`fn withPublishConnectionDetailsTo(value)`](#fn-specparameterswithpublishconnectiondetailsto)
+    * [`fn withPublishConnectionDetailsToMixin(value)`](#fn-specparameterswithpublishconnectiondetailstomixin)
+    * [`fn withWriteConnectionSecretToRef(value)`](#fn-specparameterswithwriteconnectionsecrettoref)
+    * [`fn withWriteConnectionSecretToRefMixin(value)`](#fn-specparameterswithwriteconnectionsecrettorefmixin)
+    * [`obj forProvider`](#obj-specparametersforprovider)
+      * [`fn withOrgId(value)`](#fn-specparametersforproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersforproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersforproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersforproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersforproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersforproviderwithpermission)
+      * [`fn withServiceAccountId(value)`](#fn-specparametersforproviderwithserviceaccountid)
+      * [`fn withTeam(value)`](#fn-specparametersforproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersforproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersforproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersforproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersforproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersforproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersforproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersforproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersforproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersforproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersforproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersforproviderorganizationselectorpolicywithresolve)
+    * [`obj initProvider`](#obj-specparametersinitprovider)
+      * [`fn withOrgId(value)`](#fn-specparametersinitproviderwithorgid)
+      * [`fn withOrganizationRef(value)`](#fn-specparametersinitproviderwithorganizationref)
+      * [`fn withOrganizationRefMixin(value)`](#fn-specparametersinitproviderwithorganizationrefmixin)
+      * [`fn withOrganizationSelector(value)`](#fn-specparametersinitproviderwithorganizationselector)
+      * [`fn withOrganizationSelectorMixin(value)`](#fn-specparametersinitproviderwithorganizationselectormixin)
+      * [`fn withPermission(value)`](#fn-specparametersinitproviderwithpermission)
+      * [`fn withServiceAccountId(value)`](#fn-specparametersinitproviderwithserviceaccountid)
+      * [`fn withTeam(value)`](#fn-specparametersinitproviderwithteam)
+      * [`fn withUser(value)`](#fn-specparametersinitproviderwithuser)
+      * [`obj organizationRef`](#obj-specparametersinitproviderorganizationref)
+        * [`fn withName(value)`](#fn-specparametersinitproviderorganizationrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationrefwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationrefpolicywithresolve)
+      * [`obj organizationSelector`](#obj-specparametersinitproviderorganizationselector)
+        * [`fn withMatchControllerRef(value=true)`](#fn-specparametersinitproviderorganizationselectorwithmatchcontrollerref)
+        * [`fn withMatchLabels(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabels)
+        * [`fn withMatchLabelsMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithmatchlabelsmixin)
+        * [`fn withPolicy(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparametersinitproviderorganizationselectorwithpolicymixin)
+        * [`obj policy`](#obj-specparametersinitproviderorganizationselectorpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparametersinitproviderorganizationselectorpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparametersinitproviderorganizationselectorpolicywithresolve)
+    * [`obj providerConfigRef`](#obj-specparametersproviderconfigref)
+      * [`fn withName(value)`](#fn-specparametersproviderconfigrefwithname)
+      * [`fn withPolicy(value)`](#fn-specparametersproviderconfigrefwithpolicy)
+      * [`fn withPolicyMixin(value)`](#fn-specparametersproviderconfigrefwithpolicymixin)
+      * [`obj policy`](#obj-specparametersproviderconfigrefpolicy)
+        * [`fn withResolution(value="Required")`](#fn-specparametersproviderconfigrefpolicywithresolution)
+        * [`fn withResolve(value)`](#fn-specparametersproviderconfigrefpolicywithresolve)
+    * [`obj publishConnectionDetailsTo`](#obj-specparameterspublishconnectiondetailsto)
+      * [`fn withConfigRef(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigref)
+      * [`fn withConfigRefMixin(value={"name": "default"})`](#fn-specparameterspublishconnectiondetailstowithconfigrefmixin)
+      * [`fn withMetadata(value)`](#fn-specparameterspublishconnectiondetailstowithmetadata)
+      * [`fn withMetadataMixin(value)`](#fn-specparameterspublishconnectiondetailstowithmetadatamixin)
+      * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstowithname)
+      * [`obj configRef`](#obj-specparameterspublishconnectiondetailstoconfigref)
+        * [`fn withName(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithname)
+        * [`fn withPolicy(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicy)
+        * [`fn withPolicyMixin(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefwithpolicymixin)
+        * [`obj policy`](#obj-specparameterspublishconnectiondetailstoconfigrefpolicy)
+          * [`fn withResolution(value="Required")`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolution)
+          * [`fn withResolve(value)`](#fn-specparameterspublishconnectiondetailstoconfigrefpolicywithresolve)
+      * [`obj metadata`](#obj-specparameterspublishconnectiondetailstometadata)
+        * [`fn withAnnotations(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotations)
+        * [`fn withAnnotationsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithannotationsmixin)
+        * [`fn withLabels(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabels)
+        * [`fn withLabelsMixin(value)`](#fn-specparameterspublishconnectiondetailstometadatawithlabelsmixin)
+        * [`fn withType(value)`](#fn-specparameterspublishconnectiondetailstometadatawithtype)
+    * [`obj writeConnectionSecretToRef`](#obj-specparameterswriteconnectionsecrettoref)
+      * [`fn withName(value)`](#fn-specparameterswriteconnectionsecrettorefwithname)
+      * [`fn withNamespace(value)`](#fn-specparameterswriteconnectionsecrettorefwithnamespace)
+  * [`obj writeConnectionSecretToRef`](#obj-specwriteconnectionsecrettoref)
+    * [`fn withName(value)`](#fn-specwriteconnectionsecrettorefwithname)
+    * [`fn withNamespace(value)`](#fn-specwriteconnectionsecrettorefwithnamespace)
+
+## Fields
+
+### fn new
+
+```jsonnet
+new(name)
+```
+
+PARAMETERS:
+
+* **name** (`string`)
+
+`new` creates a new instance
+### fn withApiVersion
+
+```jsonnet
+withApiVersion()
+```
+
+
+
+### fn withKind
+
+```jsonnet
+withKind()
+```
+
+
+
+### fn withMetadata
+
+```jsonnet
+withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withMetadataMixin
+
+```jsonnet
+withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+### fn withSpec
+
+```jsonnet
+withSpec(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### fn withSpecMixin
+
+```jsonnet
+withSpecMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+### obj metadata
+
+
+#### fn metadata.withAnnotations
+
+```jsonnet
+metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withAnnotationsMixin
+
+```jsonnet
+metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+#### fn metadata.withClusterName
+
+```jsonnet
+metadata.withClusterName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+#### fn metadata.withCreationTimestamp
+
+```jsonnet
+metadata.withCreationTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withDeletionGracePeriodSeconds
+
+```jsonnet
+metadata.withDeletionGracePeriodSeconds(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+#### fn metadata.withDeletionTimestamp
+
+```jsonnet
+metadata.withDeletionTimestamp(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+#### fn metadata.withFinalizers
+
+```jsonnet
+metadata.withFinalizers(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withFinalizersMixin
+
+```jsonnet
+metadata.withFinalizersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+#### fn metadata.withGenerateName
+
+```jsonnet
+metadata.withGenerateName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+#### fn metadata.withGeneration
+
+```jsonnet
+metadata.withGeneration(value)
+```
+
+PARAMETERS:
+
+* **value** (`integer`)
+
+A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+#### fn metadata.withLabels
+
+```jsonnet
+metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withLabelsMixin
+
+```jsonnet
+metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+#### fn metadata.withManagedFields
+
+```jsonnet
+metadata.withManagedFields(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withManagedFieldsMixin
+
+```jsonnet
+metadata.withManagedFieldsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+#### fn metadata.withName
+
+```jsonnet
+metadata.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+#### fn metadata.withNamespace
+
+```jsonnet
+metadata.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+#### fn metadata.withOwnerReferences
+
+```jsonnet
+metadata.withOwnerReferences(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withOwnerReferencesMixin
+
+```jsonnet
+metadata.withOwnerReferencesMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+
+List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+#### fn metadata.withResourceVersion
+
+```jsonnet
+metadata.withResourceVersion(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+#### fn metadata.withSelfLink
+
+```jsonnet
+metadata.withSelfLink(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+SelfLink is a URL representing this object. Populated by the system. Read-only.
+
+DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+#### fn metadata.withUid
+
+```jsonnet
+metadata.withUid(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+### obj spec
+
+
+#### fn spec.withCompositionRef
+
+```jsonnet
+spec.withCompositionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRefMixin
+
+```jsonnet
+spec.withCompositionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRef
+
+```jsonnet
+spec.withCompositionRevisionRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionRevisionRefMixin
+
+```jsonnet
+spec.withCompositionRevisionRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelector
+
+```jsonnet
+spec.withCompositionSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionSelectorMixin
+
+```jsonnet
+spec.withCompositionSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withCompositionUpdatePolicy
+
+```jsonnet
+spec.withCompositionUpdatePolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Automatic"`, `"Manual"`
+
+
+#### fn spec.withParameters
+
+```jsonnet
+spec.withParameters(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ServiceAccountPermissionItemSpec defines the desired state of ServiceAccountPermissionItem
+#### fn spec.withParametersMixin
+
+```jsonnet
+spec.withParametersMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+ServiceAccountPermissionItemSpec defines the desired state of ServiceAccountPermissionItem
+#### fn spec.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### fn spec.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.compositionRef
+
+
+##### fn spec.compositionRef.withName
+
+```jsonnet
+spec.compositionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionRevisionRef
+
+
+##### fn spec.compositionRevisionRef.withName
+
+```jsonnet
+spec.compositionRevisionRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+#### obj spec.compositionSelector
+
+
+##### fn spec.compositionSelector.withMatchLabels
+
+```jsonnet
+spec.compositionSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.compositionSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.compositionSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+#### obj spec.parameters
+
+
+##### fn spec.parameters.withDeletionPolicy
+
+```jsonnet
+spec.parameters.withDeletionPolicy(value="Delete")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Delete"`
+   - valid values: `"Orphan"`, `"Delete"`
+
+DeletionPolicy specifies what will happen to the underlying external
+when this managed resource is deleted - either "Delete" or "Orphan" the
+external resource.
+This field is planned to be deprecated in favor of the ManagementPolicies
+field in a future release. Currently, both could be set independently and
+non-default values would be honored if the feature flag is enabled.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+##### fn spec.parameters.withExternalName
+
+```jsonnet
+spec.parameters.withExternalName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+The name of the managed resource inside the Provider.
+By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+
+Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+
+##### fn spec.parameters.withForProvider
+
+```jsonnet
+spec.parameters.withForProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withForProviderMixin
+
+```jsonnet
+spec.parameters.withForProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+
+##### fn spec.parameters.withInitProvider
+
+```jsonnet
+spec.parameters.withInitProvider(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withInitProviderMixin
+
+```jsonnet
+spec.parameters.withInitProviderMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+THIS IS A BETA FIELD. It will be honored
+unless the Management Policies feature flag is disabled.
+InitProvider holds the same fields as ForProvider, with the exception
+of Identifier and other resource reference fields. The fields that are
+in InitProvider are merged into ForProvider when the resource is created.
+The same fields are also added to the terraform ignore_changes hook, to
+avoid updating them after creation. This is useful for fields that are
+required on creation, but we do not desire to update them after creation,
+for example because of an external controller is managing them, like an
+autoscaler.
+##### fn spec.parameters.withManagementPolicies
+
+```jsonnet
+spec.parameters.withManagementPolicies(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withManagementPoliciesMixin
+
+```jsonnet
+spec.parameters.withManagementPoliciesMixin(value=["*"])
+```
+
+PARAMETERS:
+
+* **value** (`array`)
+   - default value: `["*"]`
+
+THIS IS A BETA FIELD. It is on by default but can be opted out
+through a Crossplane feature flag.
+ManagementPolicies specify the array of actions Crossplane is allowed to
+take on the managed and external resources.
+This field is planned to replace the DeletionPolicy field in a future
+release. Currently, both could be set independently and non-default
+values would be honored if the feature flag is enabled. If both are
+custom, the DeletionPolicy field will be ignored.
+See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+##### fn spec.parameters.withProviderConfigRef
+
+```jsonnet
+spec.parameters.withProviderConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withProviderConfigRefMixin
+
+```jsonnet
+spec.parameters.withProviderConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+ProviderConfigReference specifies how the provider that will be used to
+create, observe, update, and delete this managed resource should be
+configured.
+##### fn spec.parameters.withPublishConnectionDetailsTo
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsTo(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withPublishConnectionDetailsToMixin
+
+```jsonnet
+spec.parameters.withPublishConnectionDetailsToMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+PublishConnectionDetailsTo specifies the connection secret config which
+contains a name, metadata and a reference to secret store config to
+which any connection details for this managed resource should be written.
+Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+##### fn spec.parameters.withWriteConnectionSecretToRef
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### fn spec.parameters.withWriteConnectionSecretToRefMixin
+
+```jsonnet
+spec.parameters.withWriteConnectionSecretToRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+WriteConnectionSecretToReference specifies the namespace and name of a
+Secret to which any connection details for this managed resource should
+be written. Connection details frequently include the endpoint, username,
+and password required to connect to the managed resource.
+This field is planned to be replaced in a future release in favor of
+PublishConnectionDetailsTo. Currently, both could be set independently
+and connection details would be published to both without affecting
+each other.
+##### obj spec.parameters.forProvider
+
+
+###### fn spec.parameters.forProvider.withOrgId
+
+```jsonnet
+spec.parameters.forProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.forProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.forProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.forProvider.withPermission
+
+```jsonnet
+spec.parameters.forProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.forProvider.withServiceAccountId
+
+```jsonnet
+spec.parameters.forProvider.withServiceAccountId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The ID of the service account.
+The ID of the service account.
+###### fn spec.parameters.forProvider.withTeam
+
+```jsonnet
+spec.parameters.forProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.forProvider.withUser
+
+```jsonnet
+spec.parameters.forProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.forProvider.organizationRef
+
+
+####### fn spec.parameters.forProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.forProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.forProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.forProvider.organizationRef.policy
+
+
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.forProvider.organizationSelector
+
+
+####### fn spec.parameters.forProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.forProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.forProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.forProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.forProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.initProvider
+
+
+###### fn spec.parameters.initProvider.withOrgId
+
+```jsonnet
+spec.parameters.initProvider.withOrgId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+###### fn spec.parameters.initProvider.withOrganizationRef
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRef(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationRefMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationRefMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Reference to a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelector
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelector(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withOrganizationSelectorMixin
+
+```jsonnet
+spec.parameters.initProvider.withOrganizationSelectorMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Selector for a Organization in oss to populate orgId.
+###### fn spec.parameters.initProvider.withPermission
+
+```jsonnet
+spec.parameters.initProvider.withPermission(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the permission to be assigned
+the permission to be assigned
+###### fn spec.parameters.initProvider.withServiceAccountId
+
+```jsonnet
+spec.parameters.initProvider.withServiceAccountId(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) The ID of the service account.
+The ID of the service account.
+###### fn spec.parameters.initProvider.withTeam
+
+```jsonnet
+spec.parameters.initProvider.withTeam(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the team onto which the permission is to be assigned
+the team onto which the permission is to be assigned
+###### fn spec.parameters.initProvider.withUser
+
+```jsonnet
+spec.parameters.initProvider.withUser(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+(String) the user or service account onto which the permission is to be assigned
+the user or service account onto which the permission is to be assigned
+###### obj spec.parameters.initProvider.organizationRef
+
+
+####### fn spec.parameters.initProvider.organizationRef.withName
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.initProvider.organizationRef.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.initProvider.organizationRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.initProvider.organizationRef.policy
+
+
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationRef.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.initProvider.organizationSelector
+
+
+####### fn spec.parameters.initProvider.organizationSelector.withMatchControllerRef
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchControllerRef(value=true)
+```
+
+PARAMETERS:
+
+* **value** (`boolean`)
+   - default value: `true`
+
+MatchControllerRef ensures an object with the same controller reference
+as the selecting object is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabels
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withMatchLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+MatchLabels ensures an object with matching labels is selected.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicy
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### fn spec.parameters.initProvider.organizationSelector.withPolicyMixin
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for selection.
+####### obj spec.parameters.initProvider.organizationSelector.policy
+
+
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolution
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.initProvider.organizationSelector.policy.withResolve
+
+```jsonnet
+spec.parameters.initProvider.organizationSelector.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.providerConfigRef
+
+
+###### fn spec.parameters.providerConfigRef.withName
+
+```jsonnet
+spec.parameters.providerConfigRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+###### fn spec.parameters.providerConfigRef.withPolicy
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### fn spec.parameters.providerConfigRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.providerConfigRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+###### obj spec.parameters.providerConfigRef.policy
+
+
+####### fn spec.parameters.providerConfigRef.policy.withResolution
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+####### fn spec.parameters.providerConfigRef.policy.withResolve
+
+```jsonnet
+spec.parameters.providerConfigRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+##### obj spec.parameters.publishConnectionDetailsTo
+
+
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRef
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRef(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withConfigRefMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withConfigRefMixin(value={"name": "default"})
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+   - default value: `{"name": "default"}`
+
+SecretStoreConfigRef specifies which secret store config should be used
+for this ConnectionSecret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadata
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadata(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withMetadataMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withMetadataMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Metadata is the metadata for connection secret.
+###### fn spec.parameters.publishConnectionDetailsTo.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name is the name of the connection secret.
+###### obj spec.parameters.publishConnectionDetailsTo.configRef
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withName
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the referenced object.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicy
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicy(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### fn spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.withPolicyMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Policies for referencing.
+####### obj spec.parameters.publishConnectionDetailsTo.configRef.policy
+
+
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolution(value="Required")
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - default value: `"Required"`
+   - valid values: `"Required"`, `"Optional"`
+
+Resolution specifies whether resolution of this reference is required.
+The default is 'Required', which means the reconcile will fail if the
+reference cannot be resolved. 'Optional' means this reference will be
+a no-op if it cannot be resolved.
+######## fn spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.configRef.policy.withResolve(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+   - valid values: `"Always"`, `"IfNotPresent"`
+
+Resolve specifies when this reference should be resolved. The default
+is 'IfNotPresent', which will attempt to resolve the reference only when
+the corresponding field is not present. Use 'Always' to resolve the
+reference on every reconcile.
+###### obj spec.parameters.publishConnectionDetailsTo.metadata
+
+
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotations(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withAnnotationsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Annotations are the annotations to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.annotations".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabels
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabels(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withLabelsMixin(value)
+```
+
+PARAMETERS:
+
+* **value** (`object`)
+
+Labels are the labels/tags to be added to connection secret.
+- For Kubernetes secrets, this will be used as "metadata.labels".
+- It is up to Secret Store implementation for others store types.
+####### fn spec.parameters.publishConnectionDetailsTo.metadata.withType
+
+```jsonnet
+spec.parameters.publishConnectionDetailsTo.metadata.withType(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Type is the SecretType for the connection secret.
+- Only valid for Kubernetes Secret Stores.
+##### obj spec.parameters.writeConnectionSecretToRef
+
+
+###### fn spec.parameters.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Name of the secret.
+###### fn spec.parameters.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.parameters.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+Namespace of the secret.
+#### obj spec.writeConnectionSecretToRef
+
+
+##### fn spec.writeConnectionSecretToRef.withName
+
+```jsonnet
+spec.writeConnectionSecretToRef.withName(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
+
+##### fn spec.writeConnectionSecretToRef.withNamespace
+
+```jsonnet
+spec.writeConnectionSecretToRef.withNamespace(value)
+```
+
+PARAMETERS:
+
+* **value** (`string`)
+
diff --git a/generator/crds.yaml b/generator/crds.yaml
index 0c5d332..889f2cd 100644
--- a/generator/crds.yaml
+++ b/generator/crds.yaml
@@ -11259,7 +11259,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: plugininstallations.cloud.grafana.crossplane.io
+  name: orgmembers.cloud.grafana.crossplane.io
 spec:
   group: cloud.grafana.crossplane.io
   names:
@@ -11267,10 +11267,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: PluginInstallation
-    listKind: PluginInstallationList
-    plural: plugininstallations
-    singular: plugininstallation
+    kind: OrgMember
+    listKind: OrgMemberList
+    plural: orgmembers
+    singular: orgmember
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -11289,9 +11289,7 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'PluginInstallation is the Schema for the PluginInstallations
-          API. Manages Grafana Cloud Plugin Installations. Plugin Catalog https://grafana.com/grafana/plugins/
-          Required access policy scopes: stack-plugins:readstack-plugins:writestack-plugins:delete'
+        description: OrgMember is the Schema for the OrgMembers API. <no value>
         properties:
           apiVersion:
             description: |-
@@ -11311,7 +11309,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: PluginInstallationSpec defines the desired state of PluginInstallation
+            description: OrgMemberSpec defines the desired state of OrgMember
             properties:
               deletionPolicy:
                 default: Delete
@@ -11329,94 +11327,17 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  cloudStackRef:
-                    description: Reference to a Stack in cloud to populate stackSlug.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  cloudStackSelector:
-                    description: Selector for a Stack in cloud to populate stackSlug.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  slug:
-                    description: |-
-                      (String) Slug of the plugin to be installed.
-                      Slug of the plugin to be installed.
+                  org:
+                    description: The slug or ID of the organization.
                     type: string
-                  stackSlug:
-                    description: |-
-                      (String) The stack id to which the plugin should be installed.
-                      The stack id to which the plugin should be installed.
+                  receiveBillingEmails:
+                    description: Whether the user should receive billing emails.
+                    type: boolean
+                  role:
+                    description: The role to assign to the user in the organization.
                     type: string
-                  version:
-                    description: |-
-                      (String) Version of the plugin to be installed.
-                      Version of the plugin to be installed.
+                  user:
+                    description: Username or ID of the user to add to the org's members.
                     type: string
                 type: object
               initProvider:
@@ -11432,94 +11353,17 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  cloudStackRef:
-                    description: Reference to a Stack in cloud to populate stackSlug.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  cloudStackSelector:
-                    description: Selector for a Stack in cloud to populate stackSlug.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  slug:
-                    description: |-
-                      (String) Slug of the plugin to be installed.
-                      Slug of the plugin to be installed.
+                  org:
+                    description: The slug or ID of the organization.
                     type: string
-                  stackSlug:
-                    description: |-
-                      (String) The stack id to which the plugin should be installed.
-                      The stack id to which the plugin should be installed.
+                  receiveBillingEmails:
+                    description: Whether the user should receive billing emails.
+                    type: boolean
+                  role:
+                    description: The role to assign to the user in the organization.
                     type: string
-                  version:
-                    description: |-
-                      (String) Version of the plugin to be installed.
-                      Version of the plugin to be installed.
+                  user:
+                    description: Username or ID of the user to add to the org's members.
                     type: string
                 type: object
               managementPolicies:
@@ -11690,36 +11534,36 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.slug is a required parameter
+            - message: spec.forProvider.org is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.slug)
-                || (has(self.initProvider) && has(self.initProvider.slug))'
-            - message: spec.forProvider.version is a required parameter
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.org)
+                || (has(self.initProvider) && has(self.initProvider.org))'
+            - message: spec.forProvider.role is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.version)
-                || (has(self.initProvider) && has(self.initProvider.version))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.role)
+                || (has(self.initProvider) && has(self.initProvider.role))'
+            - message: spec.forProvider.user is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.user)
+                || (has(self.initProvider) && has(self.initProvider.user))'
           status:
-            description: PluginInstallationStatus defines the observed state of PluginInstallation.
+            description: OrgMemberStatus defines the observed state of OrgMember.
             properties:
               atProvider:
                 properties:
                   id:
-                    description: (String) The ID of this resource.
                     type: string
-                  slug:
-                    description: |-
-                      (String) Slug of the plugin to be installed.
-                      Slug of the plugin to be installed.
+                  org:
+                    description: The slug or ID of the organization.
                     type: string
-                  stackSlug:
-                    description: |-
-                      (String) The stack id to which the plugin should be installed.
-                      The stack id to which the plugin should be installed.
+                  receiveBillingEmails:
+                    description: Whether the user should receive billing emails.
+                    type: boolean
+                  role:
+                    description: The role to assign to the user in the organization.
                     type: string
-                  version:
-                    description: |-
-                      (String) Version of the plugin to be installed.
-                      Version of the plugin to be installed.
+                  user:
+                    description: Username or ID of the user to add to the org's members.
                     type: string
                 type: object
               conditions:
@@ -11789,7 +11633,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: stacks.cloud.grafana.crossplane.io
+  name: plugininstallations.cloud.grafana.crossplane.io
 spec:
   group: cloud.grafana.crossplane.io
   names:
@@ -11797,10 +11641,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: Stack
-    listKind: StackList
-    plural: stacks
-    singular: stack
+    kind: PluginInstallation
+    listKind: PluginInstallationList
+    plural: plugininstallations
+    singular: plugininstallation
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -11819,9 +11663,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'Stack is the Schema for the Stacks API. Official documentation
-          https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#stacks/
-          Required access policy scopes: stacks:readstacks:writestacks:delete'
+        description: 'PluginInstallation is the Schema for the PluginInstallations
+          API. Manages Grafana Cloud Plugin Installations. Plugin Catalog https://grafana.com/grafana/plugins/
+          Required access policy scopes: stack-plugins:readstack-plugins:writestack-plugins:delete'
         properties:
           apiVersion:
             description: |-
@@ -11841,7 +11685,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: StackSpec defines the desired state of Stack
+            description: PluginInstallationSpec defines the desired state of PluginInstallation
             properties:
               deletionPolicy:
                 default: Delete
@@ -11859,48 +11703,94 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  description:
-                    description: |-
-                      (String) Description of stack.
-                      Description of stack.
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      zA-Z0-9/\-.]+$" and stacks cannot have more than 10 labels.
-                      A map of labels to assign to the stack. Label keys and values must match the following regexp: "^[a-zA-Z0-9/\\-.]+$" and stacks cannot have more than 10 labels.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  name:
-                    description: |-
-                      (String) Name of stack. Conventionally matches the url of the instance (e.g. <stack_slug>.grafana.net).
-                      Name of stack. Conventionally matches the url of the instance (e.g. `<stack_slug>.grafana.net`).
-                    type: string
-                  regionSlug:
-                    description: |-
-                      cloud/developer-resources/api-reference/cloud-api/#list-regions.
-                      Region slug to assign to this stack. Changing region will destroy the existing stack and create a new one in the desired region. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
-                    type: string
-                  slug:
+                  cloudStackRef:
+                    description: Reference to a Stack in cloud to populate stackSlug.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  cloudStackSelector:
+                    description: Selector for a Stack in cloud to populate stackSlug.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  slug:
                     description: |-
-                      (String) Subdomain that the Grafana instance will be available at. Setting slug to <stack_slug> will make the instance available at https://<stack_slug>.grafana.net.
-                      Subdomain that the Grafana instance will be available at. Setting slug to `<stack_slug>` will make the instance available at `https://<stack_slug>.grafana.net`.
+                      (String) Slug of the plugin to be installed.
+                      Slug of the plugin to be installed.
                     type: string
-                  url:
+                  stackSlug:
                     description: |-
-                      (String) Custom URL for the Grafana instance. Must have a CNAME setup to point to .grafana.net before creating the stack
-                      Custom URL for the Grafana instance. Must have a CNAME setup to point to `.grafana.net` before creating the stack
+                      (String) The stack id to which the plugin should be installed.
+                      The stack id to which the plugin should be installed.
                     type: string
-                  waitForReadiness:
-                    description: |-
-                      (Boolean) Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to true.
-                      Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to `true`.
-                    type: boolean
-                  waitForReadinessTimeout:
+                  version:
                     description: |-
-                      (String) How long to wait for readiness (if enabled). Defaults to 5m0s.
-                      How long to wait for readiness (if enabled). Defaults to `5m0s`.
+                      (String) Version of the plugin to be installed.
+                      Version of the plugin to be installed.
                     type: string
                 type: object
               initProvider:
@@ -11916,48 +11806,94 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  description:
-                    description: |-
-                      (String) Description of stack.
-                      Description of stack.
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      zA-Z0-9/\-.]+$" and stacks cannot have more than 10 labels.
-                      A map of labels to assign to the stack. Label keys and values must match the following regexp: "^[a-zA-Z0-9/\\-.]+$" and stacks cannot have more than 10 labels.
+                  cloudStackRef:
+                    description: Reference to a Stack in cloud to populate stackSlug.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  cloudStackSelector:
+                    description: Selector for a Stack in cloud to populate stackSlug.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
                     type: object
-                    x-kubernetes-map-type: granular
-                  name:
-                    description: |-
-                      (String) Name of stack. Conventionally matches the url of the instance (e.g. <stack_slug>.grafana.net).
-                      Name of stack. Conventionally matches the url of the instance (e.g. `<stack_slug>.grafana.net`).
-                    type: string
-                  regionSlug:
-                    description: |-
-                      cloud/developer-resources/api-reference/cloud-api/#list-regions.
-                      Region slug to assign to this stack. Changing region will destroy the existing stack and create a new one in the desired region. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
-                    type: string
                   slug:
                     description: |-
-                      (String) Subdomain that the Grafana instance will be available at. Setting slug to <stack_slug> will make the instance available at https://<stack_slug>.grafana.net.
-                      Subdomain that the Grafana instance will be available at. Setting slug to `<stack_slug>` will make the instance available at `https://<stack_slug>.grafana.net`.
+                      (String) Slug of the plugin to be installed.
+                      Slug of the plugin to be installed.
                     type: string
-                  url:
+                  stackSlug:
                     description: |-
-                      (String) Custom URL for the Grafana instance. Must have a CNAME setup to point to .grafana.net before creating the stack
-                      Custom URL for the Grafana instance. Must have a CNAME setup to point to `.grafana.net` before creating the stack
+                      (String) The stack id to which the plugin should be installed.
+                      The stack id to which the plugin should be installed.
                     type: string
-                  waitForReadiness:
-                    description: |-
-                      (Boolean) Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to true.
-                      Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to `true`.
-                    type: boolean
-                  waitForReadinessTimeout:
+                  version:
                     description: |-
-                      (String) How long to wait for readiness (if enabled). Defaults to 5m0s.
-                      How long to wait for readiness (if enabled). Defaults to `5m0s`.
+                      (String) Version of the plugin to be installed.
+                      Version of the plugin to be installed.
                     type: string
                 type: object
               managementPolicies:
@@ -12128,194 +12064,36 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
             - message: spec.forProvider.slug is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.slug)
                 || (has(self.initProvider) && has(self.initProvider.slug))'
+            - message: spec.forProvider.version is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.version)
+                || (has(self.initProvider) && has(self.initProvider.version))'
           status:
-            description: StackStatus defines the observed state of Stack.
+            description: PluginInstallationStatus defines the observed state of PluginInstallation.
             properties:
               atProvider:
                 properties:
-                  alertmanagerName:
-                    description: |-
-                      (String) Name of the Alertmanager instance configured for this stack.
-                      Name of the Alertmanager instance configured for this stack.
+                  id:
+                    description: (String) The ID of this resource.
                     type: string
-                  alertmanagerStatus:
+                  slug:
                     description: |-
-                      (String) Status of the Alertmanager instance configured for this stack.
-                      Status of the Alertmanager instance configured for this stack.
+                      (String) Slug of the plugin to be installed.
+                      Slug of the plugin to be installed.
                     type: string
-                  alertmanagerUrl:
+                  stackSlug:
                     description: |-
-                      (String) Base URL of the Alertmanager instance configured for this stack.
-                      Base URL of the Alertmanager instance configured for this stack.
+                      (String) The stack id to which the plugin should be installed.
+                      The stack id to which the plugin should be installed.
                     type: string
-                  alertmanagerUserId:
-                    description: |-
-                      (Number) User ID of the Alertmanager instance configured for this stack.
-                      User ID of the Alertmanager instance configured for this stack.
-                    type: number
-                  description:
+                  version:
                     description: |-
-                      (String) Description of stack.
-                      Description of stack.
-                    type: string
-                  graphiteName:
-                    description: (String)
-                    type: string
-                  graphiteStatus:
-                    description: (String)
-                    type: string
-                  graphiteUrl:
-                    description: (String)
-                    type: string
-                  graphiteUserId:
-                    description: (Number)
-                    type: number
-                  id:
-                    description: (String) The stack id assigned to this stack by Grafana.
-                    type: string
-                  influxUrl:
-                    description: |-
-                      cloud/send-data/metrics/metrics-influxdb/push-from-telegraf/ for docs on how to use this.
-                      Base URL of the InfluxDB instance configured for this stack. The username is the same as the metrics' (`prometheus_user_id` attribute of this resource). See https://grafana.com/docs/grafana-cloud/send-data/metrics/metrics-influxdb/push-from-telegraf/ for docs on how to use this.
-                    type: string
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      zA-Z0-9/\-.]+$" and stacks cannot have more than 10 labels.
-                      A map of labels to assign to the stack. Label keys and values must match the following regexp: "^[a-zA-Z0-9/\\-.]+$" and stacks cannot have more than 10 labels.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  logsName:
-                    description: (String)
-                    type: string
-                  logsStatus:
-                    description: (String)
-                    type: string
-                  logsUrl:
-                    description: (String)
-                    type: string
-                  logsUserId:
-                    description: (Number)
-                    type: number
-                  name:
-                    description: |-
-                      (String) Name of stack. Conventionally matches the url of the instance (e.g. <stack_slug>.grafana.net).
-                      Name of stack. Conventionally matches the url of the instance (e.g. `<stack_slug>.grafana.net`).
-                    type: string
-                  orgId:
-                    description: |-
-                      (Number) Organization id to assign to this stack.
-                      Organization id to assign to this stack.
-                    type: number
-                  orgName:
-                    description: |-
-                      (String) Organization name to assign to this stack.
-                      Organization name to assign to this stack.
-                    type: string
-                  orgSlug:
-                    description: |-
-                      (String) Organization slug to assign to this stack.
-                      Organization slug to assign to this stack.
-                    type: string
-                  otlpUrl:
-                    description: |-
-                      cloud/send-data/otlp/send-data-otlp/ for docs on how to use this.
-                      Base URL of the OTLP instance configured for this stack. The username is the stack's ID (`id` attribute of this resource). See https://grafana.com/docs/grafana-cloud/send-data/otlp/send-data-otlp/ for docs on how to use this.
-                    type: string
-                  profilesName:
-                    description: (String)
-                    type: string
-                  profilesStatus:
-                    description: (String)
-                    type: string
-                  profilesUrl:
-                    description: (String)
-                    type: string
-                  profilesUserId:
-                    description: (Number)
-                    type: number
-                  prometheusName:
-                    description: |-
-                      (String) Prometheus name for this instance.
-                      Prometheus name for this instance.
-                    type: string
-                  prometheusRemoteEndpoint:
-                    description: |-
-                      (String) Use this URL to query hosted metrics data e.g. Prometheus data source in Grafana
-                      Use this URL to query hosted metrics data e.g. Prometheus data source in Grafana
-                    type: string
-                  prometheusRemoteWriteEndpoint:
-                    description: |-
-                      (String) Use this URL to send prometheus metrics to Grafana cloud
-                      Use this URL to send prometheus metrics to Grafana cloud
-                    type: string
-                  prometheusStatus:
-                    description: |-
-                      (String) Prometheus status for this instance.
-                      Prometheus status for this instance.
-                    type: string
-                  prometheusUrl:
-                    description: |-
-                      (String) Prometheus url for this instance.
-                      Prometheus url for this instance.
-                    type: string
-                  prometheusUserId:
-                    description: |-
-                      (Number) Prometheus user ID. Used for e.g. remote_write.
-                      Prometheus user ID. Used for e.g. remote_write.
-                    type: number
-                  regionSlug:
-                    description: |-
-                      cloud/developer-resources/api-reference/cloud-api/#list-regions.
-                      Region slug to assign to this stack. Changing region will destroy the existing stack and create a new one in the desired region. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
-                    type: string
-                  slug:
-                    description: |-
-                      (String) Subdomain that the Grafana instance will be available at. Setting slug to <stack_slug> will make the instance available at https://<stack_slug>.grafana.net.
-                      Subdomain that the Grafana instance will be available at. Setting slug to `<stack_slug>` will make the instance available at `https://<stack_slug>.grafana.net`.
-                    type: string
-                  status:
-                    description: |-
-                      (String) Status of the stack.
-                      Status of the stack.
-                    type: string
-                  tracesName:
-                    description: (String)
-                    type: string
-                  tracesStatus:
-                    description: (String)
-                    type: string
-                  tracesUrl:
-                    description: |-
-                      (String) Base URL of the Traces instance configured for this stack. To use this in the Tempo data source in Grafana, append /tempo to the URL.
-                      Base URL of the Traces instance configured for this stack. To use this in the Tempo data source in Grafana, append `/tempo` to the URL.
-                    type: string
-                  tracesUserId:
-                    description: (Number)
-                    type: number
-                  url:
-                    description: |-
-                      (String) Custom URL for the Grafana instance. Must have a CNAME setup to point to .grafana.net before creating the stack
-                      Custom URL for the Grafana instance. Must have a CNAME setup to point to `.grafana.net` before creating the stack
-                    type: string
-                  waitForReadiness:
-                    description: |-
-                      (Boolean) Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to true.
-                      Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to `true`.
-                    type: boolean
-                  waitForReadinessTimeout:
-                    description: |-
-                      (String) How long to wait for readiness (if enabled). Defaults to 5m0s.
-                      How long to wait for readiness (if enabled). Defaults to `5m0s`.
+                      (String) Version of the plugin to be installed.
+                      Version of the plugin to be installed.
                     type: string
                 type: object
               conditions:
@@ -12385,7 +12163,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: stackserviceaccounts.cloud.grafana.crossplane.io
+  name: stacks.cloud.grafana.crossplane.io
 spec:
   group: cloud.grafana.crossplane.io
   names:
@@ -12393,10 +12171,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: StackServiceAccount
-    listKind: StackServiceAccountList
-    plural: stackserviceaccounts
-    singular: stackserviceaccount
+    kind: Stack
+    listKind: StackList
+    plural: stacks
+    singular: stack
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -12415,12 +12193,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'StackServiceAccount is the Schema for the StackServiceAccounts
-          API. Manages service accounts of a Grafana Cloud stack using the Cloud API
-          This can be used to bootstrap a management service account for a new stack
-          Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api
-          Required access policy scopes: stacks:readstack-service-accounts:write'
+        description: 'Stack is the Schema for the Stacks API. Official documentation
+          https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#stacks/
+          Required access policy scopes: stacks:readstacks:writestacks:delete'
         properties:
           apiVersion:
             description: |-
@@ -12440,7 +12215,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: StackServiceAccountSpec defines the desired state of StackServiceAccount
+            description: StackSpec defines the desired state of Stack
             properties:
               deletionPolicy:
                 default: Delete
@@ -12458,97 +12233,48 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  cloudStackRef:
-                    description: Reference to a Stack in cloud to populate stackSlug.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  cloudStackSelector:
-                    description: Selector for a Stack in cloud to populate stackSlug.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  isDisabled:
-                    description: |-
-                      (Boolean) The disabled status for the service account. Defaults to false.
-                      The disabled status for the service account. Defaults to `false`.
-                    type: boolean
-                  name:
+                  description:
                     description: |-
-                      (String) The name of the service account.
-                      The name of the service account.
+                      (String) Description of stack.
+                      Description of stack.
                     type: string
-                  role:
+                  labels:
+                    additionalProperties:
+                      type: string
                     description: |-
-                      (String) The basic role of the service account in the organization.
-                      The basic role of the service account in the organization.
+                      zA-Z0-9/\-.]+$" and stacks cannot have more than 10 labels.
+                      A map of labels to assign to the stack. Label keys and values must match the following regexp: "^[a-zA-Z0-9/\\-.]+$" and stacks cannot have more than 10 labels.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  name:
+                    description: |-
+                      (String) Name of stack. Conventionally matches the url of the instance (e.g. <stack_slug>.grafana.net).
+                      Name of stack. Conventionally matches the url of the instance (e.g. `<stack_slug>.grafana.net`).
                     type: string
-                  stackSlug:
-                    description: (String)
+                  regionSlug:
+                    description: |-
+                      cloud/developer-resources/api-reference/cloud-api/#list-regions.
+                      Region slug to assign to this stack. Changing region will destroy the existing stack and create a new one in the desired region. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
+                    type: string
+                  slug:
+                    description: |-
+                      (String) Subdomain that the Grafana instance will be available at. Setting slug to <stack_slug> will make the instance available at https://<stack_slug>.grafana.net.
+                      Subdomain that the Grafana instance will be available at. Setting slug to `<stack_slug>` will make the instance available at `https://<stack_slug>.grafana.net`.
+                    type: string
+                  url:
+                    description: |-
+                      (String) Custom URL for the Grafana instance. Must have a CNAME setup to point to .grafana.net before creating the stack
+                      Custom URL for the Grafana instance. Must have a CNAME setup to point to `.grafana.net` before creating the stack
+                    type: string
+                  waitForReadiness:
+                    description: |-
+                      (Boolean) Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to true.
+                      Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to `true`.
+                    type: boolean
+                  waitForReadinessTimeout:
+                    description: |-
+                      (String) How long to wait for readiness (if enabled). Defaults to 5m0s.
+                      How long to wait for readiness (if enabled). Defaults to `5m0s`.
                     type: string
                 type: object
               initProvider:
@@ -12564,97 +12290,48 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  cloudStackRef:
-                    description: Reference to a Stack in cloud to populate stackSlug.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  cloudStackSelector:
-                    description: Selector for a Stack in cloud to populate stackSlug.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  isDisabled:
+                  description:
                     description: |-
-                      (Boolean) The disabled status for the service account. Defaults to false.
-                      The disabled status for the service account. Defaults to `false`.
-                    type: boolean
+                      (String) Description of stack.
+                      Description of stack.
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      zA-Z0-9/\-.]+$" and stacks cannot have more than 10 labels.
+                      A map of labels to assign to the stack. Label keys and values must match the following regexp: "^[a-zA-Z0-9/\\-.]+$" and stacks cannot have more than 10 labels.
+                    type: object
+                    x-kubernetes-map-type: granular
                   name:
                     description: |-
-                      (String) The name of the service account.
-                      The name of the service account.
+                      (String) Name of stack. Conventionally matches the url of the instance (e.g. <stack_slug>.grafana.net).
+                      Name of stack. Conventionally matches the url of the instance (e.g. `<stack_slug>.grafana.net`).
                     type: string
-                  role:
+                  regionSlug:
                     description: |-
-                      (String) The basic role of the service account in the organization.
-                      The basic role of the service account in the organization.
+                      cloud/developer-resources/api-reference/cloud-api/#list-regions.
+                      Region slug to assign to this stack. Changing region will destroy the existing stack and create a new one in the desired region. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
                     type: string
-                  stackSlug:
-                    description: (String)
+                  slug:
+                    description: |-
+                      (String) Subdomain that the Grafana instance will be available at. Setting slug to <stack_slug> will make the instance available at https://<stack_slug>.grafana.net.
+                      Subdomain that the Grafana instance will be available at. Setting slug to `<stack_slug>` will make the instance available at `https://<stack_slug>.grafana.net`.
+                    type: string
+                  url:
+                    description: |-
+                      (String) Custom URL for the Grafana instance. Must have a CNAME setup to point to .grafana.net before creating the stack
+                      Custom URL for the Grafana instance. Must have a CNAME setup to point to `.grafana.net` before creating the stack
+                    type: string
+                  waitForReadiness:
+                    description: |-
+                      (Boolean) Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to true.
+                      Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to `true`.
+                    type: boolean
+                  waitForReadinessTimeout:
+                    description: |-
+                      (String) How long to wait for readiness (if enabled). Defaults to 5m0s.
+                      How long to wait for readiness (if enabled). Defaults to `5m0s`.
                     type: string
                 type: object
               managementPolicies:
@@ -12829,76 +12506,231 @@ spec:
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
                 || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.role is a required parameter
+            - message: spec.forProvider.slug is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.role)
-                || (has(self.initProvider) && has(self.initProvider.role))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.slug)
+                || (has(self.initProvider) && has(self.initProvider.slug))'
           status:
-            description: StackServiceAccountStatus defines the observed state of StackServiceAccount.
+            description: StackStatus defines the observed state of Stack.
             properties:
               atProvider:
                 properties:
-                  id:
-                    description: (String) The ID of this resource.
+                  alertmanagerName:
+                    description: |-
+                      (String) Name of the Alertmanager instance configured for this stack.
+                      Name of the Alertmanager instance configured for this stack.
                     type: string
-                  isDisabled:
+                  alertmanagerStatus:
                     description: |-
-                      (Boolean) The disabled status for the service account. Defaults to false.
-                      The disabled status for the service account. Defaults to `false`.
-                    type: boolean
-                  name:
+                      (String) Status of the Alertmanager instance configured for this stack.
+                      Status of the Alertmanager instance configured for this stack.
+                    type: string
+                  alertmanagerUrl:
                     description: |-
-                      (String) The name of the service account.
-                      The name of the service account.
+                      (String) Base URL of the Alertmanager instance configured for this stack.
+                      Base URL of the Alertmanager instance configured for this stack.
                     type: string
-                  role:
+                  alertmanagerUserId:
                     description: |-
-                      (String) The basic role of the service account in the organization.
-                      The basic role of the service account in the organization.
+                      (Number) User ID of the Alertmanager instance configured for this stack.
+                      User ID of the Alertmanager instance configured for this stack.
+                    type: number
+                  description:
+                    description: |-
+                      (String) Description of stack.
+                      Description of stack.
                     type: string
-                  stackSlug:
+                  graphiteName:
                     description: (String)
                     type: string
-                type: object
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
+                  graphiteStatus:
+                    description: (String)
+                    type: string
+                  graphiteUrl:
+                    description: (String)
+                    type: string
+                  graphiteUserId:
+                    description: (Number)
+                    type: number
+                  id:
+                    description: (String) The stack id assigned to this stack by Grafana.
+                    type: string
+                  influxUrl:
+                    description: |-
+                      cloud/send-data/metrics/metrics-influxdb/push-from-telegraf/ for docs on how to use this.
+                      Base URL of the InfluxDB instance configured for this stack. The username is the same as the metrics' (`prometheus_user_id` attribute of this resource). See https://grafana.com/docs/grafana-cloud/send-data/metrics/metrics-influxdb/push-from-telegraf/ for docs on how to use this.
+                    type: string
+                  labels:
+                    additionalProperties:
                       type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
+                    description: |-
+                      zA-Z0-9/\-.]+$" and stacks cannot have more than 10 labels.
+                      A map of labels to assign to the stack. Label keys and values must match the following regexp: "^[a-zA-Z0-9/\\-.]+$" and stacks cannot have more than 10 labels.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  logsName:
+                    description: (String)
+                    type: string
+                  logsStatus:
+                    description: (String)
+                    type: string
+                  logsUrl:
+                    description: (String)
+                    type: string
+                  logsUserId:
+                    description: (Number)
+                    type: number
+                  name:
+                    description: |-
+                      (String) Name of stack. Conventionally matches the url of the instance (e.g. <stack_slug>.grafana.net).
+                      Name of stack. Conventionally matches the url of the instance (e.g. `<stack_slug>.grafana.net`).
+                    type: string
+                  orgId:
+                    description: |-
+                      (Number) Organization id to assign to this stack.
+                      Organization id to assign to this stack.
+                    type: number
+                  orgName:
+                    description: |-
+                      (String) Organization name to assign to this stack.
+                      Organization name to assign to this stack.
+                    type: string
+                  orgSlug:
+                    description: |-
+                      (String) Organization slug to assign to this stack.
+                      Organization slug to assign to this stack.
+                    type: string
+                  otlpUrl:
+                    description: |-
+                      cloud/send-data/otlp/send-data-otlp/ for docs on how to use this.
+                      Base URL of the OTLP instance configured for this stack. The username is the stack's ID (`id` attribute of this resource). See https://grafana.com/docs/grafana-cloud/send-data/otlp/send-data-otlp/ for docs on how to use this.
+                    type: string
+                  profilesName:
+                    description: (String)
+                    type: string
+                  profilesStatus:
+                    description: (String)
+                    type: string
+                  profilesUrl:
+                    description: (String)
+                    type: string
+                  profilesUserId:
+                    description: (Number)
+                    type: number
+                  prometheusName:
+                    description: |-
+                      (String) Prometheus name for this instance.
+                      Prometheus name for this instance.
+                    type: string
+                  prometheusRemoteEndpoint:
+                    description: |-
+                      (String) Use this URL to query hosted metrics data e.g. Prometheus data source in Grafana
+                      Use this URL to query hosted metrics data e.g. Prometheus data source in Grafana
+                    type: string
+                  prometheusRemoteWriteEndpoint:
+                    description: |-
+                      (String) Use this URL to send prometheus metrics to Grafana cloud
+                      Use this URL to send prometheus metrics to Grafana cloud
+                    type: string
+                  prometheusStatus:
+                    description: |-
+                      (String) Prometheus status for this instance.
+                      Prometheus status for this instance.
+                    type: string
+                  prometheusUrl:
+                    description: |-
+                      (String) Prometheus url for this instance.
+                      Prometheus url for this instance.
+                    type: string
+                  prometheusUserId:
+                    description: |-
+                      (Number) Prometheus user ID. Used for e.g. remote_write.
+                      Prometheus user ID. Used for e.g. remote_write.
+                    type: number
+                  regionSlug:
+                    description: |-
+                      cloud/developer-resources/api-reference/cloud-api/#list-regions.
+                      Region slug to assign to this stack. Changing region will destroy the existing stack and create a new one in the desired region. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
+                    type: string
+                  slug:
+                    description: |-
+                      (String) Subdomain that the Grafana instance will be available at. Setting slug to <stack_slug> will make the instance available at https://<stack_slug>.grafana.net.
+                      Subdomain that the Grafana instance will be available at. Setting slug to `<stack_slug>` will make the instance available at `https://<stack_slug>.grafana.net`.
+                    type: string
+                  status:
+                    description: |-
+                      (String) Status of the stack.
+                      Status of the stack.
+                    type: string
+                  tracesName:
+                    description: (String)
+                    type: string
+                  tracesStatus:
+                    description: (String)
+                    type: string
+                  tracesUrl:
+                    description: |-
+                      (String) Base URL of the Traces instance configured for this stack. To use this in the Tempo data source in Grafana, append /tempo to the URL.
+                      Base URL of the Traces instance configured for this stack. To use this in the Tempo data source in Grafana, append `/tempo` to the URL.
+                    type: string
+                  tracesUserId:
+                    description: (Number)
+                    type: number
+                  url:
+                    description: |-
+                      (String) Custom URL for the Grafana instance. Must have a CNAME setup to point to .grafana.net before creating the stack
+                      Custom URL for the Grafana instance. Must have a CNAME setup to point to `.grafana.net` before creating the stack
+                    type: string
+                  waitForReadiness:
+                    description: |-
+                      (Boolean) Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to true.
+                      Whether to wait for readiness of the stack after creating it. The check is a HEAD request to the stack URL (Grafana instance). Defaults to `true`.
+                    type: boolean
+                  waitForReadinessTimeout:
+                    description: |-
+                      (String) How long to wait for readiness (if enabled). Defaults to 5m0s.
+                      How long to wait for readiness (if enabled). Defaults to `5m0s`.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
                   - status
                   - type
                   type: object
@@ -12927,7 +12759,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: stackserviceaccounttokens.cloud.grafana.crossplane.io
+  name: stackserviceaccounts.cloud.grafana.crossplane.io
 spec:
   group: cloud.grafana.crossplane.io
   names:
@@ -12935,10 +12767,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: StackServiceAccountToken
-    listKind: StackServiceAccountTokenList
-    plural: stackserviceaccounttokens
-    singular: stackserviceaccounttoken
+    kind: StackServiceAccount
+    listKind: StackServiceAccountList
+    plural: stackserviceaccounts
+    singular: stackserviceaccount
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -12957,12 +12789,12 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'StackServiceAccountToken is the Schema for the StackServiceAccountTokens
-          API. Manages service account tokens of a Grafana Cloud stack using the Cloud
-          API This can be used to bootstrap a management service account token for
-          a new stack Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/HTTP
+        description: 'StackServiceAccount is the Schema for the StackServiceAccounts
+          API. Manages service accounts of a Grafana Cloud stack using the Cloud API
+          This can be used to bootstrap a management service account for a new stack
+          Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/HTTP
           API https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api
-          Required access policy scopes: stack-service-accounts:write'
+          Required access policy scopes: stacks:readstack-service-accounts:write'
         properties:
           apiVersion:
             description: |-
@@ -12982,8 +12814,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: StackServiceAccountTokenSpec defines the desired state of
-              StackServiceAccountToken
+            description: StackServiceAccountSpec defines the desired state of StackServiceAccount
             properties:
               deletionPolicy:
                 default: Delete
@@ -13075,18 +12906,40 @@ spec:
                             type: string
                         type: object
                     type: object
+                  isDisabled:
+                    description: |-
+                      (Boolean) The disabled status for the service account. Defaults to false.
+                      The disabled status for the service account. Defaults to `false`.
+                    type: boolean
                   name:
-                    description: (String)
+                    description: |-
+                      (String) The name of the service account.
+                      The name of the service account.
                     type: string
-                  secondsToLive:
-                    description: (Number)
-                    type: number
-                  serviceAccountId:
+                  role:
+                    description: |-
+                      (String) The basic role of the service account in the organization.
+                      The basic role of the service account in the organization.
+                    type: string
+                  stackSlug:
                     description: (String)
                     type: string
-                  serviceAccountRef:
-                    description: Reference to a StackServiceAccount in cloud to populate
-                      serviceAccountId.
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  cloudStackRef:
+                    description: Reference to a Stack in cloud to populate stackSlug.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -13119,9 +12972,8 @@ spec:
                     required:
                     - name
                     type: object
-                  serviceAccountSelector:
-                    description: Selector for a StackServiceAccount in cloud to populate
-                      serviceAccountId.
+                  cloudStackSelector:
+                    description: Selector for a Stack in cloud to populate stackSlug.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -13160,189 +13012,28 @@ spec:
                             type: string
                         type: object
                     type: object
+                  isDisabled:
+                    description: |-
+                      (Boolean) The disabled status for the service account. Defaults to false.
+                      The disabled status for the service account. Defaults to `false`.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the service account.
+                      The name of the service account.
+                    type: string
+                  role:
+                    description: |-
+                      (String) The basic role of the service account in the organization.
+                      The basic role of the service account in the organization.
+                    type: string
                   stackSlug:
                     description: (String)
                     type: string
                 type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  cloudStackRef:
-                    description: Reference to a Stack in cloud to populate stackSlug.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  cloudStackSelector:
-                    description: Selector for a Stack in cloud to populate stackSlug.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  name:
-                    description: (String)
-                    type: string
-                  secondsToLive:
-                    description: (Number)
-                    type: number
-                  serviceAccountId:
-                    description: (String)
-                    type: string
-                  serviceAccountRef:
-                    description: Reference to a StackServiceAccount in cloud to populate
-                      serviceAccountId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  serviceAccountSelector:
-                    description: Selector for a StackServiceAccount in cloud to populate
-                      serviceAccountId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  stackSlug:
-                    description: (String)
-                    type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
+              managementPolicies:
+                default:
+                - '*'
                 description: |-
                   THIS IS A BETA FIELD. It is on by default but can be opted out
                   through a Crossplane feature flag.
@@ -13512,29 +13203,32 @@ spec:
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
                 || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.role is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.role)
+                || (has(self.initProvider) && has(self.initProvider.role))'
           status:
-            description: StackServiceAccountTokenStatus defines the observed state
-              of StackServiceAccountToken.
+            description: StackServiceAccountStatus defines the observed state of StackServiceAccount.
             properties:
               atProvider:
                 properties:
-                  expiration:
-                    description: (String)
-                    type: string
-                  hasExpired:
-                    description: (Boolean)
-                    type: boolean
                   id:
                     description: (String) The ID of this resource.
                     type: string
+                  isDisabled:
+                    description: |-
+                      (Boolean) The disabled status for the service account. Defaults to false.
+                      The disabled status for the service account. Defaults to `false`.
+                    type: boolean
                   name:
-                    description: (String)
+                    description: |-
+                      (String) The name of the service account.
+                      The name of the service account.
                     type: string
-                  secondsToLive:
-                    description: (Number)
-                    type: number
-                  serviceAccountId:
-                    description: (String)
+                  role:
+                    description: |-
+                      (String) The basic role of the service account in the organization.
+                      The basic role of the service account in the organization.
                     type: string
                   stackSlug:
                     description: (String)
@@ -13607,18 +13301,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: datasourcepermissions.enterprise.grafana.crossplane.io
+  name: stackserviceaccounttokens.cloud.grafana.crossplane.io
 spec:
-  group: enterprise.grafana.crossplane.io
+  group: cloud.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: DataSourcePermission
-    listKind: DataSourcePermissionList
-    plural: datasourcepermissions
-    singular: datasourcepermission
+    kind: StackServiceAccountToken
+    listKind: StackServiceAccountTokenList
+    plural: stackserviceaccounttokens
+    singular: stackserviceaccounttoken
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -13637,10 +13331,12 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: DataSourcePermission is the Schema for the DataSourcePermissions
-          API. Manages the entire set of permissions for a datasource. Permissions
-          that aren't specified when applying this resource will be removed. HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/datasource_permissions/
+        description: 'StackServiceAccountToken is the Schema for the StackServiceAccountTokens
+          API. Manages service account tokens of a Grafana Cloud stack using the Cloud
+          API This can be used to bootstrap a management service account token for
+          a new stack Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api
+          Required access policy scopes: stack-service-accounts:write'
         properties:
           apiVersion:
             description: |-
@@ -13660,7 +13356,8 @@ spec:
           metadata:
             type: object
           spec:
-            description: DataSourcePermissionSpec defines the desired state of DataSourcePermission
+            description: StackServiceAccountTokenSpec defines the desired state of
+              StackServiceAccountToken
             properties:
               deletionPolicy:
                 default: Delete
@@ -13678,8 +13375,8 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  dataSourceRef:
-                    description: Reference to a DataSource in oss to populate datasourceUid.
+                  cloudStackRef:
+                    description: Reference to a Stack in cloud to populate stackSlug.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -13712,8 +13409,8 @@ spec:
                     required:
                     - name
                     type: object
-                  dataSourceSelector:
-                    description: Selector for a DataSource in oss to populate datasourceUid.
+                  cloudStackSelector:
+                    description: Selector for a Stack in cloud to populate stackSlug.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -13752,18 +13449,18 @@ spec:
                             type: string
                         type: object
                     type: object
-                  datasourceUid:
-                    description: |-
-                      (String) UID of the datasource to apply permissions to.
-                      UID of the datasource to apply permissions to.
+                  name:
+                    description: (String)
                     type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                  secondsToLive:
+                    description: (Number)
+                    type: number
+                  serviceAccountId:
+                    description: (String)
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                  serviceAccountRef:
+                    description: Reference to a StackServiceAccount in cloud to populate
+                      serviceAccountId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -13796,8 +13493,9 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  serviceAccountSelector:
+                    description: Selector for a StackServiceAccount in cloud to populate
+                      serviceAccountId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -13836,182 +13534,9 @@ spec:
                             type: string
                         type: object
                     type: object
-                  permissions:
-                    description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
-                    items:
-                      properties:
-                        builtInRole:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Options: Query, Edit or Admin (Admin can only be used with Grafana v10.3.0+).
-                            Permission to associate with item. Options: `Query`, `Edit` or `Admin` (`Admin` can only be used with Grafana v10.3.0+).
-                          type: string
-                        teamId:
-                          description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
-                          type: string
-                        teamRef:
-                          description: Reference to a Team in oss to populate teamId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        teamSelector:
-                          description: Selector for a Team in oss to populate teamId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                        userId:
-                          description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                        userRef:
-                          description: Reference to a User in oss to populate userId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        userSelector:
-                          description: Selector for a User in oss to populate userId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                      type: object
-                    type: array
+                  stackSlug:
+                    description: (String)
+                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -14026,8 +13551,8 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  dataSourceRef:
-                    description: Reference to a DataSource in oss to populate datasourceUid.
+                  cloudStackRef:
+                    description: Reference to a Stack in cloud to populate stackSlug.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -14060,8 +13585,8 @@ spec:
                     required:
                     - name
                     type: object
-                  dataSourceSelector:
-                    description: Selector for a DataSource in oss to populate datasourceUid.
+                  cloudStackSelector:
+                    description: Selector for a Stack in cloud to populate stackSlug.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -14100,18 +13625,18 @@ spec:
                             type: string
                         type: object
                     type: object
-                  datasourceUid:
-                    description: |-
-                      (String) UID of the datasource to apply permissions to.
-                      UID of the datasource to apply permissions to.
+                  name:
+                    description: (String)
                     type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                  secondsToLive:
+                    description: (Number)
+                    type: number
+                  serviceAccountId:
+                    description: (String)
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                  serviceAccountRef:
+                    description: Reference to a StackServiceAccount in cloud to populate
+                      serviceAccountId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -14144,8 +13669,9 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  serviceAccountSelector:
+                    description: Selector for a StackServiceAccount in cloud to populate
+                      serviceAccountId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -14184,182 +13710,9 @@ spec:
                             type: string
                         type: object
                     type: object
-                  permissions:
-                    description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
-                    items:
-                      properties:
-                        builtInRole:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Options: Query, Edit or Admin (Admin can only be used with Grafana v10.3.0+).
-                            Permission to associate with item. Options: `Query`, `Edit` or `Admin` (`Admin` can only be used with Grafana v10.3.0+).
-                          type: string
-                        teamId:
-                          description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
-                          type: string
-                        teamRef:
-                          description: Reference to a Team in oss to populate teamId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        teamSelector:
-                          description: Selector for a Team in oss to populate teamId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                        userId:
-                          description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                        userRef:
-                          description: Reference to a User in oss to populate userId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        userSelector:
-                          description: Selector for a User in oss to populate userId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                      type: object
-                    type: array
+                  stackSlug:
+                    description: (String)
+                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -14528,53 +13881,38 @@ spec:
             required:
             - forProvider
             type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
           status:
-            description: DataSourcePermissionStatus defines the observed state of
-              DataSourcePermission.
+            description: StackServiceAccountTokenStatus defines the observed state
+              of StackServiceAccountToken.
             properties:
               atProvider:
                 properties:
-                  datasourceUid:
-                    description: |-
-                      (String) UID of the datasource to apply permissions to.
-                      UID of the datasource to apply permissions to.
+                  expiration:
+                    description: (String)
                     type: string
+                  hasExpired:
+                    description: (Boolean)
+                    type: boolean
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                  name:
+                    description: (String)
+                    type: string
+                  secondsToLive:
+                    description: (Number)
+                    type: number
+                  serviceAccountId:
+                    description: (String)
+                    type: string
+                  stackSlug:
+                    description: (String)
                     type: string
-                  permissions:
-                    description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
-                    items:
-                      properties:
-                        builtInRole:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Options: Query, Edit or Admin (Admin can only be used with Grafana v10.3.0+).
-                            Permission to associate with item. Options: `Query`, `Edit` or `Admin` (`Admin` can only be used with Grafana v10.3.0+).
-                          type: string
-                        teamId:
-                          description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
-                          type: string
-                        userId:
-                          description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                      type: object
-                    type: array
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -14643,18 +13981,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: reports.enterprise.grafana.crossplane.io
+  name: awsaccounts.cloudprovider.grafana.crossplane.io
 spec:
-  group: enterprise.grafana.crossplane.io
+  group: cloudprovider.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: Report
-    listKind: ReportList
-    plural: reports
-    singular: report
+    kind: AwsAccount
+    listKind: AwsAccountList
+    plural: awsaccounts
+    singular: awsaccount
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -14673,9 +14011,7 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'Report is the Schema for the Reports API. Note: This resource
-          is available only with Grafana Enterprise 7.+. Official documentation https://grafana.com/docs/grafana/latest/dashboards/create-reports/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/reporting/'
+        description: AwsAccount is the Schema for the AwsAccounts API.
         properties:
           apiVersion:
             description: |-
@@ -14695,7 +14031,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: ReportSpec defines the desired state of Report
+            description: AwsAccountSpec defines the desired state of AwsAccount
             properties:
               deletionPolicy:
                 default: Delete
@@ -14713,85 +14049,137 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  dashboards:
-                    description: |-
-                      (Block List) List of dashboards to render into the report (see below for nested schema)
-                      List of dashboards to render into the report
-                    items:
-                      properties:
-                        reportVariables:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            (Map of String) Add report variables to the dashboard. Values should be separated by commas.
-                            Add report variables to the dashboard. Values should be separated by commas.
-                          type: object
-                          x-kubernetes-map-type: granular
-                        timeRange:
-                          description: |-
-                            (Block List, Max: 1) Time range of the report. (see below for nested schema)
-                            Time range of the report.
-                          items:
-                            properties:
-                              from:
-                                description: |-
-                                  (String) Start of the time range.
-                                  Start of the time range.
-                                type: string
-                              to:
-                                description: |-
-                                  (String) End of the time range.
-                                  End of the time range.
-                                type: string
-                            type: object
-                          type: array
-                        uid:
-                          description: |-
-                            (String) Dashboard uid.
-                            Dashboard uid.
-                          type: string
-                      type: object
-                    type: array
-                  formats:
+                  regions:
                     description: |-
-                      (Set of String) Specifies what kind of attachment to generate for the report. Allowed values: pdf, csv, image.
-                      Specifies what kind of attachment to generate for the report. Allowed values: `pdf`, `csv`, `image`.
+                      (Set of String) A set of regions that this AWS Account resource applies to.
+                      A set of regions that this AWS Account resource applies to.
                     items:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                  includeDashboardLink:
+                  roleArn:
                     description: |-
-                      (Boolean) Whether to include a link to the dashboard in the report. Defaults to true.
-                      Whether to include a link to the dashboard in the report. Defaults to `true`.
-                    type: boolean
-                  includeTableCsv:
+                      (String) An IAM Role ARN string to represent with this AWS Account resource.
+                      An IAM Role ARN string to represent with this AWS Account resource.
+                    type: string
+                  stackId:
                     description: |-
-                      (Boolean) Whether to include a CSV file of table panel data. Defaults to false.
-                      Whether to include a CSV file of table panel data. Defaults to `false`.
-                    type: boolean
-                  layout:
+                      (String) The StackID of the Grafana Cloud instance.
+                      The StackID of the Grafana Cloud instance.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  regions:
                     description: |-
-                      (String) Layout of the report. Allowed values: simple, grid. Defaults to grid.
-                      Layout of the report. Allowed values: `simple`, `grid`. Defaults to `grid`.
+                      (Set of String) A set of regions that this AWS Account resource applies to.
+                      A set of regions that this AWS Account resource applies to.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  roleArn:
+                    description: |-
+                      (String) An IAM Role ARN string to represent with this AWS Account resource.
+                      An IAM Role ARN string to represent with this AWS Account resource.
                     type: string
-                  message:
+                  stackId:
                     description: |-
-                      (String) Message to be sent in the report.
-                      Message to be sent in the report.
+                      (String) The StackID of the Grafana Cloud instance.
+                      The StackID of the Grafana Cloud instance.
                     type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
                   name:
-                    description: |-
-                      (String) Name of the report.
-                      Name of the report.
+                    description: Name of the referenced object.
                     type: string
-                  orgId:
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -14824,108 +14212,380 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                      annotations:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
                     type: object
-                  orientation:
-                    description: |-
-                      (String) Orientation of the report. Allowed values: landscape, portrait. Defaults to landscape.
-                      Orientation of the report. Allowed values: `landscape`, `portrait`. Defaults to `landscape`.
+                  name:
+                    description: Name is the name of the connection secret.
                     type: string
-                  recipients:
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.regions is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.regions)
+                || (has(self.initProvider) && has(self.initProvider.regions))'
+            - message: spec.forProvider.roleArn is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.roleArn)
+                || (has(self.initProvider) && has(self.initProvider.roleArn))'
+            - message: spec.forProvider.stackId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.stackId)
+                || (has(self.initProvider) && has(self.initProvider.stackId))'
+          status:
+            description: AwsAccountStatus defines the observed state of AwsAccount.
+            properties:
+              atProvider:
+                properties:
+                  id:
+                    description: This has the format "{{ stack_id }}:{{ resource_id
+                      }}".
+                    type: string
+                  regions:
                     description: |-
-                      (List of String) List of recipients of the report.
-                      List of recipients of the report.
+                      (Set of String) A set of regions that this AWS Account resource applies to.
+                      A set of regions that this AWS Account resource applies to.
                     items:
                       type: string
                     type: array
-                  replyTo:
+                    x-kubernetes-list-type: set
+                  resourceId:
                     description: |-
-                      to email address of the report.
-                      Reply-to email address of the report.
+                      (String) The ID given by the Grafana Cloud Provider API to this AWS Account resource.
+                      The ID given by the Grafana Cloud Provider API to this AWS Account resource.
                     type: string
-                  schedule:
+                  roleArn:
                     description: |-
-                      (Block List, Min: 1, Max: 1) Schedule of the report. (see below for nested schema)
-                      Schedule of the report.
-                    items:
-                      properties:
-                        customInterval:
-                          description: |-
-                            (String) Custom interval of the report.
-                            Note: This field is only available when frequency is set to custom.
-                            Custom interval of the report.
-                            **Note:** This field is only available when frequency is set to `custom`.
-                          type: string
-                        endTime:
-                          description: |-
-                            01-02T15:04:05 format if you want to set a custom timezone
-                            End time of the report. If empty, the report will be sent indefinitely (according to frequency). Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
-                          type: string
-                        frequency:
-                          description: |-
-                            (String) Frequency of the report. Allowed values: never, once, hourly, daily, weekly, monthly, custom.
-                            Frequency of the report. Allowed values: `never`, `once`, `hourly`, `daily`, `weekly`, `monthly`, `custom`.
-                          type: string
-                        lastDayOfMonth:
-                          description: |-
-                            (Boolean) Send the report on the last day of the month Defaults to false.
-                            Send the report on the last day of the month Defaults to `false`.
-                          type: boolean
-                        startTime:
-                          description: |-
-                            01-02T15:04:05 format if you want to set a custom timezone
-                            Start time of the report. If empty, the start date will be set to the creation time. Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
+                      (String) An IAM Role ARN string to represent with this AWS Account resource.
+                      An IAM Role ARN string to represent with this AWS Account resource.
+                    type: string
+                  stackId:
+                    description: |-
+                      (String) The StackID of the Grafana Cloud instance.
+                      The StackID of the Grafana Cloud instance.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: awscloudwatchscrapejobs.cloudprovider.grafana.crossplane.io
+spec:
+  group: cloudprovider.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: AwsCloudwatchScrapeJob
+    listKind: AwsCloudwatchScrapeJobList
+    plural: awscloudwatchscrapejobs
+    singular: awscloudwatchscrapejob
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AwsCloudwatchScrapeJob is the Schema for the AwsCloudwatchScrapeJobs
+          API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AwsCloudwatchScrapeJobSpec defines the desired state of AwsCloudwatchScrapeJob
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  awsAccountResourceId:
+                    description: |-
+                      (String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+                      The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+                    type: string
+                  customNamespace:
+                    description: |-
+                      (Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                      Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+                    items:
+                      properties:
+                        metric:
+                          description: |-
+                            (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the metric to scrape.
+                                type: string
+                              statistics:
+                                description: |-
+                                  (Set of String) A set of statistics to scrape.
+                                  A set of statistics to scrape.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                            type: object
+                          type: array
+                        name:
+                          description: |-
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the custom namespace to scrape.
                           type: string
-                        timezone:
+                        scrapeIntervalSeconds:
                           description: |-
-                            (String) Set the report time zone. Defaults to GMT.
-                            Set the report time zone. Defaults to `GMT`.
+                            (Number) The interval in seconds to scrape the custom namespace.
+                            The interval in seconds to scrape the custom namespace.
+                          type: number
+                      type: object
+                    type: array
+                  enabled:
+                    description: |-
+                      (Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+                      Whether the CloudWatch Scrape Job is enabled or not.
+                    type: boolean
+                  exportTags:
+                    description: |-
+                      (Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+                      When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the CloudWatch Scrape Job.
+                      The name of the CloudWatch Scrape Job.
+                    type: string
+                  regionsSubsetOverride:
+                    description: |-
+                      (Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                      A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  service:
+                    description: |-
+                      (Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                      One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+                    items:
+                      properties:
+                        metric:
+                          description: |-
+                            (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the metric to scrape.
+                                type: string
+                              statistics:
+                                description: |-
+                                  (Set of String) A set of statistics to scrape.
+                                  A set of statistics to scrape.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                            type: object
+                          type: array
+                        name:
+                          description: |-
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
                           type: string
-                        workdaysOnly:
+                        resourceDiscoveryTagFilter:
                           description: |-
-                            (Boolean) Whether to send the report only on work days. Defaults to false.
-                            Whether to send the report only on work days. Defaults to `false`.
-                          type: boolean
+                            (Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              key:
+                                description: |-
+                                  (String) The key of the tag filter.
+                                  The key of the tag filter.
+                                type: string
+                              value:
+                                description: |-
+                                  (String) The value of the tag filter.
+                                  The value of the tag filter.
+                                type: string
+                            type: object
+                          type: array
+                        scrapeIntervalSeconds:
+                          description: |-
+                            (Number) The interval in seconds to scrape the custom namespace.
+                            The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+                          type: number
+                        tagsToAddToMetrics:
+                          description: |-
+                            (Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                            A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
                       type: object
                     type: array
+                  stackId:
+                    description: |-
+                      (String) The Stack ID of the Grafana Cloud instance.
+                      The Stack ID of the Grafana Cloud instance.
+                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -14940,219 +14600,143 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  dashboards:
+                  awsAccountResourceId:
                     description: |-
-                      (Block List) List of dashboards to render into the report (see below for nested schema)
-                      List of dashboards to render into the report
+                      (String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+                      The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+                    type: string
+                  customNamespace:
+                    description: |-
+                      (Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                      Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
                     items:
                       properties:
-                        reportVariables:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            (Map of String) Add report variables to the dashboard. Values should be separated by commas.
-                            Add report variables to the dashboard. Values should be separated by commas.
-                          type: object
-                          x-kubernetes-map-type: granular
-                        timeRange:
+                        metric:
                           description: |-
-                            (Block List, Max: 1) Time range of the report. (see below for nested schema)
-                            Time range of the report.
+                            (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
                           items:
                             properties:
-                              from:
+                              name:
                                 description: |-
-                                  (String) Start of the time range.
-                                  Start of the time range.
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the metric to scrape.
                                 type: string
-                              to:
+                              statistics:
                                 description: |-
-                                  (String) End of the time range.
-                                  End of the time range.
-                                type: string
+                                  (Set of String) A set of statistics to scrape.
+                                  A set of statistics to scrape.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
                             type: object
                           type: array
-                        uid:
+                        name:
                           description: |-
-                            (String) Dashboard uid.
-                            Dashboard uid.
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the custom namespace to scrape.
                           type: string
+                        scrapeIntervalSeconds:
+                          description: |-
+                            (Number) The interval in seconds to scrape the custom namespace.
+                            The interval in seconds to scrape the custom namespace.
+                          type: number
                       type: object
                     type: array
-                  formats:
+                  enabled:
                     description: |-
-                      (Set of String) Specifies what kind of attachment to generate for the report. Allowed values: pdf, csv, image.
-                      Specifies what kind of attachment to generate for the report. Allowed values: `pdf`, `csv`, `image`.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  includeDashboardLink:
-                    description: |-
-                      (Boolean) Whether to include a link to the dashboard in the report. Defaults to true.
-                      Whether to include a link to the dashboard in the report. Defaults to `true`.
+                      (Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+                      Whether the CloudWatch Scrape Job is enabled or not.
                     type: boolean
-                  includeTableCsv:
+                  exportTags:
                     description: |-
-                      (Boolean) Whether to include a CSV file of table panel data. Defaults to false.
-                      Whether to include a CSV file of table panel data. Defaults to `false`.
+                      (Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+                      When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
                     type: boolean
-                  layout:
-                    description: |-
-                      (String) Layout of the report. Allowed values: simple, grid. Defaults to grid.
-                      Layout of the report. Allowed values: `simple`, `grid`. Defaults to `grid`.
-                    type: string
-                  message:
-                    description: |-
-                      (String) Message to be sent in the report.
-                      Message to be sent in the report.
-                    type: string
                   name:
                     description: |-
-                      (String) Name of the report.
-                      Name of the report.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  orientation:
-                    description: |-
-                      (String) Orientation of the report. Allowed values: landscape, portrait. Defaults to landscape.
-                      Orientation of the report. Allowed values: `landscape`, `portrait`. Defaults to `landscape`.
+                      (String) The name of the CloudWatch Scrape Job.
+                      The name of the CloudWatch Scrape Job.
                     type: string
-                  recipients:
+                  regionsSubsetOverride:
                     description: |-
-                      (List of String) List of recipients of the report.
-                      List of recipients of the report.
+                      (Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                      A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
                     items:
                       type: string
                     type: array
-                  replyTo:
-                    description: |-
-                      to email address of the report.
-                      Reply-to email address of the report.
-                    type: string
-                  schedule:
+                    x-kubernetes-list-type: set
+                  service:
                     description: |-
-                      (Block List, Min: 1, Max: 1) Schedule of the report. (see below for nested schema)
-                      Schedule of the report.
+                      (Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                      One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
                     items:
                       properties:
-                        customInterval:
-                          description: |-
-                            (String) Custom interval of the report.
-                            Note: This field is only available when frequency is set to custom.
-                            Custom interval of the report.
-                            **Note:** This field is only available when frequency is set to `custom`.
-                          type: string
-                        endTime:
+                        metric:
                           description: |-
-                            01-02T15:04:05 format if you want to set a custom timezone
-                            End time of the report. If empty, the report will be sent indefinitely (according to frequency). Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
-                          type: string
-                        frequency:
+                            (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the metric to scrape.
+                                type: string
+                              statistics:
+                                description: |-
+                                  (Set of String) A set of statistics to scrape.
+                                  A set of statistics to scrape.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                            type: object
+                          type: array
+                        name:
                           description: |-
-                            (String) Frequency of the report. Allowed values: never, once, hourly, daily, weekly, monthly, custom.
-                            Frequency of the report. Allowed values: `never`, `once`, `hourly`, `daily`, `weekly`, `monthly`, `custom`.
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
                           type: string
-                        lastDayOfMonth:
+                        resourceDiscoveryTagFilter:
                           description: |-
-                            (Boolean) Send the report on the last day of the month Defaults to false.
-                            Send the report on the last day of the month Defaults to `false`.
-                          type: boolean
-                        startTime:
-                          description: |-
-                            01-02T15:04:05 format if you want to set a custom timezone
-                            Start time of the report. If empty, the start date will be set to the creation time. Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
-                          type: string
-                        timezone:
+                            (Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              key:
+                                description: |-
+                                  (String) The key of the tag filter.
+                                  The key of the tag filter.
+                                type: string
+                              value:
+                                description: |-
+                                  (String) The value of the tag filter.
+                                  The value of the tag filter.
+                                type: string
+                            type: object
+                          type: array
+                        scrapeIntervalSeconds:
                           description: |-
-                            (String) Set the report time zone. Defaults to GMT.
-                            Set the report time zone. Defaults to `GMT`.
-                          type: string
-                        workdaysOnly:
+                            (Number) The interval in seconds to scrape the custom namespace.
+                            The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+                          type: number
+                        tagsToAddToMetrics:
                           description: |-
-                            (Boolean) Whether to send the report only on work days. Defaults to false.
-                            Whether to send the report only on work days. Defaults to `false`.
-                          type: boolean
+                            (Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                            A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
                       type: object
                     type: array
+                  stackId:
+                    description: |-
+                      (String) The Stack ID of the Grafana Cloud instance.
+                      The Stack ID of the Grafana Cloud instance.
+                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -15322,165 +14906,169 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
+            - message: spec.forProvider.awsAccountResourceId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.awsAccountResourceId)
+                || (has(self.initProvider) && has(self.initProvider.awsAccountResourceId))'
             - message: spec.forProvider.name is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
                 || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.recipients is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.recipients)
-                || (has(self.initProvider) && has(self.initProvider.recipients))'
-            - message: spec.forProvider.schedule is a required parameter
+            - message: spec.forProvider.stackId is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.schedule)
-                || (has(self.initProvider) && has(self.initProvider.schedule))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.stackId)
+                || (has(self.initProvider) && has(self.initProvider.stackId))'
           status:
-            description: ReportStatus defines the observed state of Report.
+            description: AwsCloudwatchScrapeJobStatus defines the observed state of
+              AwsCloudwatchScrapeJob.
             properties:
               atProvider:
                 properties:
-                  dashboards:
+                  awsAccountResourceId:
                     description: |-
-                      (Block List) List of dashboards to render into the report (see below for nested schema)
-                      List of dashboards to render into the report
+                      (String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+                      The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+                    type: string
+                  customNamespace:
+                    description: |-
+                      (Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                      Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
                     items:
                       properties:
-                        reportVariables:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            (Map of String) Add report variables to the dashboard. Values should be separated by commas.
-                            Add report variables to the dashboard. Values should be separated by commas.
-                          type: object
-                          x-kubernetes-map-type: granular
-                        timeRange:
+                        metric:
                           description: |-
-                            (Block List, Max: 1) Time range of the report. (see below for nested schema)
-                            Time range of the report.
+                            (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
                           items:
                             properties:
-                              from:
+                              name:
                                 description: |-
-                                  (String) Start of the time range.
-                                  Start of the time range.
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the metric to scrape.
                                 type: string
-                              to:
+                              statistics:
                                 description: |-
-                                  (String) End of the time range.
-                                  End of the time range.
-                                type: string
+                                  (Set of String) A set of statistics to scrape.
+                                  A set of statistics to scrape.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
                             type: object
                           type: array
-                        uid:
+                        name:
                           description: |-
-                            (String) Dashboard uid.
-                            Dashboard uid.
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the custom namespace to scrape.
                           type: string
+                        scrapeIntervalSeconds:
+                          description: |-
+                            (Number) The interval in seconds to scrape the custom namespace.
+                            The interval in seconds to scrape the custom namespace.
+                          type: number
                       type: object
                     type: array
-                  formats:
+                  disabledReason:
                     description: |-
-                      (Set of String) Specifies what kind of attachment to generate for the report. Allowed values: pdf, csv, image.
-                      Specifies what kind of attachment to generate for the report. Allowed values: `pdf`, `csv`, `image`.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  id:
-                    description: (String) Generated identifier of the report.
+                      (String) When the CloudWatch Scrape Job is disabled, this will show the reason that it is in that state.
+                      When the CloudWatch Scrape Job is disabled, this will show the reason that it is in that state.
                     type: string
-                  includeDashboardLink:
+                  enabled:
                     description: |-
-                      (Boolean) Whether to include a link to the dashboard in the report. Defaults to true.
-                      Whether to include a link to the dashboard in the report. Defaults to `true`.
+                      (Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+                      Whether the CloudWatch Scrape Job is enabled or not.
                     type: boolean
-                  includeTableCsv:
+                  exportTags:
                     description: |-
-                      (Boolean) Whether to include a CSV file of table panel data. Defaults to false.
-                      Whether to include a CSV file of table panel data. Defaults to `false`.
+                      (Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+                      When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
                     type: boolean
-                  layout:
-                    description: |-
-                      (String) Layout of the report. Allowed values: simple, grid. Defaults to grid.
-                      Layout of the report. Allowed values: `simple`, `grid`. Defaults to `grid`.
-                    type: string
-                  message:
-                    description: |-
-                      (String) Message to be sent in the report.
-                      Message to be sent in the report.
+                  id:
+                    description: This has the format "{{ stack_id }}:{{ name }}".
                     type: string
                   name:
                     description: |-
-                      (String) Name of the report.
-                      Name of the report.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The name of the CloudWatch Scrape Job.
+                      The name of the CloudWatch Scrape Job.
                     type: string
-                  orientation:
+                  regionsSubsetOverride:
                     description: |-
-                      (String) Orientation of the report. Allowed values: landscape, portrait. Defaults to landscape.
-                      Orientation of the report. Allowed values: `landscape`, `portrait`. Defaults to `landscape`.
-                    type: string
-                  recipients:
-                    description: |-
-                      (List of String) List of recipients of the report.
-                      List of recipients of the report.
+                      (Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                      A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
                     items:
                       type: string
                     type: array
-                  replyTo:
-                    description: |-
-                      to email address of the report.
-                      Reply-to email address of the report.
-                    type: string
-                  schedule:
+                    x-kubernetes-list-type: set
+                  service:
                     description: |-
-                      (Block List, Min: 1, Max: 1) Schedule of the report. (see below for nested schema)
-                      Schedule of the report.
+                      (Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                      One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
                     items:
                       properties:
-                        customInterval:
+                        metric:
                           description: |-
-                            (String) Custom interval of the report.
-                            Note: This field is only available when frequency is set to custom.
-                            Custom interval of the report.
-                            **Note:** This field is only available when frequency is set to `custom`.
-                          type: string
-                        endTime:
-                          description: |-
-                            01-02T15:04:05 format if you want to set a custom timezone
-                            End time of the report. If empty, the report will be sent indefinitely (according to frequency). Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
-                          type: string
-                        frequency:
+                            (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the metric to scrape.
+                                type: string
+                              statistics:
+                                description: |-
+                                  (Set of String) A set of statistics to scrape.
+                                  A set of statistics to scrape.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                            type: object
+                          type: array
+                        name:
                           description: |-
-                            (String) Frequency of the report. Allowed values: never, once, hourly, daily, weekly, monthly, custom.
-                            Frequency of the report. Allowed values: `never`, `once`, `hourly`, `daily`, `weekly`, `monthly`, `custom`.
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
                           type: string
-                        lastDayOfMonth:
-                          description: |-
-                            (Boolean) Send the report on the last day of the month Defaults to false.
-                            Send the report on the last day of the month Defaults to `false`.
-                          type: boolean
-                        startTime:
+                        resourceDiscoveryTagFilter:
                           description: |-
-                            01-02T15:04:05 format if you want to set a custom timezone
-                            Start time of the report. If empty, the start date will be set to the creation time. Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
-                          type: string
-                        timezone:
+                            (Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              key:
+                                description: |-
+                                  (String) The key of the tag filter.
+                                  The key of the tag filter.
+                                type: string
+                              value:
+                                description: |-
+                                  (String) The value of the tag filter.
+                                  The value of the tag filter.
+                                type: string
+                            type: object
+                          type: array
+                        scrapeIntervalSeconds:
                           description: |-
-                            (String) Set the report time zone. Defaults to GMT.
-                            Set the report time zone. Defaults to `GMT`.
-                          type: string
-                        workdaysOnly:
+                            (Number) The interval in seconds to scrape the custom namespace.
+                            The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+                          type: number
+                        tagsToAddToMetrics:
                           description: |-
-                            (Boolean) Whether to send the report only on work days. Defaults to false.
-                            Whether to send the report only on work days. Defaults to `false`.
-                          type: boolean
+                            (Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                            A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
                       type: object
                     type: array
+                  stackId:
+                    description: |-
+                      (String) The Stack ID of the Grafana Cloud instance.
+                      The Stack ID of the Grafana Cloud instance.
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -15549,18 +15137,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: roleassignments.enterprise.grafana.crossplane.io
+  name: azurecredentials.cloudprovider.grafana.crossplane.io
 spec:
-  group: enterprise.grafana.crossplane.io
+  group: cloudprovider.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: RoleAssignment
-    listKind: RoleAssignmentList
-    plural: roleassignments
-    singular: roleassignment
+    kind: AzureCredential
+    listKind: AzureCredentialList
+    plural: azurecredentials
+    singular: azurecredential
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -15579,11 +15167,7 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'RoleAssignment is the Schema for the RoleAssignments API. Manages
-          the entire set of assignments for a role. Assignments that aren''t specified
-          when applying this resource will be removed. Note: This resource is available
-          only with Grafana Enterprise 9.2+. Official documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/access_control/'
+        description: AzureCredential is the Schema for the AzureCredentials API.
         properties:
           apiVersion:
             description: |-
@@ -15603,7 +15187,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: RoleAssignmentSpec defines the desired state of RoleAssignment
+            description: AzureCredentialSpec defines the desired state of AzureCredential
             properties:
               deletionPolicy:
                 default: Delete
@@ -15621,218 +15205,223 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  orgId:
+                  clientId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The client ID of the Azure Credential.
+                      The client ID of the Azure Credential.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                  clientSecretSecretRef:
+                    description: |-
+                      (String, Sensitive) The client secret of the Azure Credential.
+                      The client secret of the Azure Credential.
                     properties:
+                      key:
+                        description: The key to select.
+                        type: string
                       name:
-                        description: Name of the referenced object.
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
                     required:
+                    - key
                     - name
+                    - namespace
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
+                  name:
+                    description: |-
+                      (String) The name of the Azure Credential.
+                      The name of the Azure Credential.
+                    type: string
+                  resourceDiscoveryTagFilter:
+                    description: |-
+                      (Block List) The list of tag filters to apply to resources. (see below for nested schema)
+                      The list of tag filters to apply to resources.
+                    items:
+                      properties:
+                        key:
+                          description: |-
+                            (String) The key of the tag filter.
+                            The key of the tag filter.
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  roleRef:
-                    description: Reference to a Role in enterprise to populate roleUid.
+                        value:
+                          description: |-
+                            (String) The value of the tag filter.
+                            The value of the tag filter.
+                          type: string
+                      type: object
+                    type: array
+                  stackId:
+                    description: |-
+                      (String) The StackID of the Grafana Cloud instance.
+                      The StackID of the Grafana Cloud instance.
+                    type: string
+                  tenantId:
+                    description: |-
+                      (String) The tenant ID of the Azure Credential.
+                      The tenant ID of the Azure Credential.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  clientId:
+                    description: |-
+                      (String) The client ID of the Azure Credential.
+                      The client ID of the Azure Credential.
+                    type: string
+                  clientSecretSecretRef:
+                    description: |-
+                      (String, Sensitive) The client secret of the Azure Credential.
+                      The client secret of the Azure Credential.
                     properties:
+                      key:
+                        description: The key to select.
+                        type: string
                       name:
-                        description: Name of the referenced object.
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
                     required:
+                    - key
                     - name
+                    - namespace
                     type: object
-                  roleSelector:
-                    description: Selector for a Role in enterprise to populate roleUid.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  roleUid:
+                  name:
                     description: |-
-                      (String) Grafana RBAC role UID.
-                      Grafana RBAC role UID.
+                      (String) The name of the Azure Credential.
+                      The name of the Azure Credential.
                     type: string
-                  serviceAccountRefs:
-                    description: References to ServiceAccount in oss to populate serviceAccounts.
+                  resourceDiscoveryTagFilter:
+                    description: |-
+                      (Block List) The list of tag filters to apply to resources. (see below for nested schema)
+                      The list of tag filters to apply to resources.
                     items:
-                      description: A Reference to a named object.
                       properties:
-                        name:
-                          description: Name of the referenced object.
+                        key:
+                          description: |-
+                            (String) The key of the tag filter.
+                            The key of the tag filter.
+                          type: string
+                        value:
+                          description: |-
+                            (String) The value of the tag filter.
+                            The value of the tag filter.
                           type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
                       type: object
                     type: array
-                  serviceAccountSelector:
-                    description: Selector for a list of ServiceAccount in oss to populate
-                      serviceAccounts.
+                  stackId:
+                    description: |-
+                      (String) The StackID of the Grafana Cloud instance.
+                      The StackID of the Grafana Cloud instance.
+                    type: string
+                  tenantId:
+                    description: |-
+                      (String) The tenant ID of the Azure Credential.
+                      The tenant ID of the Azure Credential.
+                    type: string
+                required:
+                - clientSecretSecretRef
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
                     properties:
-                      matchControllerRef:
+                      resolution:
+                        default: Required
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
                       policy:
-                        description: Policies for selection.
+                        description: Policies for referencing.
                         properties:
                           resolution:
                             default: Required
@@ -15856,411 +15445,521 @@ spec:
                             - IfNotPresent
                             type: string
                         type: object
+                    required:
+                    - name
                     type: object
-                  serviceAccounts:
-                    description: |-
-                      (Set of String) IDs of service accounts that the role should be assigned to.
-                      IDs of service accounts that the role should be assigned to.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  teamRefs:
-                    description: References to Team in oss to populate teams.
-                    items:
-                      description: A Reference to a named object.
-                      properties:
-                        name:
-                          description: Name of the referenced object.
-                          type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  teamSelector:
-                    description: Selector for a list of Team in oss to populate teams.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
+                      annotations:
+                        additionalProperties:
+                          type: string
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
                     type: object
-                  teams:
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.clientId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.clientId)
+                || (has(self.initProvider) && has(self.initProvider.clientId))'
+            - message: spec.forProvider.clientSecretSecretRef is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.clientSecretSecretRef)'
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.stackId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.stackId)
+                || (has(self.initProvider) && has(self.initProvider.stackId))'
+            - message: spec.forProvider.tenantId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.tenantId)
+                || (has(self.initProvider) && has(self.initProvider.tenantId))'
+          status:
+            description: AzureCredentialStatus defines the observed state of AzureCredential.
+            properties:
+              atProvider:
+                properties:
+                  clientId:
                     description: |-
-                      (Set of String) IDs of teams that the role should be assigned to.
-                      IDs of teams that the role should be assigned to.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  userRefs:
-                    description: References to User in oss to populate users.
+                      (String) The client ID of the Azure Credential.
+                      The client ID of the Azure Credential.
+                    type: string
+                  id:
+                    description: This has the format "{{ stack_id }}:{{ resource_id
+                      }}".
+                    type: string
+                  name:
+                    description: |-
+                      (String) The name of the Azure Credential.
+                      The name of the Azure Credential.
+                    type: string
+                  resourceDiscoveryTagFilter:
+                    description: |-
+                      (Block List) The list of tag filters to apply to resources. (see below for nested schema)
+                      The list of tag filters to apply to resources.
                     items:
-                      description: A Reference to a named object.
                       properties:
-                        name:
-                          description: Name of the referenced object.
+                        key:
+                          description: |-
+                            (String) The key of the tag filter.
+                            The key of the tag filter.
+                          type: string
+                        value:
+                          description: |-
+                            (String) The value of the tag filter.
+                            The value of the tag filter.
                           type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
                       type: object
                     type: array
-                  userSelector:
-                    description: Selector for a list of User in oss to populate users.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  users:
+                  resourceId:
                     description: |-
-                      (Set of Number) IDs of users that the role should be assigned to.
-                      IDs of users that the role should be assigned to.
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  orgId:
+                      (String) The ID given by the Grafana Cloud Provider API to this AWS Account resource.
+                      The ID given by the Grafana Cloud Provider API to this AWS Account resource.
+                    type: string
+                  stackId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The StackID of the Grafana Cloud instance.
+                      The StackID of the Grafana Cloud instance.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  roleRef:
-                    description: Reference to a Role in enterprise to populate roleUid.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
+                  tenantId:
+                    description: |-
+                      (String) The tenant ID of the Azure Credential.
+                      The tenant ID of the Azure Credential.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: metricsendpointscrapejobs.connections.grafana.crossplane.io
+spec:
+  group: connections.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: MetricsEndpointScrapeJob
+    listKind: MetricsEndpointScrapeJobList
+    plural: metricsendpointscrapejobs
+    singular: metricsendpointscrapejob
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: MetricsEndpointScrapeJob is the Schema for the MetricsEndpointScrapeJobs
+          API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MetricsEndpointScrapeJobSpec defines the desired state of
+              MetricsEndpointScrapeJob
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  authenticationBasicPasswordSecretRef:
+                    description: |-
+                      (String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+                      Password for basic authentication, use if scrape job is using basic authentication method
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
                     required:
+                    - key
                     - name
+                    - namespace
                     type: object
-                  roleSelector:
-                    description: Selector for a Role in enterprise to populate roleUid.
+                  authenticationBasicUsername:
+                    description: |-
+                      (String) Username for basic authentication, use if scrape job is using basic authentication method
+                      Username for basic authentication, use if scrape job is using basic authentication method
+                    type: string
+                  authenticationBearerTokenSecretRef:
+                    description: |-
+                      (String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+                      Bearer token used for authentication, use if scrape job is using bearer authentication method
                     properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
                     type: object
-                  roleUid:
+                  authenticationMethod:
                     description: |-
-                      (String) Grafana RBAC role UID.
-                      Grafana RBAC role UID.
+                      (String) Method to pass authentication credentials: basic or bearer.
+                      Method to pass authentication credentials: basic or bearer.
                     type: string
-                  serviceAccountRefs:
-                    description: References to ServiceAccount in oss to populate serviceAccounts.
-                    items:
-                      description: A Reference to a named object.
-                      properties:
-                        name:
-                          description: Name of the referenced object.
-                          type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  serviceAccountSelector:
-                    description: Selector for a list of ServiceAccount in oss to populate
-                      serviceAccounts.
+                  enabled:
+                    description: |-
+                      (Boolean) Whether the metrics endpoint scrape job is enabled or not.
+                      Whether the metrics endpoint scrape job is enabled or not.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the metrics endpoint scrape job.
+                      The name of the metrics endpoint scrape job.
+                    type: string
+                  scrapeIntervalSeconds:
+                    description: |-
+                      (Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                      Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                    type: number
+                  stackId:
+                    description: |-
+                      (String) The Stack ID of the Grafana Cloud instance.
+                      The Stack ID of the Grafana Cloud instance.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The url to scrape metrics from; a valid HTTPs URL is required.
+                      The url to scrape metrics from; a valid HTTPs URL is required.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  authenticationBasicPasswordSecretRef:
+                    description: |-
+                      (String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+                      Password for basic authentication, use if scrape job is using basic authentication method
                     properties:
-                      matchControllerRef:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  authenticationBasicUsername:
+                    description: |-
+                      (String) Username for basic authentication, use if scrape job is using basic authentication method
+                      Username for basic authentication, use if scrape job is using basic authentication method
+                    type: string
+                  authenticationBearerTokenSecretRef:
+                    description: |-
+                      (String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+                      Bearer token used for authentication, use if scrape job is using bearer authentication method
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  authenticationMethod:
+                    description: |-
+                      (String) Method to pass authentication credentials: basic or bearer.
+                      Method to pass authentication credentials: basic or bearer.
+                    type: string
+                  enabled:
+                    description: |-
+                      (Boolean) Whether the metrics endpoint scrape job is enabled or not.
+                      Whether the metrics endpoint scrape job is enabled or not.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the metrics endpoint scrape job.
+                      The name of the metrics endpoint scrape job.
+                    type: string
+                  scrapeIntervalSeconds:
+                    description: |-
+                      (Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                      Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                    type: number
+                  stackId:
+                    description: |-
+                      (String) The Stack ID of the Grafana Cloud instance.
+                      The Stack ID of the Grafana Cloud instance.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The url to scrape metrics from; a valid HTTPs URL is required.
+                      The url to scrape metrics from; a valid HTTPs URL is required.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
                       policy:
-                        description: Policies for selection.
+                        description: Policies for referencing.
                         properties:
                           resolution:
                             default: Required
@@ -16284,316 +15983,27 @@ spec:
                             - IfNotPresent
                             type: string
                         type: object
+                    required:
+                    - name
                     type: object
-                  serviceAccounts:
-                    description: |-
-                      (Set of String) IDs of service accounts that the role should be assigned to.
-                      IDs of service accounts that the role should be assigned to.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  teamRefs:
-                    description: References to Team in oss to populate teams.
-                    items:
-                      description: A Reference to a named object.
-                      properties:
-                        name:
-                          description: Name of the referenced object.
-                          type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  teamSelector:
-                    description: Selector for a list of Team in oss to populate teams.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
+                      annotations:
+                        additionalProperties:
+                          type: string
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  teams:
-                    description: |-
-                      (Set of String) IDs of teams that the role should be assigned to.
-                      IDs of teams that the role should be assigned to.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  userRefs:
-                    description: References to User in oss to populate users.
-                    items:
-                      description: A Reference to a named object.
-                      properties:
-                        name:
-                          description: Name of the referenced object.
-                          type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
-                      type: object
-                    type: array
-                  userSelector:
-                    description: Selector for a list of User in oss to populate users.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  users:
-                    description: |-
-                      (Set of Number) IDs of users that the role should be assigned to.
-                      IDs of users that the role should be assigned to.
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
-                    type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
-                    description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
                       type:
                         description: |-
@@ -16631,48 +16041,67 @@ spec:
             required:
             - forProvider
             type: object
-          status:
-            description: RoleAssignmentStatus defines the observed state of RoleAssignment.
-            properties:
-              atProvider:
-                properties:
-                  id:
-                    description: (String) The ID of this resource.
-                    type: string
-                  orgId:
+            x-kubernetes-validations:
+            - message: spec.forProvider.authenticationMethod is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.authenticationMethod)
+                || (has(self.initProvider) && has(self.initProvider.authenticationMethod))'
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.stackId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.stackId)
+                || (has(self.initProvider) && has(self.initProvider.stackId))'
+            - message: spec.forProvider.url is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.url)
+                || (has(self.initProvider) && has(self.initProvider.url))'
+          status:
+            description: MetricsEndpointScrapeJobStatus defines the observed state
+              of MetricsEndpointScrapeJob.
+            properties:
+              atProvider:
+                properties:
+                  authenticationBasicUsername:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) Username for basic authentication, use if scrape job is using basic authentication method
+                      Username for basic authentication, use if scrape job is using basic authentication method
                     type: string
-                  roleUid:
+                  authenticationMethod:
                     description: |-
-                      (String) Grafana RBAC role UID.
-                      Grafana RBAC role UID.
+                      (String) Method to pass authentication credentials: basic or bearer.
+                      Method to pass authentication credentials: basic or bearer.
                     type: string
-                  serviceAccounts:
+                  enabled:
                     description: |-
-                      (Set of String) IDs of service accounts that the role should be assigned to.
-                      IDs of service accounts that the role should be assigned to.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  teams:
+                      (Boolean) Whether the metrics endpoint scrape job is enabled or not.
+                      Whether the metrics endpoint scrape job is enabled or not.
+                    type: boolean
+                  id:
+                    description: This has the format "{{ stack_id }}:{{ name }}".
+                    type: string
+                  name:
                     description: |-
-                      (Set of String) IDs of teams that the role should be assigned to.
-                      IDs of teams that the role should be assigned to.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  users:
+                      (String) The name of the metrics endpoint scrape job.
+                      The name of the metrics endpoint scrape job.
+                    type: string
+                  scrapeIntervalSeconds:
                     description: |-
-                      (Set of Number) IDs of users that the role should be assigned to.
-                      IDs of users that the role should be assigned to.
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
+                      (Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                      Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                    type: number
+                  stackId:
+                    description: |-
+                      (String) The Stack ID of the Grafana Cloud instance.
+                      The Stack ID of the Grafana Cloud instance.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The url to scrape metrics from; a valid HTTPs URL is required.
+                      The url to scrape metrics from; a valid HTTPs URL is required.
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -16741,7 +16170,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: roles.enterprise.grafana.crossplane.io
+  name: datasourceconfiglbacrules.enterprise.grafana.crossplane.io
 spec:
   group: enterprise.grafana.crossplane.io
   names:
@@ -16749,10 +16178,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: Role
-    listKind: RoleList
-    plural: roles
-    singular: role
+    kind: DataSourceConfigLbacRules
+    listKind: DataSourceConfigLbacRulesList
+    plural: datasourceconfiglbacrules
+    singular: datasourceconfiglbacrules
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -16771,9 +16200,8 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'Role is the Schema for the Roles API. Note: This resource is
-          available only with Grafana Enterprise 8.+. Official documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/access_control/'
+        description: DataSourceConfigLbacRules is the Schema for the DataSourceConfigLbacRuless
+          API. <no value>
         properties:
           apiVersion:
             description: |-
@@ -16793,7 +16221,8 @@ spec:
           metadata:
             type: object
           spec:
-            description: RoleSpec defines the desired state of Role
+            description: DataSourceConfigLbacRulesSpec defines the desired state of
+              DataSourceConfigLbacRules
             properties:
               deletionPolicy:
                 default: Delete
@@ -16811,48 +16240,115 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  autoIncrementVersion:
-                    description: |-
-                      (Boolean) Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or version should be set.
-                      Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or `version` should be set.
-                    type: boolean
-                  description:
-                    description: |-
-                      (String) Description of the role.
-                      Description of the role.
+                  datasourceUid:
+                    description: The UID of the datasource.
                     type: string
-                  displayName:
-                    description: |-
-                      (String) Display name of the role. Available with Grafana 8.5+.
-                      Display name of the role. Available with Grafana 8.5+.
+                  rules:
+                    description: JSON-encoded LBAC rules for the data source. Map
+                      of team UIDs to lists of rule strings.
                     type: string
-                  global:
-                    description: |-
-                      (Boolean) Boolean to state whether the role is available across all organizations or not. Defaults to false.
-                      Boolean to state whether the role is available across all organizations or not. Defaults to `false`.
-                    type: boolean
-                  group:
-                    description: |-
-                      (String) Group of the role. Available with Grafana 8.5+.
-                      Group of the role. Available with Grafana 8.5+.
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  datasourceUid:
+                    description: The UID of the datasource.
                     type: string
-                  hidden:
-                    description: |-
-                      (Boolean) Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to false.
-                      Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to `false`.
-                    type: boolean
+                  rules:
+                    description: JSON-encoded LBAC rules for the data source. Map
+                      of team UIDs to lists of rule strings.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
                   name:
-                    description: |-
-                      (String) Name of the role
-                      Name of the role
+                    description: Name of the referenced object.
                     type: string
-                  orgId:
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -16885,127 +16381,234 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                      annotations:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
                     type: object
-                  permissions:
-                    description: |-
-                      (Block Set) Specific set of actions granted by the role. (see below for nested schema)
-                      Specific set of actions granted by the role.
-                    items:
-                      properties:
-                        action:
-                          description: |-
-                            (String) Specific action users granted with the role will be allowed to perform (for example: users:read)
-                            Specific action users granted with the role will be allowed to perform (for example: `users:read`)
-                          type: string
-                        scope:
-                          description: |-
-                            (String) Scope to restrict the action to a set of resources (for example: users:* or roles:customrole1) Defaults to “.
-                            Scope to restrict the action to a set of resources (for example: `users:*` or `roles:customrole1`) Defaults to “.
-                          type: string
-                      type: object
-                    type: array
-                  uid:
-                    description: |-
-                      (String) Unique identifier of the role. Used for assignments.
-                      Unique identifier of the role. Used for assignments.
+                  name:
+                    description: Name is the name of the connection secret.
                     type: string
-                  version:
-                    description: |-
-                      (Number) Version of the role. A role is updated only on version increase. This field or auto_increment_version should be set.
-                      Version of the role. A role is updated only on version increase. This field or `auto_increment_version` should be set.
-                    type: number
+                required:
+                - name
                 type: object
-              initProvider:
+              writeConnectionSecretToRef:
                 description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
                 properties:
-                  autoIncrementVersion:
-                    description: |-
-                      (Boolean) Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or version should be set.
-                      Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or `version` should be set.
-                    type: boolean
-                  description:
-                    description: |-
-                      (String) Description of the role.
-                      Description of the role.
+                  name:
+                    description: Name of the secret.
                     type: string
-                  displayName:
-                    description: |-
-                      (String) Display name of the role. Available with Grafana 8.5+.
-                      Display name of the role. Available with Grafana 8.5+.
+                  namespace:
+                    description: Namespace of the secret.
                     type: string
-                  global:
-                    description: |-
-                      (Boolean) Boolean to state whether the role is available across all organizations or not. Defaults to false.
-                      Boolean to state whether the role is available across all organizations or not. Defaults to `false`.
-                    type: boolean
-                  group:
-                    description: |-
-                      (String) Group of the role. Available with Grafana 8.5+.
-                      Group of the role. Available with Grafana 8.5+.
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.datasourceUid is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.datasourceUid)
+                || (has(self.initProvider) && has(self.initProvider.datasourceUid))'
+            - message: spec.forProvider.rules is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.rules)
+                || (has(self.initProvider) && has(self.initProvider.rules))'
+          status:
+            description: DataSourceConfigLbacRulesStatus defines the observed state
+              of DataSourceConfigLbacRules.
+            properties:
+              atProvider:
+                properties:
+                  datasourceUid:
+                    description: The UID of the datasource.
                     type: string
-                  hidden:
-                    description: |-
-                      (Boolean) Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to false.
-                      Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to `false`.
-                    type: boolean
-                  name:
+                  id:
+                    type: string
+                  rules:
+                    description: JSON-encoded LBAC rules for the data source. Map
+                      of team UIDs to lists of rule strings.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: datasourcepermissionitems.enterprise.grafana.crossplane.io
+spec:
+  group: enterprise.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: DataSourcePermissionItem
+    listKind: DataSourcePermissionItemList
+    plural: datasourcepermissionitems
+    singular: datasourcepermissionitem
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DataSourcePermissionItem is the Schema for the DataSourcePermissionItems
+          API. Manages a single permission item for a datasource. Conflicts with the
+          "grafana_data_source_permission" resource which manages the entire set of
+          permissions for a datasource.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DataSourcePermissionItemSpec defines the desired state of
+              DataSourcePermissionItem
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  datasourceUid:
                     description: |-
-                      (String) Name of the role
-                      Name of the role
+                      (String) The UID of the datasource.
+                      The UID of the datasource.
                     type: string
                   orgId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
                     type: string
                   organizationRef:
                     description: Reference to a Organization in oss to populate orgId.
@@ -17081,34 +16684,144 @@ spec:
                             type: string
                         type: object
                     type: object
-                  permissions:
+                  permission:
                     description: |-
-                      (Block Set) Specific set of actions granted by the role. (see below for nested schema)
-                      Specific set of actions granted by the role.
-                    items:
-                      properties:
-                        action:
-                          description: |-
-                            (String) Specific action users granted with the role will be allowed to perform (for example: users:read)
-                            Specific action users granted with the role will be allowed to perform (for example: `users:read`)
-                          type: string
-                        scope:
-                          description: |-
-                            (String) Scope to restrict the action to a set of resources (for example: users:* or roles:customrole1) Defaults to “.
-                            Scope to restrict the action to a set of resources (for example: `users:*` or `roles:customrole1`) Defaults to “.
-                          type: string
-                      type: object
-                    type: array
-                  uid:
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
                     description: |-
-                      (String) Unique identifier of the role. Used for assignments.
-                      Unique identifier of the role. Used for assignments.
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
                     type: string
-                  version:
+                  team:
                     description: |-
-                      (Number) Version of the role. A role is updated only on version increase. This field or auto_increment_version should be set.
-                      Version of the role. A role is updated only on version increase. This field or `auto_increment_version` should be set.
-                    type: number
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  datasourceUid:
+                    description: |-
+                      (String) The UID of the datasource.
+                      The UID of the datasource.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -17278,86 +16991,53 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.name is a required parameter
+            - message: spec.forProvider.datasourceUid is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.datasourceUid)
+                || (has(self.initProvider) && has(self.initProvider.datasourceUid))'
+            - message: spec.forProvider.permission is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.permission)
+                || (has(self.initProvider) && has(self.initProvider.permission))'
           status:
-            description: RoleStatus defines the observed state of Role.
+            description: DataSourcePermissionItemStatus defines the observed state
+              of DataSourcePermissionItem.
             properties:
               atProvider:
                 properties:
-                  autoIncrementVersion:
-                    description: |-
-                      (Boolean) Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or version should be set.
-                      Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or `version` should be set.
-                    type: boolean
-                  description:
-                    description: |-
-                      (String) Description of the role.
-                      Description of the role.
-                    type: string
-                  displayName:
-                    description: |-
-                      (String) Display name of the role. Available with Grafana 8.5+.
-                      Display name of the role. Available with Grafana 8.5+.
-                    type: string
-                  global:
-                    description: |-
-                      (Boolean) Boolean to state whether the role is available across all organizations or not. Defaults to false.
-                      Boolean to state whether the role is available across all organizations or not. Defaults to `false`.
-                    type: boolean
-                  group:
+                  datasourceUid:
                     description: |-
-                      (String) Group of the role. Available with Grafana 8.5+.
-                      Group of the role. Available with Grafana 8.5+.
+                      (String) The UID of the datasource.
+                      The UID of the datasource.
                     type: string
-                  hidden:
-                    description: |-
-                      (Boolean) Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to false.
-                      Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to `false`.
-                    type: boolean
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  name:
+                  orgId:
                     description: |-
-                      (String) Name of the role
-                      Name of the role
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
                     type: string
-                  orgId:
+                  permission:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) the permission to be assigned
+                      the permission to be assigned
                     type: string
-                  permissions:
+                  role:
                     description: |-
-                      (Block Set) Specific set of actions granted by the role. (see below for nested schema)
-                      Specific set of actions granted by the role.
-                    items:
-                      properties:
-                        action:
-                          description: |-
-                            (String) Specific action users granted with the role will be allowed to perform (for example: users:read)
-                            Specific action users granted with the role will be allowed to perform (for example: `users:read`)
-                          type: string
-                        scope:
-                          description: |-
-                            (String) Scope to restrict the action to a set of resources (for example: users:* or roles:customrole1) Defaults to “.
-                            Scope to restrict the action to a set of resources (for example: `users:*` or `roles:customrole1`) Defaults to “.
-                          type: string
-                      type: object
-                    type: array
-                  uid:
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
                     description: |-
-                      (String) Unique identifier of the role. Used for assignments.
-                      Unique identifier of the role. Used for assignments.
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
                     type: string
-                  version:
+                  user:
                     description: |-
-                      (Number) Version of the role. A role is updated only on version increase. This field or auto_increment_version should be set.
-                      Version of the role. A role is updated only on version increase. This field or `auto_increment_version` should be set.
-                    type: number
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -17426,7 +17106,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: teamexternalgroups.enterprise.grafana.crossplane.io
+  name: datasourcepermissions.enterprise.grafana.crossplane.io
 spec:
   group: enterprise.grafana.crossplane.io
   names:
@@ -17434,10 +17114,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: TeamExternalGroup
-    listKind: TeamExternalGroupList
-    plural: teamexternalgroups
-    singular: teamexternalgroup
+    kind: DataSourcePermission
+    listKind: DataSourcePermissionList
+    plural: datasourcepermissions
+    singular: datasourcepermission
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -17456,9 +17136,10 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: TeamExternalGroup is the Schema for the TeamExternalGroups API.
-          Equivalent to the the team_sync attribute of the grafana_team resource.
-          Use one or the other to configure a team's external groups syncing config.
+        description: DataSourcePermission is the Schema for the DataSourcePermissions
+          API. Manages the entire set of permissions for a datasource. Permissions
+          that aren't specified when applying this resource will be removed. HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/datasource_permissions/
         properties:
           apiVersion:
             description: |-
@@ -17478,7 +17159,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: TeamExternalGroupSpec defines the desired state of TeamExternalGroup
+            description: DataSourcePermissionSpec defines the desired state of DataSourcePermission
             properties:
               deletionPolicy:
                 default: Delete
@@ -17496,21 +17177,8 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  groups:
-                    description: |-
-                      (Set of String) The team external groups list
-                      The team external groups list
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  teamId:
-                    description: |-
-                      (String) The Team ID
-                      The Team ID
-                    type: string
-                  teamRef:
-                    description: Reference to a Team in oss to populate teamId.
+                  dataSourceRef:
+                    description: Reference to a DataSource in oss to populate datasourceUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -17543,8 +17211,8 @@ spec:
                     required:
                     - name
                     type: object
-                  teamSelector:
-                    description: Selector for a Team in oss to populate teamId.
+                  dataSourceSelector:
+                    description: Selector for a DataSource in oss to populate datasourceUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -17583,35 +17251,18 @@ spec:
                             type: string
                         type: object
                     type: object
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  groups:
+                  datasourceUid:
                     description: |-
-                      (Set of String) The team external groups list
-                      The team external groups list
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  teamId:
+                      (String) UID of the datasource to apply permissions to.
+                      UID of the datasource to apply permissions to.
+                    type: string
+                  orgId:
                     description: |-
-                      (String) The Team ID
-                      The Team ID
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  teamRef:
-                    description: Reference to a Team in oss to populate teamId.
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -17644,8 +17295,8 @@ spec:
                     required:
                     - name
                     type: object
-                  teamSelector:
-                    description: Selector for a Team in oss to populate teamId.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -17684,90 +17335,201 @@ spec:
                             type: string
                         type: object
                     type: object
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        builtInRole:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Options: Query, Edit or Admin (Admin can only be used with Grafana v10.3.0+).
+                            Permission to associate with item. Options: `Query`, `Edit` or `Admin` (`Admin` can only be used with Grafana v10.3.0+).
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        teamRef:
+                          description: Reference to a Team in oss to populate teamId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        teamSelector:
+                          description: Selector for a Team in oss to populate teamId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                        userRef:
+                          description: Reference to a User in oss to populate userId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        userSelector:
+                          description: Selector for a User in oss to populate userId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              initProvider:
                 description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
                 properties:
-                  name:
-                    description: Name of the referenced object.
-                    type: string
-                  policy:
-                    description: Policies for referencing.
+                  dataSourceRef:
+                    description: Reference to a DataSource in oss to populate datasourceUid.
                     properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
-                    description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
+                      name:
+                        description: Name of the referenced object.
                         type: string
                       policy:
                         description: Policies for referencing.
@@ -17797,490 +17559,622 @@ spec:
                     required:
                     - name
                     type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
+                  dataSourceSelector:
+                    description: Selector for a DataSource in oss to populate datasourceUid.
                     properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
+                      matchControllerRef:
                         description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
                         additionalProperties:
                           type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
                         type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
                     type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
-                description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
-                properties:
-                  name:
-                    description: Name of the secret.
-                    type: string
-                  namespace:
-                    description: Namespace of the secret.
-                    type: string
-                required:
-                - name
-                - namespace
-                type: object
-            required:
-            - forProvider
-            type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.groups is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.groups)
-                || (has(self.initProvider) && has(self.initProvider.groups))'
-          status:
-            description: TeamExternalGroupStatus defines the observed state of TeamExternalGroup.
-            properties:
-              atProvider:
-                properties:
-                  groups:
+                  datasourceUid:
                     description: |-
-                      (Set of String) The team external groups list
-                      The team external groups list
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  id:
-                    description: (String) The ID of this resource.
+                      (String) UID of the datasource to apply permissions to.
+                      UID of the datasource to apply permissions to.
                     type: string
-                  teamId:
+                  orgId:
                     description: |-
-                      (String) The Team ID
-                      The Team ID
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                type: object
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-              observedGeneration:
-                description: |-
-                  ObservedGeneration is the latest metadata.generation
-                  which resulted in either a ready state, or stalled due to error
-                  it can not recover from without human intervention.
-                format: int64
-                type: integer
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
-  name: providerconfigs.grafana.crossplane.io
-spec:
-  group: grafana.crossplane.io
-  names:
-    categories:
-    - crossplane
-    - provider
-    - grafana
-    kind: ProviderConfig
-    listKind: ProviderConfigList
-    plural: providerconfigs
-    singular: providerconfig
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    - jsonPath: .spec.credentials.secretRef.name
-      name: SECRET-NAME
-      priority: 1
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: A ProviderConfig configures a Grafana provider.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
-            properties:
-              cloudApiUrl:
-                description: Override the Grafana Cloud API URL from the credentials
-                  reference attribute.
-                type: string
-              credentials:
-                description: Credentials required to authenticate to this provider.
-                properties:
-                  env:
-                    description: |-
-                      Env is a reference to an environment variable that contains credentials
-                      that must be used to connect to the provider.
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
-                        description: Name is the name of an environment variable.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  fs:
-                    description: |-
-                      Fs is a reference to a filesystem location that contains credentials that
-                      must be used to connect to the provider.
-                    properties:
-                      path:
-                        description: Path is a filesystem path.
+                        description: Name of the referenced object.
                         type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
                     required:
-                    - path
+                    - name
                     type: object
-                  secretRef:
-                    description: |-
-                      A SecretRef is a reference to a secret key that contains the credentials
-                      that must be used to connect to the provider.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
-                      key:
-                        description: The key to select.
-                        type: string
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
-                        type: string
-                    required:
-                    - key
-                    - name
-                    - namespace
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
                     type: object
-                  source:
-                    description: Source of the provider credentials.
-                    enum:
-                    - None
-                    - Secret
-                    - InjectedIdentity
-                    - Environment
-                    - Filesystem
-                    type: string
-                required:
-                - source
-                type: object
-              oncallUrl:
-                description: Override the OnCall API URL from the credentials reference
-                  attribute.
-                type: string
-              smUrl:
-                description: Override the Synthetic Monitoring API URL from the credentials
-                  reference attribute.
-                type: string
-              url:
-                description: Override the Grafana URL from the credentials reference
-                  attribute.
-                type: string
-            required:
-            - credentials
-            type: object
-          status:
-            description: A ProviderConfigStatus reflects the observed state of a ProviderConfig.
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-              users:
-                description: Users of this provider configuration.
-                format: int64
-                type: integer
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
-  name: providerconfigusages.grafana.crossplane.io
-spec:
-  group: grafana.crossplane.io
-  names:
-    categories:
-    - crossplane
-    - provider
-    - grafana
-    kind: ProviderConfigUsage
-    listKind: ProviderConfigUsageList
-    plural: providerconfigusages
-    singular: providerconfigusage
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    - jsonPath: .providerConfigRef.name
-      name: CONFIG-NAME
-      type: string
-    - jsonPath: .resourceRef.kind
-      name: RESOURCE-KIND
-      type: string
-    - jsonPath: .resourceRef.name
-      name: RESOURCE-NAME
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: A ProviderConfigUsage indicates that a resource is using a ProviderConfig.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          providerConfigRef:
-            description: ProviderConfigReference to the provider config being used.
-            properties:
-              name:
-                description: Name of the referenced object.
-                type: string
-              policy:
-                description: Policies for referencing.
-                properties:
-                  resolution:
-                    default: Required
-                    description: |-
-                      Resolution specifies whether resolution of this reference is required.
-                      The default is 'Required', which means the reconcile will fail if the
-                      reference cannot be resolved. 'Optional' means this reference will be
-                      a no-op if it cannot be resolved.
-                    enum:
-                    - Required
-                    - Optional
-                    type: string
-                  resolve:
+                  permissions:
                     description: |-
-                      Resolve specifies when this reference should be resolved. The default
-                      is 'IfNotPresent', which will attempt to resolve the reference only when
-                      the corresponding field is not present. Use 'Always' to resolve the
-                      reference on every reconcile.
-                    enum:
-                    - Always
-                    - IfNotPresent
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        builtInRole:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Options: Query, Edit or Admin (Admin can only be used with Grafana v10.3.0+).
+                            Permission to associate with item. Options: `Query`, `Edit` or `Admin` (`Admin` can only be used with Grafana v10.3.0+).
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        teamRef:
+                          description: Reference to a Team in oss to populate teamId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        teamSelector:
+                          description: Selector for a Team in oss to populate teamId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                        userRef:
+                          description: Reference to a User in oss to populate userId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        userSelector:
+                          description: Selector for a User in oss to populate userId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
                     type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
                 type: object
             required:
-            - name
-            type: object
-          resourceRef:
-            description: ResourceReference to the managed resource using the provider
-              config.
-            properties:
-              apiVersion:
-                description: APIVersion of the referenced object.
-                type: string
-              kind:
-                description: Kind of the referenced object.
-                type: string
-              name:
-                description: Name of the referenced object.
-                type: string
-              uid:
-                description: UID of the referenced object.
-                type: string
-            required:
-            - apiVersion
-            - kind
-            - name
+            - forProvider
+            type: object
+          status:
+            description: DataSourcePermissionStatus defines the observed state of
+              DataSourcePermission.
+            properties:
+              atProvider:
+                properties:
+                  datasourceUid:
+                    description: |-
+                      (String) UID of the datasource to apply permissions to.
+                      UID of the datasource to apply permissions to.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        builtInRole:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Options: Query, Edit or Admin (Admin can only be used with Grafana v10.3.0+).
+                            Permission to associate with item. Options: `Query`, `Edit` or `Admin` (`Admin` can only be used with Grafana v10.3.0+).
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
             type: object
         required:
-        - providerConfigRef
-        - resourceRef
+        - spec
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: storeconfigs.grafana.crossplane.io
+  name: reports.enterprise.grafana.crossplane.io
 spec:
-  group: grafana.crossplane.io
+  group: enterprise.grafana.crossplane.io
   names:
     categories:
     - crossplane
-    - store
-    - gcp
-    kind: StoreConfig
-    listKind: StoreConfigList
-    plural: storeconfigs
-    singular: storeconfig
+    - managed
+    - grafana
+    kind: Report
+    listKind: ReportList
+    plural: reports
+    singular: report
   scope: Cluster
   versions:
   - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
     - jsonPath: .metadata.creationTimestamp
       name: AGE
       type: date
-    - jsonPath: .spec.type
-      name: TYPE
-      type: string
-    - jsonPath: .spec.defaultScope
-      name: DEFAULT-SCOPE
-      type: string
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: A StoreConfig configures how GCP controller should store connection
-          details.
+        description: 'Report is the Schema for the Reports API. Note: This resource
+          is available only with Grafana Enterprise 7.+. Official documentation https://grafana.com/docs/grafana/latest/dashboards/create-reports/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/reporting/'
         properties:
           apiVersion:
             description: |-
@@ -18300,234 +18194,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: A StoreConfigSpec defines the desired state of a ProviderConfig.
-            properties:
-              defaultScope:
-                description: |-
-                  DefaultScope used for scoping secrets for "cluster-scoped" resources.
-                  If store type is "Kubernetes", this would mean the default namespace to
-                  store connection secrets for cluster scoped resources.
-                  In case of "Vault", this would be used as the default parent path.
-                  Typically, should be set as Crossplane installation namespace.
-                type: string
-              kubernetes:
-                description: |-
-                  Kubernetes configures a Kubernetes secret store.
-                  If the "type" is "Kubernetes" but no config provided, in cluster config
-                  will be used.
-                properties:
-                  auth:
-                    description: Credentials used to connect to the Kubernetes API.
-                    properties:
-                      env:
-                        description: |-
-                          Env is a reference to an environment variable that contains credentials
-                          that must be used to connect to the provider.
-                        properties:
-                          name:
-                            description: Name is the name of an environment variable.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      fs:
-                        description: |-
-                          Fs is a reference to a filesystem location that contains credentials that
-                          must be used to connect to the provider.
-                        properties:
-                          path:
-                            description: Path is a filesystem path.
-                            type: string
-                        required:
-                        - path
-                        type: object
-                      secretRef:
-                        description: |-
-                          A SecretRef is a reference to a secret key that contains the credentials
-                          that must be used to connect to the provider.
-                        properties:
-                          key:
-                            description: The key to select.
-                            type: string
-                          name:
-                            description: Name of the secret.
-                            type: string
-                          namespace:
-                            description: Namespace of the secret.
-                            type: string
-                        required:
-                        - key
-                        - name
-                        - namespace
-                        type: object
-                      source:
-                        description: Source of the credentials.
-                        enum:
-                        - None
-                        - Secret
-                        - Environment
-                        - Filesystem
-                        type: string
-                    required:
-                    - source
-                    type: object
-                required:
-                - auth
-                type: object
-              plugin:
-                description: Plugin configures External secret store as a plugin.
-                properties:
-                  configRef:
-                    description: ConfigRef contains store config reference info.
-                    properties:
-                      apiVersion:
-                        description: APIVersion of the referenced config.
-                        type: string
-                      kind:
-                        description: Kind of the referenced config.
-                        type: string
-                      name:
-                        description: Name of the referenced config.
-                        type: string
-                    required:
-                    - apiVersion
-                    - kind
-                    - name
-                    type: object
-                  endpoint:
-                    description: Endpoint is the endpoint of the gRPC server.
-                    type: string
-                type: object
-              type:
-                default: Kubernetes
-                description: |-
-                  Type configures which secret store to be used. Only the configuration
-                  block for this store will be used and others will be ignored if provided.
-                  Default is Kubernetes.
-                enum:
-                - Kubernetes
-                - Vault
-                - Plugin
-                type: string
-            required:
-            - defaultScope
-            type: object
-          status:
-            description: A StoreConfigStatus represents the status of a StoreConfig.
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
-  name: holidays.ml.grafana.crossplane.io
-spec:
-  group: ml.grafana.crossplane.io
-  names:
-    categories:
-    - crossplane
-    - managed
-    - grafana
-    kind: Holiday
-    listKind: HolidayList
-    plural: holidays
-    singular: holiday
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Synced')].status
-      name: SYNCED
-      type: string
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: 'Holiday is the Schema for the Holidays API. A holiday describes
-          time periods where a time series is expected to behave differently to normal.
-          To use a holiday in a job, use its id in the holidays attribute of a grafana_machine_learning_job:'
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HolidaySpec defines the desired state of Holiday
+            description: ReportSpec defines the desired state of Report
             properties:
               deletionPolicy:
                 default: Delete
@@ -18545,155 +18212,85 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  customPeriods:
-                    description: A list of custom periods for the holiday.
+                  dashboards:
+                    description: |-
+                      (Block List) List of dashboards to render into the report (see below for nested schema)
+                      List of dashboards to render into the report
                     items:
                       properties:
-                        endTime:
-                          type: string
-                        name:
-                          description: The name of the custom period.
-                          type: string
-                        startTime:
-                          type: string
-                      type: object
-                    type: array
-                  description:
-                    description: A description of the holiday.
-                    type: string
-                  icalTimezone:
-                    description: The timezone to use for events in the iCal file pointed
-                      to by ical_url.
-                    type: string
-                  icalUrl:
-                    description: A URL to an iCal file containing all occurrences
-                      of the holiday.
-                    type: string
-                  name:
-                    description: The name of the holiday.
-                    type: string
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  customPeriods:
-                    description: A list of custom periods for the holiday.
-                    items:
-                      properties:
-                        endTime:
-                          type: string
-                        name:
-                          description: The name of the custom period.
-                          type: string
-                        startTime:
+                        reportVariables:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            (Map of String) Add report variables to the dashboard. Values should be separated by commas.
+                            Add report variables to the dashboard. Values should be separated by commas.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        timeRange:
+                          description: |-
+                            (Block List, Max: 1) Time range of the report. (see below for nested schema)
+                            Time range of the report.
+                          items:
+                            properties:
+                              from:
+                                description: |-
+                                  (String) Start of the time range.
+                                  Start of the time range.
+                                type: string
+                              to:
+                                description: |-
+                                  (String) End of the time range.
+                                  End of the time range.
+                                type: string
+                            type: object
+                          type: array
+                        uid:
+                          description: |-
+                            (String) Dashboard uid.
+                            Dashboard uid.
                           type: string
                       type: object
                     type: array
-                  description:
-                    description: A description of the holiday.
-                    type: string
-                  icalTimezone:
-                    description: The timezone to use for events in the iCal file pointed
-                      to by ical_url.
-                    type: string
-                  icalUrl:
-                    description: A URL to an iCal file containing all occurrences
-                      of the holiday.
+                  formats:
+                    description: |-
+                      (Set of String) Specifies what kind of attachment to generate for the report. Allowed values: pdf, csv, image.
+                      Specifies what kind of attachment to generate for the report. Allowed values: `pdf`, `csv`, `image`.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  includeDashboardLink:
+                    description: |-
+                      (Boolean) Whether to include a link to the dashboard in the report. Defaults to true.
+                      Whether to include a link to the dashboard in the report. Defaults to `true`.
+                    type: boolean
+                  includeTableCsv:
+                    description: |-
+                      (Boolean) Whether to include a CSV file of table panel data. Defaults to false.
+                      Whether to include a CSV file of table panel data. Defaults to `false`.
+                    type: boolean
+                  layout:
+                    description: |-
+                      (String) Layout of the report. Allowed values: simple, grid. Defaults to grid.
+                      Layout of the report. Allowed values: `simple`, `grid`. Defaults to `grid`.
                     type: string
-                  name:
-                    description: The name of the holiday.
+                  message:
+                    description: |-
+                      (String) Message to be sent in the report.
+                      Message to be sent in the report.
                     type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
                   name:
-                    description: Name of the referenced object.
+                    description: |-
+                      (String) Name of the report.
+                      Name of the report.
                     type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
+                  orgId:
                     description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -18726,390 +18323,416 @@ spec:
                     required:
                     - name
                     type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
+                      matchControllerRef:
                         description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
                         additionalProperties:
                           type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
                         type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
                     type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
-                description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
-                properties:
-                  name:
-                    description: Name of the secret.
+                  orientation:
+                    description: |-
+                      (String) Orientation of the report. Allowed values: landscape, portrait. Defaults to landscape.
+                      Orientation of the report. Allowed values: `landscape`, `portrait`. Defaults to `landscape`.
                     type: string
-                  namespace:
-                    description: Namespace of the secret.
+                  recipients:
+                    description: |-
+                      (List of String) List of recipients of the report.
+                      List of recipients of the report.
+                    items:
+                      type: string
+                    type: array
+                  replyTo:
+                    description: |-
+                      to email address of the report.
+                      Reply-to email address of the report.
                     type: string
-                required:
-                - name
-                - namespace
-                type: object
-            required:
-            - forProvider
-            type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-          status:
-            description: HolidayStatus defines the observed state of Holiday.
-            properties:
-              atProvider:
-                properties:
-                  customPeriods:
-                    description: A list of custom periods for the holiday.
+                  schedule:
+                    description: |-
+                      (Block List, Min: 1, Max: 1) Schedule of the report. (see below for nested schema)
+                      Schedule of the report.
                     items:
                       properties:
+                        customInterval:
+                          description: |-
+                            (String) Custom interval of the report.
+                            Note: This field is only available when frequency is set to custom.
+                            Custom interval of the report.
+                            **Note:** This field is only available when frequency is set to `custom`.
+                          type: string
                         endTime:
+                          description: |-
+                            01-02T15:04:05 format if you want to set a custom timezone
+                            End time of the report. If empty, the report will be sent indefinitely (according to frequency). Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
                           type: string
-                        name:
-                          description: The name of the custom period.
+                        frequency:
+                          description: |-
+                            (String) Frequency of the report. Allowed values: never, once, hourly, daily, weekly, monthly, custom.
+                            Frequency of the report. Allowed values: `never`, `once`, `hourly`, `daily`, `weekly`, `monthly`, `custom`.
                           type: string
+                        lastDayOfMonth:
+                          description: |-
+                            (Boolean) Send the report on the last day of the month Defaults to false.
+                            Send the report on the last day of the month Defaults to `false`.
+                          type: boolean
                         startTime:
+                          description: |-
+                            01-02T15:04:05 format if you want to set a custom timezone
+                            Start time of the report. If empty, the start date will be set to the creation time. Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
+                          type: string
+                        timezone:
+                          description: |-
+                            (String) Set the report time zone. Defaults to GMT.
+                            Set the report time zone. Defaults to `GMT`.
                           type: string
+                        workdaysOnly:
+                          description: |-
+                            (Boolean) Whether to send the report only on work days. Defaults to false.
+                            Whether to send the report only on work days. Defaults to `false`.
+                          type: boolean
                       type: object
                     type: array
-                  description:
-                    description: A description of the holiday.
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  dashboards:
+                    description: |-
+                      (Block List) List of dashboards to render into the report (see below for nested schema)
+                      List of dashboards to render into the report
+                    items:
+                      properties:
+                        reportVariables:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            (Map of String) Add report variables to the dashboard. Values should be separated by commas.
+                            Add report variables to the dashboard. Values should be separated by commas.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        timeRange:
+                          description: |-
+                            (Block List, Max: 1) Time range of the report. (see below for nested schema)
+                            Time range of the report.
+                          items:
+                            properties:
+                              from:
+                                description: |-
+                                  (String) Start of the time range.
+                                  Start of the time range.
+                                type: string
+                              to:
+                                description: |-
+                                  (String) End of the time range.
+                                  End of the time range.
+                                type: string
+                            type: object
+                          type: array
+                        uid:
+                          description: |-
+                            (String) Dashboard uid.
+                            Dashboard uid.
+                          type: string
+                      type: object
+                    type: array
+                  formats:
+                    description: |-
+                      (Set of String) Specifies what kind of attachment to generate for the report. Allowed values: pdf, csv, image.
+                      Specifies what kind of attachment to generate for the report. Allowed values: `pdf`, `csv`, `image`.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  includeDashboardLink:
+                    description: |-
+                      (Boolean) Whether to include a link to the dashboard in the report. Defaults to true.
+                      Whether to include a link to the dashboard in the report. Defaults to `true`.
+                    type: boolean
+                  includeTableCsv:
+                    description: |-
+                      (Boolean) Whether to include a CSV file of table panel data. Defaults to false.
+                      Whether to include a CSV file of table panel data. Defaults to `false`.
+                    type: boolean
+                  layout:
+                    description: |-
+                      (String) Layout of the report. Allowed values: simple, grid. Defaults to grid.
+                      Layout of the report. Allowed values: `simple`, `grid`. Defaults to `grid`.
                     type: string
-                  icalTimezone:
-                    description: The timezone to use for events in the iCal file pointed
-                      to by ical_url.
+                  message:
+                    description: |-
+                      (String) Message to be sent in the report.
+                      Message to be sent in the report.
                     type: string
-                  icalUrl:
-                    description: A URL to an iCal file containing all occurrences
-                      of the holiday.
+                  name:
+                    description: |-
+                      (String) Name of the report.
+                      Name of the report.
                     type: string
-                  id:
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  name:
-                    description: The name of the holiday.
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  orientation:
+                    description: |-
+                      (String) Orientation of the report. Allowed values: landscape, portrait. Defaults to landscape.
+                      Orientation of the report. Allowed values: `landscape`, `portrait`. Defaults to `landscape`.
                     type: string
-                type: object
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
+                  recipients:
+                    description: |-
+                      (List of String) List of recipients of the report.
+                      List of recipients of the report.
+                    items:
                       type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-              observedGeneration:
-                description: |-
-                  ObservedGeneration is the latest metadata.generation
-                  which resulted in either a ready state, or stalled due to error
-                  it can not recover from without human intervention.
-                format: int64
-                type: integer
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
-  name: jobs.ml.grafana.crossplane.io
-spec:
-  group: ml.grafana.crossplane.io
-  names:
-    categories:
-    - crossplane
-    - managed
-    - grafana
-    kind: Job
-    listKind: JobList
-    plural: jobs
-    singular: job
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Synced')].status
-      name: SYNCED
-      type: string
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Job is the Schema for the Jobs API. A job defines the queries
-          and model parameters for a machine learning task. See the Grafana Cloud
-          docs https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
-          for more information on available hyperparameters for use in the hyper_params
-          field.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: JobSpec defines the desired state of Job
-            properties:
-              deletionPolicy:
-                default: Delete
+                    type: array
+                  replyTo:
+                    description: |-
+                      to email address of the report.
+                      Reply-to email address of the report.
+                    type: string
+                  schedule:
+                    description: |-
+                      (Block List, Min: 1, Max: 1) Schedule of the report. (see below for nested schema)
+                      Schedule of the report.
+                    items:
+                      properties:
+                        customInterval:
+                          description: |-
+                            (String) Custom interval of the report.
+                            Note: This field is only available when frequency is set to custom.
+                            Custom interval of the report.
+                            **Note:** This field is only available when frequency is set to `custom`.
+                          type: string
+                        endTime:
+                          description: |-
+                            01-02T15:04:05 format if you want to set a custom timezone
+                            End time of the report. If empty, the report will be sent indefinitely (according to frequency). Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
+                          type: string
+                        frequency:
+                          description: |-
+                            (String) Frequency of the report. Allowed values: never, once, hourly, daily, weekly, monthly, custom.
+                            Frequency of the report. Allowed values: `never`, `once`, `hourly`, `daily`, `weekly`, `monthly`, `custom`.
+                          type: string
+                        lastDayOfMonth:
+                          description: |-
+                            (Boolean) Send the report on the last day of the month Defaults to false.
+                            Send the report on the last day of the month Defaults to `false`.
+                          type: boolean
+                        startTime:
+                          description: |-
+                            01-02T15:04:05 format if you want to set a custom timezone
+                            Start time of the report. If empty, the start date will be set to the creation time. Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
+                          type: string
+                        timezone:
+                          description: |-
+                            (String) Set the report time zone. Defaults to GMT.
+                            Set the report time zone. Defaults to `GMT`.
+                          type: string
+                        workdaysOnly:
+                          description: |-
+                            (Boolean) Whether to send the report only on work days. Defaults to false.
+                            Whether to send the report only on work days. Defaults to `false`.
+                          type: boolean
+                      type: object
+                    type: array
+                type: object
+              managementPolicies:
+                default:
+                - '*'
                 description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
                   See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
-                type: string
-              forProvider:
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
                 properties:
-                  customLabels:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the custom labels added on
-                      the forecast.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  dataSourceRef:
-                    description: Reference to a DataSource in oss to populate datasourceUid.
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
                     properties:
-                      name:
-                        description: Name of the referenced object.
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  dataSourceSelector:
-                    description: Selector for a DataSource in oss to populate datasourceUid.
-                    properties:
-                      matchControllerRef:
+                      resolve:
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  datasourceType:
-                    description: The type of datasource being queried. Currently allowed
-                      values are prometheus, graphite, loki, postgres, and datadog.
-                    type: string
-                  datasourceUid:
-                    description: The uid of the datasource to query.
-                    type: string
-                  description:
-                    description: A description of the job.
-                    type: string
-                  holidays:
-                    description: A list of holiday IDs or names to take into account
-                      when training the model.
-                    items:
-                      type: string
-                    type: array
-                  hyperParams:
-                    additionalProperties:
-                      type: string
-                    description: The hyperparameters used to fine tune the algorithm.
-                      See https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
-                      for the full list of available hyperparameters. Defaults to
-                      `map[]`.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  interval:
-                    description: The data interval in seconds to train the data on.
-                      Defaults to `300`.
-                    type: number
-                  metric:
-                    description: The metric used to query the job results.
-                    type: string
-                  name:
-                    description: The name of the job.
-                    type: string
-                  queryParams:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the query params to query
-                      Grafana with.
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
                     type: object
-                    x-kubernetes-map-type: granular
-                  trainingWindow:
-                    description: The data interval in seconds to train the data on.
-                      Defaults to `7776000`.
-                    type: number
+                required:
+                - name
                 type: object
-              initProvider:
+              publishConnectionDetailsTo:
                 description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
                 properties:
-                  customLabels:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the custom labels added on
-                      the forecast.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  dataSourceRef:
-                    description: Reference to a DataSource in oss to populate datasourceUid.
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -19142,237 +18765,38 @@ spec:
                     required:
                     - name
                     type: object
-                  dataSourceSelector:
-                    description: Selector for a DataSource in oss to populate datasourceUid.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                      annotations:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
                     type: object
-                  datasourceType:
-                    description: The type of datasource being queried. Currently allowed
-                      values are prometheus, graphite, loki, postgres, and datadog.
-                    type: string
-                  datasourceUid:
-                    description: The uid of the datasource to query.
-                    type: string
-                  description:
-                    description: A description of the job.
-                    type: string
-                  holidays:
-                    description: A list of holiday IDs or names to take into account
-                      when training the model.
-                    items:
-                      type: string
-                    type: array
-                  hyperParams:
-                    additionalProperties:
-                      type: string
-                    description: The hyperparameters used to fine tune the algorithm.
-                      See https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
-                      for the full list of available hyperparameters. Defaults to
-                      `map[]`.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  interval:
-                    description: The data interval in seconds to train the data on.
-                      Defaults to `300`.
-                    type: number
-                  metric:
-                    description: The metric used to query the job results.
-                    type: string
                   name:
-                    description: The name of the job.
+                    description: Name is the name of the connection secret.
                     type: string
-                  queryParams:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the query params to query
-                      Grafana with.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  trainingWindow:
-                    description: The data interval in seconds to train the data on.
-                      Defaults to `7776000`.
-                    type: number
+                required:
+                - name
                 type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
-                    type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
-                    description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
-                    type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
+              writeConnectionSecretToRef:
                 description: |-
                   WriteConnectionSecretToReference specifies the namespace and name of a
                   Secret to which any connection details for this managed resource should
@@ -19397,82 +18821,165 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.datasourceType is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.datasourceType)
-                || (has(self.initProvider) && has(self.initProvider.datasourceType))'
-            - message: spec.forProvider.metric is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.metric)
-                || (has(self.initProvider) && has(self.initProvider.metric))'
             - message: spec.forProvider.name is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
                 || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.queryParams is a required parameter
+            - message: spec.forProvider.recipients is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.queryParams)
-                || (has(self.initProvider) && has(self.initProvider.queryParams))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.recipients)
+                || (has(self.initProvider) && has(self.initProvider.recipients))'
+            - message: spec.forProvider.schedule is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.schedule)
+                || (has(self.initProvider) && has(self.initProvider.schedule))'
           status:
-            description: JobStatus defines the observed state of Job.
+            description: ReportStatus defines the observed state of Report.
             properties:
               atProvider:
                 properties:
-                  customLabels:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the custom labels added on
-                      the forecast.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  datasourceType:
-                    description: The type of datasource being queried. Currently allowed
-                      values are prometheus, graphite, loki, postgres, and datadog.
-                    type: string
-                  datasourceUid:
-                    description: The uid of the datasource to query.
-                    type: string
-                  description:
-                    description: A description of the job.
-                    type: string
-                  holidays:
-                    description: A list of holiday IDs or names to take into account
-                      when training the model.
+                  dashboards:
+                    description: |-
+                      (Block List) List of dashboards to render into the report (see below for nested schema)
+                      List of dashboards to render into the report
                     items:
-                      type: string
+                      properties:
+                        reportVariables:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            (Map of String) Add report variables to the dashboard. Values should be separated by commas.
+                            Add report variables to the dashboard. Values should be separated by commas.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        timeRange:
+                          description: |-
+                            (Block List, Max: 1) Time range of the report. (see below for nested schema)
+                            Time range of the report.
+                          items:
+                            properties:
+                              from:
+                                description: |-
+                                  (String) Start of the time range.
+                                  Start of the time range.
+                                type: string
+                              to:
+                                description: |-
+                                  (String) End of the time range.
+                                  End of the time range.
+                                type: string
+                            type: object
+                          type: array
+                        uid:
+                          description: |-
+                            (String) Dashboard uid.
+                            Dashboard uid.
+                          type: string
+                      type: object
                     type: array
-                  hyperParams:
-                    additionalProperties:
+                  formats:
+                    description: |-
+                      (Set of String) Specifies what kind of attachment to generate for the report. Allowed values: pdf, csv, image.
+                      Specifies what kind of attachment to generate for the report. Allowed values: `pdf`, `csv`, `image`.
+                    items:
                       type: string
-                    description: The hyperparameters used to fine tune the algorithm.
-                      See https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
-                      for the full list of available hyperparameters. Defaults to
-                      `map[]`.
-                    type: object
-                    x-kubernetes-map-type: granular
+                    type: array
+                    x-kubernetes-list-type: set
                   id:
+                    description: (String) Generated identifier of the report.
                     type: string
-                  interval:
-                    description: The data interval in seconds to train the data on.
-                      Defaults to `300`.
-                    type: number
-                  metric:
-                    description: The metric used to query the job results.
+                  includeDashboardLink:
+                    description: |-
+                      (Boolean) Whether to include a link to the dashboard in the report. Defaults to true.
+                      Whether to include a link to the dashboard in the report. Defaults to `true`.
+                    type: boolean
+                  includeTableCsv:
+                    description: |-
+                      (Boolean) Whether to include a CSV file of table panel data. Defaults to false.
+                      Whether to include a CSV file of table panel data. Defaults to `false`.
+                    type: boolean
+                  layout:
+                    description: |-
+                      (String) Layout of the report. Allowed values: simple, grid. Defaults to grid.
+                      Layout of the report. Allowed values: `simple`, `grid`. Defaults to `grid`.
+                    type: string
+                  message:
+                    description: |-
+                      (String) Message to be sent in the report.
+                      Message to be sent in the report.
                     type: string
                   name:
-                    description: The name of the job.
+                    description: |-
+                      (String) Name of the report.
+                      Name of the report.
                     type: string
-                  queryParams:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the query params to query
-                      Grafana with.
-                    type: object
-                    x-kubernetes-map-type: granular
-                  trainingWindow:
-                    description: The data interval in seconds to train the data on.
-                      Defaults to `7776000`.
-                    type: number
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  orientation:
+                    description: |-
+                      (String) Orientation of the report. Allowed values: landscape, portrait. Defaults to landscape.
+                      Orientation of the report. Allowed values: `landscape`, `portrait`. Defaults to `landscape`.
+                    type: string
+                  recipients:
+                    description: |-
+                      (List of String) List of recipients of the report.
+                      List of recipients of the report.
+                    items:
+                      type: string
+                    type: array
+                  replyTo:
+                    description: |-
+                      to email address of the report.
+                      Reply-to email address of the report.
+                    type: string
+                  schedule:
+                    description: |-
+                      (Block List, Min: 1, Max: 1) Schedule of the report. (see below for nested schema)
+                      Schedule of the report.
+                    items:
+                      properties:
+                        customInterval:
+                          description: |-
+                            (String) Custom interval of the report.
+                            Note: This field is only available when frequency is set to custom.
+                            Custom interval of the report.
+                            **Note:** This field is only available when frequency is set to `custom`.
+                          type: string
+                        endTime:
+                          description: |-
+                            01-02T15:04:05 format if you want to set a custom timezone
+                            End time of the report. If empty, the report will be sent indefinitely (according to frequency). Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
+                          type: string
+                        frequency:
+                          description: |-
+                            (String) Frequency of the report. Allowed values: never, once, hourly, daily, weekly, monthly, custom.
+                            Frequency of the report. Allowed values: `never`, `once`, `hourly`, `daily`, `weekly`, `monthly`, `custom`.
+                          type: string
+                        lastDayOfMonth:
+                          description: |-
+                            (Boolean) Send the report on the last day of the month Defaults to false.
+                            Send the report on the last day of the month Defaults to `false`.
+                          type: boolean
+                        startTime:
+                          description: |-
+                            01-02T15:04:05 format if you want to set a custom timezone
+                            Start time of the report. If empty, the start date will be set to the creation time. Note that times will be saved as UTC in Grafana. Use 2006-01-02T15:04:05 format if you want to set a custom timezone
+                          type: string
+                        timezone:
+                          description: |-
+                            (String) Set the report time zone. Defaults to GMT.
+                            Set the report time zone. Defaults to `GMT`.
+                          type: string
+                        workdaysOnly:
+                          description: |-
+                            (Boolean) Whether to send the report only on work days. Defaults to false.
+                            Whether to send the report only on work days. Defaults to `false`.
+                          type: boolean
+                      type: object
+                    type: array
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -19541,18 +19048,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: outlierdetectors.ml.grafana.crossplane.io
+  name: roleassignmentitems.enterprise.grafana.crossplane.io
 spec:
-  group: ml.grafana.crossplane.io
+  group: enterprise.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: OutlierDetector
-    listKind: OutlierDetectorList
-    plural: outlierdetectors
-    singular: outlierdetector
+    kind: RoleAssignmentItem
+    listKind: RoleAssignmentItemList
+    plural: roleassignmentitems
+    singular: roleassignmentitem
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -19571,11 +19078,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: OutlierDetector is the Schema for the OutlierDetectors API. An
-          outlier detector monitors the results of a query and reports when its values
-          are outside normal bands. The normal band is configured by choice of algorithm,
-          its sensitivity and other configuration. Visit https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
-          for more details.
+        description: RoleAssignmentItem is the Schema for the RoleAssignmentItems
+          API. Manages a single assignment for a role. Conflicts with the "grafana_role_assignment"
+          resource which manages the entire set of assignments for a role.
         properties:
           apiVersion:
             description: |-
@@ -19595,7 +19100,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: OutlierDetectorSpec defines the desired state of OutlierDetector
+            description: RoleAssignmentItemSpec defines the desired state of RoleAssignmentItem
             properties:
               deletionPolicy:
                 default: Delete
@@ -19613,34 +19118,13 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  algorithm:
-                    description: The algorithm to use and its configuration. See https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
-                      for details.
-                    items:
-                      properties:
-                        config:
-                          description: For DBSCAN only, specify the configuration
-                            map
-                          items:
-                            properties:
-                              epsilon:
-                                description: Specify the epsilon parameter (positive
-                                  float)
-                                type: number
-                            type: object
-                          type: array
-                        name:
-                          description: The name of the algorithm to use ('mad' or
-                            'dbscan').
-                          type: string
-                        sensitivity:
-                          description: Specify the sensitivity of the detector (in
-                            range [0,1]).
-                          type: number
-                      type: object
-                    type: array
-                  dataSourceRef:
-                    description: Reference to a DataSource in oss to populate datasourceUid.
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -19673,8 +19157,8 @@ spec:
                     required:
                     - name
                     type: object
-                  dataSourceSelector:
-                    description: Selector for a DataSource in oss to populate datasourceUid.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -19713,33 +19197,26 @@ spec:
                             type: string
                         type: object
                     type: object
-                  datasourceType:
-                    description: The type of datasource being queried. Currently allowed
-                      values are prometheus, graphite, loki, postgres, and datadog.
-                    type: string
-                  datasourceUid:
-                    description: The uid of the datasource to query.
+                  roleUid:
+                    description: |-
+                      (String) the role UID onto which to assign an actor
+                      the role UID onto which to assign an actor
                     type: string
-                  description:
-                    description: A description of the outlier detector.
+                  serviceAccountId:
+                    description: |-
+                      (String) the service account onto which the role is to be assigned
+                      the service account onto which the role is to be assigned
                     type: string
-                  interval:
-                    description: The data interval in seconds to monitor. Defaults
-                      to `300`.
-                    type: number
-                  metric:
-                    description: The metric used to query the outlier detector results.
+                  teamId:
+                    description: |-
+                      (String) the team onto which the role is to be assigned
+                      the team onto which the role is to be assigned
                     type: string
-                  name:
-                    description: The name of the outlier detector.
+                  userId:
+                    description: |-
+                      (String) the user onto which the role is to be assigned
+                      the user onto which the role is to be assigned
                     type: string
-                  queryParams:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the query params to query
-                      Grafana with.
-                    type: object
-                    x-kubernetes-map-type: granular
                 type: object
               initProvider:
                 description: |-
@@ -19754,34 +19231,13 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  algorithm:
-                    description: The algorithm to use and its configuration. See https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
-                      for details.
-                    items:
-                      properties:
-                        config:
-                          description: For DBSCAN only, specify the configuration
-                            map
-                          items:
-                            properties:
-                              epsilon:
-                                description: Specify the epsilon parameter (positive
-                                  float)
-                                type: number
-                            type: object
-                          type: array
-                        name:
-                          description: The name of the algorithm to use ('mad' or
-                            'dbscan').
-                          type: string
-                        sensitivity:
-                          description: Specify the sensitivity of the detector (in
-                            range [0,1]).
-                          type: number
-                      type: object
-                    type: array
-                  dataSourceRef:
-                    description: Reference to a DataSource in oss to populate datasourceUid.
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -19814,8 +19270,8 @@ spec:
                     required:
                     - name
                     type: object
-                  dataSourceSelector:
-                    description: Selector for a DataSource in oss to populate datasourceUid.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -19854,33 +19310,26 @@ spec:
                             type: string
                         type: object
                     type: object
-                  datasourceType:
-                    description: The type of datasource being queried. Currently allowed
-                      values are prometheus, graphite, loki, postgres, and datadog.
-                    type: string
-                  datasourceUid:
-                    description: The uid of the datasource to query.
+                  roleUid:
+                    description: |-
+                      (String) the role UID onto which to assign an actor
+                      the role UID onto which to assign an actor
                     type: string
-                  description:
-                    description: A description of the outlier detector.
+                  serviceAccountId:
+                    description: |-
+                      (String) the service account onto which the role is to be assigned
+                      the service account onto which the role is to be assigned
                     type: string
-                  interval:
-                    description: The data interval in seconds to monitor. Defaults
-                      to `300`.
-                    type: number
-                  metric:
-                    description: The metric used to query the outlier detector results.
+                  teamId:
+                    description: |-
+                      (String) the team onto which the role is to be assigned
+                      the team onto which the role is to be assigned
                     type: string
-                  name:
-                    description: The name of the outlier detector.
+                  userId:
+                    description: |-
+                      (String) the user onto which the role is to be assigned
+                      the user onto which the role is to be assigned
                     type: string
-                  queryParams:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the query params to query
-                      Grafana with.
-                    type: object
-                    x-kubernetes-map-type: granular
                 type: object
               managementPolicies:
                 default:
@@ -20050,86 +19499,43 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.algorithm is a required parameter
+            - message: spec.forProvider.roleUid is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.algorithm)
-                || (has(self.initProvider) && has(self.initProvider.algorithm))'
-            - message: spec.forProvider.datasourceType is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.datasourceType)
-                || (has(self.initProvider) && has(self.initProvider.datasourceType))'
-            - message: spec.forProvider.metric is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.metric)
-                || (has(self.initProvider) && has(self.initProvider.metric))'
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.queryParams is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.queryParams)
-                || (has(self.initProvider) && has(self.initProvider.queryParams))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.roleUid)
+                || (has(self.initProvider) && has(self.initProvider.roleUid))'
           status:
-            description: OutlierDetectorStatus defines the observed state of OutlierDetector.
+            description: RoleAssignmentItemStatus defines the observed state of RoleAssignmentItem.
             properties:
               atProvider:
                 properties:
-                  algorithm:
-                    description: The algorithm to use and its configuration. See https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
-                      for details.
-                    items:
-                      properties:
-                        config:
-                          description: For DBSCAN only, specify the configuration
-                            map
-                          items:
-                            properties:
-                              epsilon:
-                                description: Specify the epsilon parameter (positive
-                                  float)
-                                type: number
-                            type: object
-                          type: array
-                        name:
-                          description: The name of the algorithm to use ('mad' or
-                            'dbscan').
-                          type: string
-                        sensitivity:
-                          description: Specify the sensitivity of the detector (in
-                            range [0,1]).
-                          type: number
-                      type: object
-                    type: array
-                  datasourceType:
-                    description: The type of datasource being queried. Currently allowed
-                      values are prometheus, graphite, loki, postgres, and datadog.
+                  id:
+                    description: (String) The ID of this resource.
                     type: string
-                  datasourceUid:
-                    description: The uid of the datasource to query.
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
                     type: string
-                  description:
-                    description: A description of the outlier detector.
+                  roleUid:
+                    description: |-
+                      (String) the role UID onto which to assign an actor
+                      the role UID onto which to assign an actor
                     type: string
-                  id:
+                  serviceAccountId:
+                    description: |-
+                      (String) the service account onto which the role is to be assigned
+                      the service account onto which the role is to be assigned
                     type: string
-                  interval:
-                    description: The data interval in seconds to monitor. Defaults
-                      to `300`.
-                    type: number
-                  metric:
-                    description: The metric used to query the outlier detector results.
+                  teamId:
+                    description: |-
+                      (String) the team onto which the role is to be assigned
+                      the team onto which the role is to be assigned
                     type: string
-                  name:
-                    description: The name of the outlier detector.
+                  userId:
+                    description: |-
+                      (String) the user onto which the role is to be assigned
+                      the user onto which the role is to be assigned
                     type: string
-                  queryParams:
-                    additionalProperties:
-                      type: string
-                    description: An object representing the query params to query
-                      Grafana with.
-                    type: object
-                    x-kubernetes-map-type: granular
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -20198,18 +19604,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: escalationchains.oncall.grafana.crossplane.io
+  name: roleassignments.enterprise.grafana.crossplane.io
 spec:
-  group: oncall.grafana.crossplane.io
+  group: enterprise.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: EscalationChain
-    listKind: EscalationChainList
-    plural: escalationchains
-    singular: escalationchain
+    kind: RoleAssignment
+    listKind: RoleAssignmentList
+    plural: roleassignments
+    singular: roleassignment
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -20228,8 +19634,11 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: EscalationChain is the Schema for the EscalationChains API. HTTP
-          API https://grafana.com/docs/oncall/latest/oncall-api-reference/escalation_chains/
+        description: 'RoleAssignment is the Schema for the RoleAssignments API. Manages
+          the entire set of assignments for a role. Assignments that aren''t specified
+          when applying this resource will be removed. Note: This resource is available
+          only with Grafana Enterprise 9.2+. Official documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/access_control/'
         properties:
           apiVersion:
             description: |-
@@ -20249,7 +19658,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: EscalationChainSpec defines the desired state of EscalationChain
+            description: RoleAssignmentSpec defines the desired state of RoleAssignment
             properties:
               deletionPolicy:
                 default: Delete
@@ -20267,121 +19676,13 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  name:
-                    description: |-
-                      (String) The name of the escalation chain.
-                      The name of the escalation chain.
-                    type: string
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  name:
-                    description: |-
-                      (String) The name of the escalation chain.
-                      The name of the escalation chain.
-                    type: string
-                  teamId:
+                  orgId:
                     description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
-                    description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -20414,230 +19715,48 @@ spec:
                     required:
                     - name
                     type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
+                      matchControllerRef:
                         description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
                         additionalProperties:
                           type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
                         type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
                     type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
-                description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
-                properties:
-                  name:
-                    description: Name of the secret.
-                    type: string
-                  namespace:
-                    description: Namespace of the secret.
-                    type: string
-                required:
-                - name
-                - namespace
-                type: object
-            required:
-            - forProvider
-            type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-          status:
-            description: EscalationChainStatus defines the observed state of EscalationChain.
-            properties:
-              atProvider:
-                properties:
-                  id:
-                    description: (String) The ID of this resource.
-                    type: string
-                  name:
-                    description: |-
-                      (String) The name of the escalation chain.
-                      The name of the escalation chain.
-                    type: string
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                type: object
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-              observedGeneration:
-                description: |-
-                  ObservedGeneration is the latest metadata.generation
-                  which resulted in either a ready state, or stalled due to error
-                  it can not recover from without human intervention.
-                format: int64
-                type: integer
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
-  name: escalations.oncall.grafana.crossplane.io
-spec:
-  group: oncall.grafana.crossplane.io
-  names:
-    categories:
-    - crossplane
-    - managed
-    - grafana
-    kind: Escalation
-    listKind: EscalationList
-    plural: escalations
-    singular: escalation
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Synced')].status
-      name: SYNCED
-      type: string
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Escalation is the Schema for the Escalations API. Official documentation
-          https://grafana.com/docs/oncall/latest/configure/escalation-chains-and-routes/HTTP
-          API https://grafana.com/docs/oncall/latest/oncall-api-reference/escalation_policies/
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: EscalationSpec defines the desired state of Escalation
-            properties:
-              deletionPolicy:
-                default: Delete
-                description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
-                type: string
-              forProvider:
-                properties:
-                  actionToTrigger:
-                    description: |-
-                      (String) The ID of an Action for trigger_webhook type step.
-                      The ID of an Action for trigger_webhook type step.
-                    type: string
-                  actionToTriggerRef:
-                    description: Reference to a OutgoingWebhook in oncall to populate
-                      actionToTrigger.
+                  roleRef:
+                    description: Reference to a Role in enterprise to populate roleUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -20670,9 +19789,8 @@ spec:
                     required:
                     - name
                     type: object
-                  actionToTriggerSelector:
-                    description: Selector for a OutgoingWebhook in oncall to populate
-                      actionToTrigger.
+                  roleSelector:
+                    description: Selector for a Role in enterprise to populate roleUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -20711,65 +19829,62 @@ spec:
                             type: string
                         type: object
                     type: object
-                  duration:
-                    description: |-
-                      86400) seconds
-                      The duration of delay for wait type step. (60-86400) seconds
-                    type: number
-                  escalationChainId:
+                  roleUid:
                     description: |-
-                      (String) The ID of the escalation chain.
-                      The ID of the escalation chain.
+                      (String) Grafana RBAC role UID.
+                      Grafana RBAC role UID.
                     type: string
-                  escalationChainRef:
-                    description: Reference to a EscalationChain in oncall to populate
-                      escalationChainId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  escalationChainSelector:
-                    description: Selector for a EscalationChain in oncall to populate
-                      escalationChainId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
+                  serviceAccountRefs:
+                    description: References to ServiceAccount in oss to populate serviceAccounts.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  serviceAccountSelector:
+                    description: Selector for a list of ServiceAccount in oss to populate
+                      serviceAccounts.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
                         type: object
                       policy:
                         description: Policies for selection.
@@ -20797,39 +19912,67 @@ spec:
                             type: string
                         type: object
                     type: object
-                  groupToNotify:
-                    description: |-
-                      (String) The ID of a User Group for notify_user_group type step.
-                      The ID of a User Group for notify_user_group type step.
-                    type: string
-                  important:
-                    description: |-
-                      (Boolean) Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
-                      Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
-                    type: boolean
-                  notifyIfTimeFrom:
-                    description: |-
-                      (String) The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
-                      The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
-                    type: string
-                  notifyIfTimeTo:
-                    description: |-
-                      (String) The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
-                      The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
-                    type: string
-                  notifyOnCallFromSchedule:
+                  serviceAccounts:
                     description: |-
-                      (String) ID of a Schedule for notify_on_call_from_schedule type step.
-                      ID of a Schedule for notify_on_call_from_schedule type step.
-                    type: string
-                  notifyOnCallFromScheduleRef:
-                    description: Reference to a Schedule in oncall to populate notifyOnCallFromSchedule.
+                      (Set of String) IDs of service accounts that the role should be assigned to.
+                      IDs of service accounts that the role should be assigned to.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  teamRefs:
+                    description: References to Team in oss to populate teams.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  teamSelector:
+                    description: Selector for a list of Team in oss to populate teams.
                     properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
                       policy:
-                        description: Policies for referencing.
+                        description: Policies for selection.
                         properties:
                           resolution:
                             default: Required
@@ -20853,11 +19996,54 @@ spec:
                             - IfNotPresent
                             type: string
                         type: object
-                    required:
-                    - name
                     type: object
-                  notifyOnCallFromScheduleSelector:
-                    description: Selector for a Schedule in oncall to populate notifyOnCallFromSchedule.
+                  teams:
+                    description: |-
+                      (Set of String) IDs of teams that the role should be assigned to.
+                      IDs of teams that the role should be assigned to.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  userRefs:
+                    description: References to User in oss to populate users.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  userSelector:
+                    description: Selector for a list of User in oss to populate users.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -20896,42 +20082,14 @@ spec:
                             type: string
                         type: object
                     type: object
-                  notifyToTeamMembers:
-                    description: |-
-                      (String) The ID of a Team for a notify_team_members type step.
-                      The ID of a Team for a notify_team_members type step.
-                    type: string
-                  personsToNotify:
-                    description: |-
-                      (Set of String) The list of ID's of users for notify_persons type step.
-                      The list of ID's of users for notify_persons type step.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  personsToNotifyNextEachTime:
+                  users:
                     description: |-
-                      (Set of String) The list of ID's of users for notify_person_next_each_time type step.
-                      The list of ID's of users for notify_person_next_each_time type step.
+                      (Set of Number) IDs of users that the role should be assigned to.
+                      IDs of users that the role should be assigned to.
                     items:
-                      type: string
+                      type: number
                     type: array
                     x-kubernetes-list-type: set
-                  position:
-                    description: |-
-                      (Number) The position of the escalation step (starts from 0).
-                      The position of the escalation step (starts from 0).
-                    type: number
-                  severity:
-                    description: |-
-                      (String) The severity of the incident for declare_incident type step.
-                      The severity of the incident for declare_incident type step.
-                    type: string
-                  type:
-                    description: |-
-                      (String) The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
-                      The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
-                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -20946,14 +20104,13 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  actionToTrigger:
+                  orgId:
                     description: |-
-                      (String) The ID of an Action for trigger_webhook type step.
-                      The ID of an Action for trigger_webhook type step.
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  actionToTriggerRef:
-                    description: Reference to a OutgoingWebhook in oncall to populate
-                      actionToTrigger.
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -20986,9 +20143,8 @@ spec:
                     required:
                     - name
                     type: object
-                  actionToTriggerSelector:
-                    description: Selector for a OutgoingWebhook in oncall to populate
-                      actionToTrigger.
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -21027,19 +20183,8 @@ spec:
                             type: string
                         type: object
                     type: object
-                  duration:
-                    description: |-
-                      86400) seconds
-                      The duration of delay for wait type step. (60-86400) seconds
-                    type: number
-                  escalationChainId:
-                    description: |-
-                      (String) The ID of the escalation chain.
-                      The ID of the escalation chain.
-                    type: string
-                  escalationChainRef:
-                    description: Reference to a EscalationChain in oncall to populate
-                      escalationChainId.
+                  roleRef:
+                    description: Reference to a Role in enterprise to populate roleUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -21072,9 +20217,8 @@ spec:
                     required:
                     - name
                     type: object
-                  escalationChainSelector:
-                    description: Selector for a EscalationChain in oncall to populate
-                      escalationChainId.
+                  roleSelector:
+                    description: Selector for a Role in enterprise to populate roleUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -21113,39 +20257,65 @@ spec:
                             type: string
                         type: object
                     type: object
-                  groupToNotify:
+                  roleUid:
                     description: |-
-                      (String) The ID of a User Group for notify_user_group type step.
-                      The ID of a User Group for notify_user_group type step.
-                    type: string
-                  important:
-                    description: |-
-                      (Boolean) Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
-                      Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
-                    type: boolean
-                  notifyIfTimeFrom:
-                    description: |-
-                      (String) The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
-                      The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
-                    type: string
-                  notifyIfTimeTo:
-                    description: |-
-                      (String) The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
-                      The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
-                    type: string
-                  notifyOnCallFromSchedule:
-                    description: |-
-                      (String) ID of a Schedule for notify_on_call_from_schedule type step.
-                      ID of a Schedule for notify_on_call_from_schedule type step.
+                      (String) Grafana RBAC role UID.
+                      Grafana RBAC role UID.
                     type: string
-                  notifyOnCallFromScheduleRef:
-                    description: Reference to a Schedule in oncall to populate notifyOnCallFromSchedule.
+                  serviceAccountRefs:
+                    description: References to ServiceAccount in oss to populate serviceAccounts.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  serviceAccountSelector:
+                    description: Selector for a list of ServiceAccount in oss to populate
+                      serviceAccounts.
                     properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
                       policy:
-                        description: Policies for referencing.
+                        description: Policies for selection.
                         properties:
                           resolution:
                             default: Required
@@ -21169,11 +20339,54 @@ spec:
                             - IfNotPresent
                             type: string
                         type: object
-                    required:
-                    - name
                     type: object
-                  notifyOnCallFromScheduleSelector:
-                    description: Selector for a Schedule in oncall to populate notifyOnCallFromSchedule.
+                  serviceAccounts:
+                    description: |-
+                      (Set of String) IDs of service accounts that the role should be assigned to.
+                      IDs of service accounts that the role should be assigned to.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  teamRefs:
+                    description: References to Team in oss to populate teams.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  teamSelector:
+                    description: Selector for a list of Team in oss to populate teams.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -21212,42 +20425,99 @@ spec:
                             type: string
                         type: object
                     type: object
-                  notifyToTeamMembers:
-                    description: |-
-                      (String) The ID of a Team for a notify_team_members type step.
-                      The ID of a Team for a notify_team_members type step.
-                    type: string
-                  personsToNotify:
+                  teams:
                     description: |-
-                      (Set of String) The list of ID's of users for notify_persons type step.
-                      The list of ID's of users for notify_persons type step.
+                      (Set of String) IDs of teams that the role should be assigned to.
+                      IDs of teams that the role should be assigned to.
                     items:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                  personsToNotifyNextEachTime:
+                  userRefs:
+                    description: References to User in oss to populate users.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  userSelector:
+                    description: Selector for a list of User in oss to populate users.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  users:
                     description: |-
-                      (Set of String) The list of ID's of users for notify_person_next_each_time type step.
-                      The list of ID's of users for notify_person_next_each_time type step.
+                      (Set of Number) IDs of users that the role should be assigned to.
+                      IDs of users that the role should be assigned to.
                     items:
-                      type: string
+                      type: number
                     type: array
                     x-kubernetes-list-type: set
-                  position:
-                    description: |-
-                      (Number) The position of the escalation step (starts from 0).
-                      The position of the escalation step (starts from 0).
-                    type: number
-                  severity:
-                    description: |-
-                      (String) The severity of the incident for declare_incident type step.
-                      The severity of the incident for declare_incident type step.
-                    type: string
-                  type:
-                    description: |-
-                      (String) The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
-                      The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
-                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -21416,99 +20686,48 @@ spec:
             required:
             - forProvider
             type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.position is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.position)
-                || (has(self.initProvider) && has(self.initProvider.position))'
-            - message: spec.forProvider.type is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
-                || (has(self.initProvider) && has(self.initProvider.type))'
           status:
-            description: EscalationStatus defines the observed state of Escalation.
+            description: RoleAssignmentStatus defines the observed state of RoleAssignment.
             properties:
               atProvider:
                 properties:
-                  actionToTrigger:
-                    description: |-
-                      (String) The ID of an Action for trigger_webhook type step.
-                      The ID of an Action for trigger_webhook type step.
-                    type: string
-                  duration:
-                    description: |-
-                      86400) seconds
-                      The duration of delay for wait type step. (60-86400) seconds
-                    type: number
-                  escalationChainId:
-                    description: |-
-                      (String) The ID of the escalation chain.
-                      The ID of the escalation chain.
-                    type: string
-                  groupToNotify:
-                    description: |-
-                      (String) The ID of a User Group for notify_user_group type step.
-                      The ID of a User Group for notify_user_group type step.
-                    type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  important:
-                    description: |-
-                      (Boolean) Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
-                      Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
-                    type: boolean
-                  notifyIfTimeFrom:
-                    description: |-
-                      (String) The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
-                      The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
-                    type: string
-                  notifyIfTimeTo:
-                    description: |-
-                      (String) The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
-                      The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
-                    type: string
-                  notifyOnCallFromSchedule:
+                  orgId:
                     description: |-
-                      (String) ID of a Schedule for notify_on_call_from_schedule type step.
-                      ID of a Schedule for notify_on_call_from_schedule type step.
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  notifyToTeamMembers:
+                  roleUid:
                     description: |-
-                      (String) The ID of a Team for a notify_team_members type step.
-                      The ID of a Team for a notify_team_members type step.
+                      (String) Grafana RBAC role UID.
+                      Grafana RBAC role UID.
                     type: string
-                  personsToNotify:
+                  serviceAccounts:
                     description: |-
-                      (Set of String) The list of ID's of users for notify_persons type step.
-                      The list of ID's of users for notify_persons type step.
+                      (Set of String) IDs of service accounts that the role should be assigned to.
+                      IDs of service accounts that the role should be assigned to.
                     items:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                  personsToNotifyNextEachTime:
+                  teams:
                     description: |-
-                      (Set of String) The list of ID's of users for notify_person_next_each_time type step.
-                      The list of ID's of users for notify_person_next_each_time type step.
+                      (Set of String) IDs of teams that the role should be assigned to.
+                      IDs of teams that the role should be assigned to.
                     items:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                  position:
-                    description: |-
-                      (Number) The position of the escalation step (starts from 0).
-                      The position of the escalation step (starts from 0).
-                    type: number
-                  severity:
-                    description: |-
-                      (String) The severity of the incident for declare_incident type step.
-                      The severity of the incident for declare_incident type step.
-                    type: string
-                  type:
+                  users:
                     description: |-
-                      (String) The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
-                      The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
-                    type: string
+                      (Set of Number) IDs of users that the role should be assigned to.
+                      IDs of users that the role should be assigned to.
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -21577,18 +20796,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: integrations.oncall.grafana.crossplane.io
+  name: roles.enterprise.grafana.crossplane.io
 spec:
-  group: oncall.grafana.crossplane.io
+  group: enterprise.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: Integration
-    listKind: IntegrationList
-    plural: integrations
-    singular: integration
+    kind: Role
+    listKind: RoleList
+    plural: roles
+    singular: role
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -21607,9 +20826,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Integration is the Schema for the Integrations API. Official
-          documentation https://grafana.com/docs/oncall/latest/configure/integrations/HTTP
-          API https://grafana.com/docs/oncall/latest/oncall-api-reference/
+        description: 'Role is the Schema for the Roles API. Note: This resource is
+          available only with Grafana Enterprise 8.+. Official documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/access_control/'
         properties:
           apiVersion:
             description: |-
@@ -21629,7 +20848,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: IntegrationSpec defines the desired state of Integration
+            description: RoleSpec defines the desired state of Role
             properties:
               deletionPolicy:
                 default: Delete
@@ -21647,795 +20866,720 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  defaultRoute:
+                  autoIncrementVersion:
                     description: |-
-                      (Block List, Min: 1, Max: 1) The Default route for all alerts from the given integration (see below for nested schema)
-                      The Default route for all alerts from the given integration
+                      (Boolean) Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or version should be set.
+                      Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or `version` should be set.
+                    type: boolean
+                  description:
+                    description: |-
+                      (String) Description of the role.
+                      Description of the role.
+                    type: string
+                  displayName:
+                    description: |-
+                      (String) Display name of the role. Available with Grafana 8.5+.
+                      Display name of the role. Available with Grafana 8.5+.
+                    type: string
+                  global:
+                    description: |-
+                      (Boolean) Boolean to state whether the role is available across all organizations or not. Defaults to false.
+                      Boolean to state whether the role is available across all organizations or not. Defaults to `false`.
+                    type: boolean
+                  group:
+                    description: |-
+                      (String) Group of the role. Available with Grafana 8.5+.
+                      Group of the role. Available with Grafana 8.5+.
+                    type: string
+                  hidden:
+                    description: |-
+                      (Boolean) Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to false.
+                      Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to `false`.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) Name of the role
+                      Name of the role
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permissions:
+                    description: |-
+                      (Block Set) Specific set of actions granted by the role. (see below for nested schema)
+                      Specific set of actions granted by the role.
                     items:
                       properties:
-                        escalationChainId:
+                        action:
                           description: |-
-                            (String) The ID of the escalation chain.
-                            The ID of the escalation chain.
+                            (String) Specific action users granted with the role will be allowed to perform (for example: users:read)
+                            Specific action users granted with the role will be allowed to perform (for example: `users:read`)
                           type: string
-                        escalationChainRef:
-                          description: Reference to a EscalationChain in oncall to
-                            populate escalationChainId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        escalationChainSelector:
-                          description: Selector for a EscalationChain in oncall to
-                            populate escalationChainId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                        msteams:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            MS teams-specific settings for a route.
-                          items:
-                            properties:
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in MS teams. Defaults to `true`.
-                                type: boolean
-                              id:
-                                description: |-
-                                  (String) The ID of this resource.
-                                  MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
-                                type: string
-                            type: object
-                          type: array
-                        slack:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Slack-specific settings for a route.
-                          items:
-                            properties:
-                              channelId:
-                                description: |-
-                                  (String) Slack channel id. Alerts will be directed to this channel in Slack.
-                                  Slack channel id. Alerts will be directed to this channel in Slack.
-                                type: string
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in Slack. Defaults to `true`.
-                                type: boolean
-                            type: object
-                          type: array
-                        telegram:
+                        scope:
                           description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Telegram-specific settings for a route.
-                          items:
-                            properties:
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in Telegram. Defaults to `true`.
-                                type: boolean
-                              id:
-                                description: |-
-                                  (String) The ID of this resource.
-                                  Telegram channel id. Alerts will be directed to this channel in Telegram.
-                                type: string
-                            type: object
-                          type: array
+                            (String) Scope to restrict the action to a set of resources (for example: users:* or roles:customrole1) Defaults to “.
+                            Scope to restrict the action to a set of resources (for example: `users:*` or `roles:customrole1`) Defaults to “.
+                          type: string
                       type: object
                     type: array
+                  uid:
+                    description: |-
+                      (String) Unique identifier of the role. Used for assignments.
+                      Unique identifier of the role. Used for assignments.
+                    type: string
+                  version:
+                    description: |-
+                      (Number) Version of the role. A role is updated only on version increase. This field or auto_increment_version should be set.
+                      Version of the role. A role is updated only on version increase. This field or `auto_increment_version` should be set.
+                    type: number
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  autoIncrementVersion:
+                    description: |-
+                      (Boolean) Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or version should be set.
+                      Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or `version` should be set.
+                    type: boolean
+                  description:
+                    description: |-
+                      (String) Description of the role.
+                      Description of the role.
+                    type: string
+                  displayName:
+                    description: |-
+                      (String) Display name of the role. Available with Grafana 8.5+.
+                      Display name of the role. Available with Grafana 8.5+.
+                    type: string
+                  global:
+                    description: |-
+                      (Boolean) Boolean to state whether the role is available across all organizations or not. Defaults to false.
+                      Boolean to state whether the role is available across all organizations or not. Defaults to `false`.
+                    type: boolean
+                  group:
+                    description: |-
+                      (String) Group of the role. Available with Grafana 8.5+.
+                      Group of the role. Available with Grafana 8.5+.
+                    type: string
+                  hidden:
+                    description: |-
+                      (Boolean) Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to false.
+                      Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to `false`.
+                    type: boolean
                   name:
                     description: |-
-                      (String) The name of the service integration.
-                      The name of the service integration.
+                      (String) Name of the role
+                      Name of the role
                     type: string
-                  teamId:
+                  orgId:
                     description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  templates:
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permissions:
                     description: |-
-                      (Block List, Max: 1) Jinja2 templates for Alert payload. An empty templates block will be ignored. (see below for nested schema)
-                      Jinja2 templates for Alert payload. An empty templates block will be ignored.
+                      (Block Set) Specific set of actions granted by the role. (see below for nested schema)
+                      Specific set of actions granted by the role.
                     items:
                       properties:
-                        acknowledgeSignal:
+                        action:
                           description: |-
-                            (String) Template for sending a signal to acknowledge the Incident.
-                            Template for sending a signal to acknowledge the Incident.
+                            (String) Specific action users granted with the role will be allowed to perform (for example: users:read)
+                            Specific action users granted with the role will be allowed to perform (for example: `users:read`)
                           type: string
-                        email:
+                        scope:
                           description: |-
-                            (Block List, Max: 1) Templates for Email. (see below for nested schema)
-                            Templates for Email.
-                          items:
-                            properties:
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        groupingKey:
-                          description: |-
-                            (String) Template for the key by which alerts are grouped.
-                            Template for the key by which alerts are grouped.
-                          type: string
-                        microsoftTeams:
-                          description: |-
-                            (Block List, Max: 1) Templates for Microsoft Teams. NOTE: Microsoft Teams templates are only available on Grafana Cloud. (see below for nested schema)
-                            Templates for Microsoft Teams. **NOTE**: Microsoft Teams templates are only available on Grafana Cloud.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        mobileApp:
-                          description: |-
-                            (Block List, Max: 1) Templates for Mobile app push notifications. (see below for nested schema)
-                            Templates for Mobile app push notifications.
-                          items:
-                            properties:
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        phoneCall:
-                          description: |-
-                            (Block List, Max: 1) Templates for Phone Call. (see below for nested schema)
-                            Templates for Phone Call.
-                          items:
-                            properties:
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        resolveSignal:
-                          description: |-
-                            (String) Template for sending a signal to resolve the Incident.
-                            Template for sending a signal to resolve the Incident.
-                          type: string
-                        slack:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Templates for Slack.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        sms:
-                          description: |-
-                            (Block List, Max: 1) Templates for SMS. (see below for nested schema)
-                            Templates for SMS.
-                          items:
-                            properties:
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        sourceLink:
-                          description: |-
-                            (String) Template for a source link.
-                            Template for a source link.
+                            (String) Scope to restrict the action to a set of resources (for example: users:* or roles:customrole1) Defaults to “.
+                            Scope to restrict the action to a set of resources (for example: `users:*` or `roles:customrole1`) Defaults to “.
                           type: string
-                        telegram:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Templates for Telegram.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        web:
-                          description: |-
-                            (Block List, Max: 1) Templates for Web. (see below for nested schema)
-                            Templates for Web.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
                       type: object
                     type: array
-                  type:
+                  uid:
                     description: |-
-                      (String) The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
-                      The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                      (String) Unique identifier of the role. Used for assignments.
+                      Unique identifier of the role. Used for assignments.
                     type: string
+                  version:
+                    description: |-
+                      (Number) Version of the role. A role is updated only on version increase. This field or auto_increment_version should be set.
+                      Version of the role. A role is updated only on version increase. This field or `auto_increment_version` should be set.
+                    type: number
                 type: object
-              initProvider:
+              managementPolicies:
+                default:
+                - '*'
                 description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
                 properties:
-                  defaultRoute:
-                    description: |-
-                      (Block List, Min: 1, Max: 1) The Default route for all alerts from the given integration (see below for nested schema)
-                      The Default route for all alerts from the given integration
-                    items:
-                      properties:
-                        escalationChainId:
-                          description: |-
-                            (String) The ID of the escalation chain.
-                            The ID of the escalation chain.
-                          type: string
-                        escalationChainRef:
-                          description: Reference to a EscalationChain in oncall to
-                            populate escalationChainId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        escalationChainSelector:
-                          description: Selector for a EscalationChain in oncall to
-                            populate escalationChainId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                        msteams:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            MS teams-specific settings for a route.
-                          items:
-                            properties:
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in MS teams. Defaults to `true`.
-                                type: boolean
-                              id:
-                                description: |-
-                                  (String) The ID of this resource.
-                                  MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
-                                type: string
-                            type: object
-                          type: array
-                        slack:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Slack-specific settings for a route.
-                          items:
-                            properties:
-                              channelId:
-                                description: |-
-                                  (String) Slack channel id. Alerts will be directed to this channel in Slack.
-                                  Slack channel id. Alerts will be directed to this channel in Slack.
-                                type: string
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in Slack. Defaults to `true`.
-                                type: boolean
-                            type: object
-                          type: array
-                        telegram:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Telegram-specific settings for a route.
-                          items:
-                            properties:
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in Telegram. Defaults to `true`.
-                                type: boolean
-                              id:
-                                description: |-
-                                  (String) The ID of this resource.
-                                  Telegram channel id. Alerts will be directed to this channel in Telegram.
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    type: array
                   name:
-                    description: |-
-                      (String) The name of the service integration.
-                      The name of the service integration.
-                    type: string
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    description: Name of the referenced object.
                     type: string
-                  templates:
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
                     description: |-
-                      (Block List, Max: 1) Jinja2 templates for Alert payload. An empty templates block will be ignored. (see below for nested schema)
-                      Jinja2 templates for Alert payload. An empty templates block will be ignored.
-                    items:
-                      properties:
-                        acknowledgeSignal:
-                          description: |-
-                            (String) Template for sending a signal to acknowledge the Incident.
-                            Template for sending a signal to acknowledge the Incident.
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
                           type: string
-                        email:
-                          description: |-
-                            (Block List, Max: 1) Templates for Email. (see below for nested schema)
-                            Templates for Email.
-                          items:
-                            properties:
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        groupingKey:
-                          description: |-
-                            (String) Template for the key by which alerts are grouped.
-                            Template for the key by which alerts are grouped.
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
                           type: string
-                        microsoftTeams:
-                          description: |-
-                            (Block List, Max: 1) Templates for Microsoft Teams. NOTE: Microsoft Teams templates are only available on Grafana Cloud. (see below for nested schema)
-                            Templates for Microsoft Teams. **NOTE**: Microsoft Teams templates are only available on Grafana Cloud.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        mobileApp:
-                          description: |-
-                            (Block List, Max: 1) Templates for Mobile app push notifications. (see below for nested schema)
-                            Templates for Mobile app push notifications.
-                          items:
-                            properties:
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        phoneCall:
-                          description: |-
-                            (Block List, Max: 1) Templates for Phone Call. (see below for nested schema)
-                            Templates for Phone Call.
-                          items:
-                            properties:
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        resolveSignal:
-                          description: |-
-                            (String) Template for sending a signal to resolve the Incident.
-                            Template for sending a signal to resolve the Incident.
-                          type: string
-                        slack:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Templates for Slack.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        sms:
-                          description: |-
-                            (Block List, Max: 1) Templates for SMS. (see below for nested schema)
-                            Templates for SMS.
-                          items:
-                            properties:
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        sourceLink:
-                          description: |-
-                            (String) Template for a source link.
-                            Template for a source link.
-                          type: string
-                        telegram:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Templates for Telegram.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        web:
-                          description: |-
-                            (Block List, Max: 1) Templates for Web. (see below for nested schema)
-                            Templates for Web.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    type: array
-                  type:
-                    description: |-
-                      (String) The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
-                      The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
-                    type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
-                    type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
                         description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
                         description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
                         type: string
                     type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
                 required:
                 - name
                 type: object
-              publishConnectionDetailsTo:
+              writeConnectionSecretToRef:
                 description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
                   and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
                 properties:
-                  configRef:
-                    default:
-                      name: default
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+          status:
+            description: RoleStatus defines the observed state of Role.
+            properties:
+              atProvider:
+                properties:
+                  autoIncrementVersion:
                     description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
+                      (Boolean) Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or version should be set.
+                      Whether the role version should be incremented automatically on updates (and set to 1 on creation). This field or `version` should be set.
+                    type: boolean
+                  description:
+                    description: |-
+                      (String) Description of the role.
+                      Description of the role.
+                    type: string
+                  displayName:
+                    description: |-
+                      (String) Display name of the role. Available with Grafana 8.5+.
+                      Display name of the role. Available with Grafana 8.5+.
+                    type: string
+                  global:
+                    description: |-
+                      (Boolean) Boolean to state whether the role is available across all organizations or not. Defaults to false.
+                      Boolean to state whether the role is available across all organizations or not. Defaults to `false`.
+                    type: boolean
+                  group:
+                    description: |-
+                      (String) Group of the role. Available with Grafana 8.5+.
+                      Group of the role. Available with Grafana 8.5+.
+                    type: string
+                  hidden:
+                    description: |-
+                      (Boolean) Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to false.
+                      Boolean to state whether the role should be visible in the Grafana UI or not. Available with Grafana 8.5+. Defaults to `false`.
+                    type: boolean
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  name:
+                    description: |-
+                      (String) Name of the role
+                      Name of the role
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  permissions:
+                    description: |-
+                      (Block Set) Specific set of actions granted by the role. (see below for nested schema)
+                      Specific set of actions granted by the role.
+                    items:
+                      properties:
+                        action:
+                          description: |-
+                            (String) Specific action users granted with the role will be allowed to perform (for example: users:read)
+                            Specific action users granted with the role will be allowed to perform (for example: `users:read`)
+                          type: string
+                        scope:
+                          description: |-
+                            (String) Scope to restrict the action to a set of resources (for example: users:* or roles:customrole1) Defaults to “.
+                            Scope to restrict the action to a set of resources (for example: `users:*` or `roles:customrole1`) Defaults to “.
+                          type: string
+                      type: object
+                    type: array
+                  uid:
+                    description: |-
+                      (String) Unique identifier of the role. Used for assignments.
+                      Unique identifier of the role. Used for assignments.
+                    type: string
+                  version:
+                    description: |-
+                      (Number) Version of the role. A role is updated only on version increase. This field or auto_increment_version should be set.
+                      Version of the role. A role is updated only on version increase. This field or `auto_increment_version` should be set.
+                    type: number
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: teamexternalgroups.enterprise.grafana.crossplane.io
+spec:
+  group: enterprise.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: TeamExternalGroup
+    listKind: TeamExternalGroupList
+    plural: teamexternalgroups
+    singular: teamexternalgroup
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: TeamExternalGroup is the Schema for the TeamExternalGroups API.
+          Equivalent to the the team_sync attribute of the grafana_team resource.
+          Use one or the other to configure a team's external groups syncing config.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TeamExternalGroupSpec defines the desired state of TeamExternalGroup
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  groups:
+                    description: |-
+                      (Set of String) The team external groups list
+                      The team external groups list
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  teamId:
+                    description: |-
+                      (String) The Team ID
+                      The Team ID
+                    type: string
+                  teamRef:
+                    description: Reference to a Team in oss to populate teamId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
                             enum:
                             - Required
                             - Optional
@@ -22454,353 +21598,340 @@ spec:
                     required:
                     - name
                     type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
+                  teamSelector:
+                    description: Selector for a Team in oss to populate teamId.
                     properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
+                      matchControllerRef:
                         description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
                         additionalProperties:
                           type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
                         type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
                     type: object
-                  name:
-                    description: Name is the name of the connection secret.
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  groups:
+                    description: |-
+                      (Set of String) The team external groups list
+                      The team external groups list
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  teamId:
+                    description: |-
+                      (String) The Team ID
+                      The Team ID
                     type: string
-                required:
-                - name
+                  teamRef:
+                    description: Reference to a Team in oss to populate teamId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  teamSelector:
+                    description: Selector for a Team in oss to populate teamId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
                 type: object
-              writeConnectionSecretToRef:
+              managementPolicies:
+                default:
+                - '*'
                 description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
                 properties:
                   name:
-                    description: Name of the secret.
-                    type: string
-                  namespace:
-                    description: Namespace of the secret.
+                    description: Name of the referenced object.
                     type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
                 required:
                 - name
-                - namespace
                 type: object
-            required:
-            - forProvider
-            type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.defaultRoute is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.defaultRoute)
-                || (has(self.initProvider) && has(self.initProvider.defaultRoute))'
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.type is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
-                || (has(self.initProvider) && has(self.initProvider.type))'
-          status:
-            description: IntegrationStatus defines the observed state of Integration.
-            properties:
-              atProvider:
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
                 properties:
-                  defaultRoute:
+                  configRef:
+                    default:
+                      name: default
                     description: |-
-                      (Block List, Min: 1, Max: 1) The Default route for all alerts from the given integration (see below for nested schema)
-                      The Default route for all alerts from the given integration
-                    items:
-                      properties:
-                        escalationChainId:
-                          description: |-
-                            (String) The ID of the escalation chain.
-                            The ID of the escalation chain.
-                          type: string
-                        id:
-                          description: (String) The ID of this resource.
-                          type: string
-                        msteams:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            MS teams-specific settings for a route.
-                          items:
-                            properties:
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in MS teams. Defaults to `true`.
-                                type: boolean
-                              id:
-                                description: |-
-                                  (String) The ID of this resource.
-                                  MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
-                                type: string
-                            type: object
-                          type: array
-                        slack:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Slack-specific settings for a route.
-                          items:
-                            properties:
-                              channelId:
-                                description: |-
-                                  (String) Slack channel id. Alerts will be directed to this channel in Slack.
-                                  Slack channel id. Alerts will be directed to this channel in Slack.
-                                type: string
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in Slack. Defaults to `true`.
-                                type: boolean
-                            type: object
-                          type: array
-                        telegram:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Telegram-specific settings for a route.
-                          items:
-                            properties:
-                              enabled:
-                                description: |-
-                                  (Boolean) Enable notification in MS teams. Defaults to true.
-                                  Enable notification in Telegram. Defaults to `true`.
-                                type: boolean
-                              id:
-                                description: |-
-                                  (String) The ID of this resource.
-                                  Telegram channel id. Alerts will be directed to this channel in Telegram.
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    type: array
-                  id:
-                    description: (String) The ID of this resource.
-                    type: string
-                  link:
-                    description: |-
-                      (String) The link for using in an integrated tool.
-                      The link for using in an integrated tool.
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
                     type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
                   name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.groups is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.groups)
+                || (has(self.initProvider) && has(self.initProvider.groups))'
+          status:
+            description: TeamExternalGroupStatus defines the observed state of TeamExternalGroup.
+            properties:
+              atProvider:
+                properties:
+                  groups:
                     description: |-
-                      (String) The name of the service integration.
-                      The name of the service integration.
+                      (Set of String) The team external groups list
+                      The team external groups list
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  id:
+                    description: (String) The ID of this resource.
                     type: string
                   teamId:
                     description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                  templates:
-                    description: |-
-                      (Block List, Max: 1) Jinja2 templates for Alert payload. An empty templates block will be ignored. (see below for nested schema)
-                      Jinja2 templates for Alert payload. An empty templates block will be ignored.
-                    items:
-                      properties:
-                        acknowledgeSignal:
-                          description: |-
-                            (String) Template for sending a signal to acknowledge the Incident.
-                            Template for sending a signal to acknowledge the Incident.
-                          type: string
-                        email:
-                          description: |-
-                            (Block List, Max: 1) Templates for Email. (see below for nested schema)
-                            Templates for Email.
-                          items:
-                            properties:
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        groupingKey:
-                          description: |-
-                            (String) Template for the key by which alerts are grouped.
-                            Template for the key by which alerts are grouped.
-                          type: string
-                        microsoftTeams:
-                          description: |-
-                            (Block List, Max: 1) Templates for Microsoft Teams. NOTE: Microsoft Teams templates are only available on Grafana Cloud. (see below for nested schema)
-                            Templates for Microsoft Teams. **NOTE**: Microsoft Teams templates are only available on Grafana Cloud.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        mobileApp:
-                          description: |-
-                            (Block List, Max: 1) Templates for Mobile app push notifications. (see below for nested schema)
-                            Templates for Mobile app push notifications.
-                          items:
-                            properties:
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        phoneCall:
-                          description: |-
-                            (Block List, Max: 1) Templates for Phone Call. (see below for nested schema)
-                            Templates for Phone Call.
-                          items:
-                            properties:
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        resolveSignal:
-                          description: |-
-                            (String) Template for sending a signal to resolve the Incident.
-                            Template for sending a signal to resolve the Incident.
-                          type: string
-                        slack:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Templates for Slack.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        sms:
-                          description: |-
-                            (Block List, Max: 1) Templates for SMS. (see below for nested schema)
-                            Templates for SMS.
-                          items:
-                            properties:
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        sourceLink:
-                          description: |-
-                            (String) Template for a source link.
-                            Template for a source link.
-                          type: string
-                        telegram:
-                          description: |-
-                            specific settings for a route. (see below for nested schema)
-                            Templates for Telegram.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                        web:
-                          description: |-
-                            (Block List, Max: 1) Templates for Web. (see below for nested schema)
-                            Templates for Web.
-                          items:
-                            properties:
-                              imageUrl:
-                                description: |-
-                                  (String) Template for Alert image url.
-                                  Template for Alert image url.
-                                type: string
-                              message:
-                                description: |-
-                                  (String) Template for Alert message.
-                                  Template for Alert message.
-                                type: string
-                              title:
-                                description: |-
-                                  (String) Template for Alert title.
-                                  Template for Alert title.
-                                type: string
-                            type: object
-                          type: array
-                      type: object
-                    type: array
-                  type:
-                    description: |-
-                      (String) The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
-                      The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                      (String) The Team ID
+                      The Team ID
                     type: string
                 type: object
               conditions:
@@ -22870,38 +22001,32 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: oncallshifts.oncall.grafana.crossplane.io
+  name: providerconfigs.grafana.crossplane.io
 spec:
-  group: oncall.grafana.crossplane.io
+  group: grafana.crossplane.io
   names:
     categories:
     - crossplane
-    - managed
+    - provider
     - grafana
-    kind: OnCallShift
-    listKind: OnCallShiftList
-    plural: oncallshifts
-    singular: oncallshift
+    kind: ProviderConfig
+    listKind: ProviderConfigList
+    plural: providerconfigs
+    singular: providerconfig
   scope: Cluster
   versions:
   - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Synced')].status
-      name: SYNCED
-      type: string
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
     - jsonPath: .metadata.creationTimestamp
       name: AGE
       type: date
-    name: v1alpha1
+    - jsonPath: .spec.credentials.secretRef.name
+      name: SECRET-NAME
+      priority: 1
+      type: string
+    name: v1beta1
     schema:
       openAPIV3Schema:
-        description: OnCallShift is the Schema for the OnCallShifts API. HTTP API
-          https://grafana.com/docs/oncall/latest/oncall-api-reference/on_call_shifts/
+        description: A ProviderConfig configures a Grafana provider.
         properties:
           apiVersion:
             description: |-
@@ -22921,535 +22046,86 @@ spec:
           metadata:
             type: object
           spec:
-            description: OnCallShiftSpec defines the desired state of OnCallShift
+            description: A ProviderConfigSpec defines the desired state of a ProviderConfig.
             properties:
-              deletionPolicy:
-                default: Delete
-                description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
+              cloudApiUrl:
+                description: Override the Grafana Cloud API URL from the credentials
+                  reference attribute.
                 type: string
-              forProvider:
+              credentials:
+                description: Credentials required to authenticate to this provider.
                 properties:
-                  byDay:
-                    description: |-
-                      (Set of String) This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                      This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  byMonth:
-                    description: |-
-                      (Set of Number) This parameter takes a list of months. Valid values are 1 to 12
-                      This parameter takes a list of months. Valid values are 1 to 12
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                  byMonthday:
-                    description: |-
-                      31 to -1
-                      This parameter takes a list of days of the month.  Valid values are 1 to 31 or -31 to -1
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                  duration:
-                    description: |-
-                      (Number) The duration of the event.
-                      The duration of the event.
-                    type: number
-                  frequency:
-                    description: |-
-                      (String) The frequency of the event. Can be hourly, daily, weekly, monthly
-                      The frequency of the event. Can be hourly, daily, weekly, monthly
-                    type: string
-                  interval:
-                    description: |-
-                      (Number) The positive integer representing at which intervals the recurrence rule repeats.
-                      The positive integer representing at which intervals the recurrence rule repeats.
-                    type: number
-                  level:
-                    description: |-
-                      (Number) The priority level. The higher the value, the higher the priority.
-                      The priority level. The higher the value, the higher the priority.
-                    type: number
-                  name:
-                    description: |-
-                      (String) The shift's name.
-                      The shift's name.
-                    type: string
-                  rollingUsers:
+                  env:
                     description: |-
-                      call users (for rolling_users event type)
-                      The list of lists with on-call users (for rolling_users event type)
-                    items:
-                      items:
+                      Env is a reference to an environment variable that contains credentials
+                      that must be used to connect to the provider.
+                    properties:
+                      name:
+                        description: Name is the name of an environment variable.
                         type: string
-                      type: array
-                    type: array
-                  start:
-                    description: |-
-                      call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                      The start time of the on-call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                    type: string
-                  startRotationFromUserIndex:
-                    description: |-
-                      call rotation starts.
-                      The index of the list of users in rolling_users, from which on-call rotation starts.
-                    type: number
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                  timeZone:
+                    required:
+                    - name
+                    type: object
+                  fs:
                     description: |-
-                      (String) The shift's timezone.  Overrides schedule's timezone.
-                      The shift's timezone.  Overrides schedule's timezone.
-                    type: string
-                  type:
+                      Fs is a reference to a filesystem location that contains credentials that
+                      must be used to connect to the provider.
+                    properties:
+                      path:
+                        description: Path is a filesystem path.
+                        type: string
+                    required:
+                    - path
+                    type: object
+                  secretRef:
                     description: |-
-                      (String) The shift's type. Can be rolling_users, recurrent_event, single_event
-                      The shift's type. Can be rolling_users, recurrent_event, single_event
-                    type: string
-                  until:
-                    description: |-
-                      call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                      The end time of recurrent on-call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                    type: string
-                  users:
-                    description: |-
-                      call users (for single_event and recurrent_event event type).
-                      The list of on-call users (for single_event and recurrent_event event type).
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  weekStart:
-                    description: |-
-                      (String) Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                      Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                    type: string
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  byDay:
-                    description: |-
-                      (Set of String) This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                      This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  byMonth:
-                    description: |-
-                      (Set of Number) This parameter takes a list of months. Valid values are 1 to 12
-                      This parameter takes a list of months. Valid values are 1 to 12
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                  byMonthday:
-                    description: |-
-                      31 to -1
-                      This parameter takes a list of days of the month.  Valid values are 1 to 31 or -31 to -1
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                  duration:
-                    description: |-
-                      (Number) The duration of the event.
-                      The duration of the event.
-                    type: number
-                  frequency:
-                    description: |-
-                      (String) The frequency of the event. Can be hourly, daily, weekly, monthly
-                      The frequency of the event. Can be hourly, daily, weekly, monthly
-                    type: string
-                  interval:
-                    description: |-
-                      (Number) The positive integer representing at which intervals the recurrence rule repeats.
-                      The positive integer representing at which intervals the recurrence rule repeats.
-                    type: number
-                  level:
-                    description: |-
-                      (Number) The priority level. The higher the value, the higher the priority.
-                      The priority level. The higher the value, the higher the priority.
-                    type: number
-                  name:
-                    description: |-
-                      (String) The shift's name.
-                      The shift's name.
-                    type: string
-                  rollingUsers:
-                    description: |-
-                      call users (for rolling_users event type)
-                      The list of lists with on-call users (for rolling_users event type)
-                    items:
-                      items:
-                        type: string
-                      type: array
-                    type: array
-                  start:
-                    description: |-
-                      call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                      The start time of the on-call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                    type: string
-                  startRotationFromUserIndex:
-                    description: |-
-                      call rotation starts.
-                      The index of the list of users in rolling_users, from which on-call rotation starts.
-                    type: number
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                  timeZone:
-                    description: |-
-                      (String) The shift's timezone.  Overrides schedule's timezone.
-                      The shift's timezone.  Overrides schedule's timezone.
-                    type: string
-                  type:
-                    description: |-
-                      (String) The shift's type. Can be rolling_users, recurrent_event, single_event
-                      The shift's type. Can be rolling_users, recurrent_event, single_event
-                    type: string
-                  until:
-                    description: |-
-                      call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                      The end time of recurrent on-call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                    type: string
-                  users:
-                    description: |-
-                      call users (for single_event and recurrent_event event type).
-                      The list of on-call users (for single_event and recurrent_event event type).
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  weekStart:
-                    description: |-
-                      (String) Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                      Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                    type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
-                    type: string
-                  policy:
-                    description: Policies for referencing.
+                      A SecretRef is a reference to a secret key that contains the credentials
+                      that must be used to connect to the provider.
                     properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
+                      key:
+                        description: The key to select.
                         type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
-                    description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
                       name:
-                        description: Name of the referenced object.
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
                     required:
+                    - key
                     - name
+                    - namespace
                     type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
-                    type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
-                description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
-                properties:
-                  name:
-                    description: Name of the secret.
-                    type: string
-                  namespace:
-                    description: Namespace of the secret.
+                  source:
+                    description: Source of the provider credentials.
+                    enum:
+                    - None
+                    - Secret
+                    - InjectedIdentity
+                    - Environment
+                    - Filesystem
                     type: string
                 required:
-                - name
-                - namespace
+                - source
                 type: object
+              oncallUrl:
+                description: Override the OnCall API URL from the credentials reference
+                  attribute.
+                type: string
+              smUrl:
+                description: Override the Synthetic Monitoring API URL from the credentials
+                  reference attribute.
+                type: string
+              url:
+                description: Override the Grafana URL from the credentials reference
+                  attribute.
+                type: string
             required:
-            - forProvider
+            - credentials
             type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.duration is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.duration)
-                || (has(self.initProvider) && has(self.initProvider.duration))'
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.start is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.start)
-                || (has(self.initProvider) && has(self.initProvider.start))'
-            - message: spec.forProvider.type is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
-                || (has(self.initProvider) && has(self.initProvider.type))'
           status:
-            description: OnCallShiftStatus defines the observed state of OnCallShift.
+            description: A ProviderConfigStatus reflects the observed state of a ProviderConfig.
             properties:
-              atProvider:
-                properties:
-                  byDay:
-                    description: |-
-                      (Set of String) This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                      This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  byMonth:
-                    description: |-
-                      (Set of Number) This parameter takes a list of months. Valid values are 1 to 12
-                      This parameter takes a list of months. Valid values are 1 to 12
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                  byMonthday:
-                    description: |-
-                      31 to -1
-                      This parameter takes a list of days of the month.  Valid values are 1 to 31 or -31 to -1
-                    items:
-                      type: number
-                    type: array
-                    x-kubernetes-list-type: set
-                  duration:
-                    description: |-
-                      (Number) The duration of the event.
-                      The duration of the event.
-                    type: number
-                  frequency:
-                    description: |-
-                      (String) The frequency of the event. Can be hourly, daily, weekly, monthly
-                      The frequency of the event. Can be hourly, daily, weekly, monthly
-                    type: string
-                  id:
-                    description: (String) The ID of this resource.
-                    type: string
-                  interval:
-                    description: |-
-                      (Number) The positive integer representing at which intervals the recurrence rule repeats.
-                      The positive integer representing at which intervals the recurrence rule repeats.
-                    type: number
-                  level:
-                    description: |-
-                      (Number) The priority level. The higher the value, the higher the priority.
-                      The priority level. The higher the value, the higher the priority.
-                    type: number
-                  name:
-                    description: |-
-                      (String) The shift's name.
-                      The shift's name.
-                    type: string
-                  rollingUsers:
-                    description: |-
-                      call users (for rolling_users event type)
-                      The list of lists with on-call users (for rolling_users event type)
-                    items:
-                      items:
-                        type: string
-                      type: array
-                    type: array
-                  start:
-                    description: |-
-                      call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                      The start time of the on-call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                    type: string
-                  startRotationFromUserIndex:
-                    description: |-
-                      call rotation starts.
-                      The index of the list of users in rolling_users, from which on-call rotation starts.
-                    type: number
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
-                    type: string
-                  timeZone:
-                    description: |-
-                      (String) The shift's timezone.  Overrides schedule's timezone.
-                      The shift's timezone.  Overrides schedule's timezone.
-                    type: string
-                  type:
-                    description: |-
-                      (String) The shift's type. Can be rolling_users, recurrent_event, single_event
-                      The shift's type. Can be rolling_users, recurrent_event, single_event
-                    type: string
-                  until:
-                    description: |-
-                      call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                      The end time of recurrent on-call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
-                    type: string
-                  users:
-                    description: |-
-                      call users (for single_event and recurrent_event event type).
-                      The list of on-call users (for single_event and recurrent_event event type).
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  weekStart:
-                    description: |-
-                      (String) Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                      Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
-                    type: string
-                type: object
               conditions:
                 description: Conditions of the resource.
                 items:
@@ -23496,11 +22172,8 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
-              observedGeneration:
-                description: |-
-                  ObservedGeneration is the latest metadata.generation
-                  which resulted in either a ready state, or stalled due to error
-                  it can not recover from without human intervention.
+              users:
+                description: Users of this provider configuration.
                 format: int64
                 type: integer
             type: object
@@ -23517,38 +22190,37 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: outgoingwebhooks.oncall.grafana.crossplane.io
+  name: providerconfigusages.grafana.crossplane.io
 spec:
-  group: oncall.grafana.crossplane.io
+  group: grafana.crossplane.io
   names:
     categories:
     - crossplane
-    - managed
+    - provider
     - grafana
-    kind: OutgoingWebhook
-    listKind: OutgoingWebhookList
-    plural: outgoingwebhooks
-    singular: outgoingwebhook
+    kind: ProviderConfigUsage
+    listKind: ProviderConfigUsageList
+    plural: providerconfigusages
+    singular: providerconfigusage
   scope: Cluster
   versions:
   - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Synced')].status
-      name: SYNCED
-      type: string
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
     - jsonPath: .metadata.creationTimestamp
       name: AGE
       type: date
-    name: v1alpha1
+    - jsonPath: .providerConfigRef.name
+      name: CONFIG-NAME
+      type: string
+    - jsonPath: .resourceRef.kind
+      name: RESOURCE-KIND
+      type: string
+    - jsonPath: .resourceRef.name
+      name: RESOURCE-NAME
+      type: string
+    name: v1beta1
     schema:
       openAPIV3Schema:
-        description: OutgoingWebhook is the Schema for the OutgoingWebhooks API. HTTP
-          API https://grafana.com/docs/oncall/latest/oncall-api-reference/outgoing_webhooks/
+        description: A ProviderConfigUsage indicates that a resource is using a ProviderConfig.
         properties:
           apiVersion:
             description: |-
@@ -23567,124 +22239,403 @@ spec:
             type: string
           metadata:
             type: object
-          spec:
-            description: OutgoingWebhookSpec defines the desired state of OutgoingWebhook
+          providerConfigRef:
+            description: ProviderConfigReference to the provider config being used.
             properties:
-              deletionPolicy:
-                default: Delete
-                description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
+              name:
+                description: Name of the referenced object.
                 type: string
-              forProvider:
+              policy:
+                description: Policies for referencing.
                 properties:
-                  authorizationHeaderSecretRef:
+                  resolution:
+                    default: Required
                     description: |-
-                      (String, Sensitive) The auth data of the webhook. Used in Authorization header instead of user/password auth.
-                      The auth data of the webhook. Used in Authorization header instead of user/password auth.
+                      Resolution specifies whether resolution of this reference is required.
+                      The default is 'Required', which means the reconcile will fail if the
+                      reference cannot be resolved. 'Optional' means this reference will be
+                      a no-op if it cannot be resolved.
+                    enum:
+                    - Required
+                    - Optional
+                    type: string
+                  resolve:
+                    description: |-
+                      Resolve specifies when this reference should be resolved. The default
+                      is 'IfNotPresent', which will attempt to resolve the reference only when
+                      the corresponding field is not present. Use 'Always' to resolve the
+                      reference on every reconcile.
+                    enum:
+                    - Always
+                    - IfNotPresent
+                    type: string
+                type: object
+            required:
+            - name
+            type: object
+          resourceRef:
+            description: ResourceReference to the managed resource using the provider
+              config.
+            properties:
+              apiVersion:
+                description: APIVersion of the referenced object.
+                type: string
+              kind:
+                description: Kind of the referenced object.
+                type: string
+              name:
+                description: Name of the referenced object.
+                type: string
+              uid:
+                description: UID of the referenced object.
+                type: string
+            required:
+            - apiVersion
+            - kind
+            - name
+            type: object
+        required:
+        - providerConfigRef
+        - resourceRef
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: storeconfigs.grafana.crossplane.io
+spec:
+  group: grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - store
+    - gcp
+    kind: StoreConfig
+    listKind: StoreConfigList
+    plural: storeconfigs
+    singular: storeconfig
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    - jsonPath: .spec.type
+      name: TYPE
+      type: string
+    - jsonPath: .spec.defaultScope
+      name: DEFAULT-SCOPE
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: A StoreConfig configures how GCP controller should store connection
+          details.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A StoreConfigSpec defines the desired state of a ProviderConfig.
+            properties:
+              defaultScope:
+                description: |-
+                  DefaultScope used for scoping secrets for "cluster-scoped" resources.
+                  If store type is "Kubernetes", this would mean the default namespace to
+                  store connection secrets for cluster scoped resources.
+                  In case of "Vault", this would be used as the default parent path.
+                  Typically, should be set as Crossplane installation namespace.
+                type: string
+              kubernetes:
+                description: |-
+                  Kubernetes configures a Kubernetes secret store.
+                  If the "type" is "Kubernetes" but no config provided, in cluster config
+                  will be used.
+                properties:
+                  auth:
+                    description: Credentials used to connect to the Kubernetes API.
                     properties:
-                      key:
-                        description: The key to select.
-                        type: string
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
+                      env:
+                        description: |-
+                          Env is a reference to an environment variable that contains credentials
+                          that must be used to connect to the provider.
+                        properties:
+                          name:
+                            description: Name is the name of an environment variable.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      fs:
+                        description: |-
+                          Fs is a reference to a filesystem location that contains credentials that
+                          must be used to connect to the provider.
+                        properties:
+                          path:
+                            description: Path is a filesystem path.
+                            type: string
+                        required:
+                        - path
+                        type: object
+                      secretRef:
+                        description: |-
+                          A SecretRef is a reference to a secret key that contains the credentials
+                          that must be used to connect to the provider.
+                        properties:
+                          key:
+                            description: The key to select.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        - namespace
+                        type: object
+                      source:
+                        description: Source of the credentials.
+                        enum:
+                        - None
+                        - Secret
+                        - Environment
+                        - Filesystem
                         type: string
                     required:
-                    - key
-                    - name
-                    - namespace
+                    - source
                     type: object
-                  data:
-                    description: |-
-                      (String) The data of the webhook.
-                      The data of the webhook.
-                    type: string
-                  forwardWholePayload:
-                    description: |-
-                      (Boolean) Toggle to send the entire webhook payload instead of using the values in the Data field.
-                      Toggle to send the entire webhook payload instead of using the values in the Data field.
-                    type: boolean
-                  headers:
-                    description: |-
-                      (String) Headers to add to the outgoing webhook request.
-                      Headers to add to the outgoing webhook request.
-                    type: string
-                  httpMethod:
-                    description: |-
-                      (String) The HTTP method used in the request made by the outgoing webhook. Defaults to POST.
-                      The HTTP method used in the request made by the outgoing webhook. Defaults to `POST`.
-                    type: string
-                  integrationFilter:
-                    description: |-
-                      (List of String) Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
-                      Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
-                    items:
-                      type: string
-                    type: array
-                  isWebhookEnabled:
-                    description: |-
-                      (Boolean) Controls whether the outgoing webhook will trigger or is ignored. Defaults to true.
-                      Controls whether the outgoing webhook will trigger or is ignored. Defaults to `true`.
-                    type: boolean
-                  name:
-                    description: |-
-                      (String) The name of the outgoing webhook.
-                      The name of the outgoing webhook.
-                    type: string
-                  passwordSecretRef:
-                    description: |-
-                      (String, Sensitive) The auth data of the webhook. Used for Basic authentication
-                      The auth data of the webhook. Used for Basic authentication
+                required:
+                - auth
+                type: object
+              plugin:
+                description: Plugin configures External secret store as a plugin.
+                properties:
+                  configRef:
+                    description: ConfigRef contains store config reference info.
                     properties:
-                      key:
-                        description: The key to select.
+                      apiVersion:
+                        description: APIVersion of the referenced config.
                         type: string
-                      name:
-                        description: Name of the secret.
+                      kind:
+                        description: Kind of the referenced config.
                         type: string
-                      namespace:
-                        description: Namespace of the secret.
+                      name:
+                        description: Name of the referenced config.
                         type: string
                     required:
-                    - key
+                    - apiVersion
+                    - kind
                     - name
-                    - namespace
                     type: object
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                  endpoint:
+                    description: Endpoint is the endpoint of the gRPC server.
                     type: string
-                  triggerTemplate:
-                    description: |-
-                      (String) A template used to dynamically determine whether the webhook should execute based on the content of the payload.
-                      A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                type: object
+              type:
+                default: Kubernetes
+                description: |-
+                  Type configures which secret store to be used. Only the configuration
+                  block for this store will be used and others will be ignored if provided.
+                  Default is Kubernetes.
+                enum:
+                - Kubernetes
+                - Vault
+                - Plugin
+                type: string
+            required:
+            - defaultScope
+            type: object
+          status:
+            description: A StoreConfigStatus represents the status of a StoreConfig.
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: alerts.ml.grafana.crossplane.io
+spec:
+  group: ml.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: Alert
+    listKind: AlertList
+    plural: alerts
+    singular: alert
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Alert is the Schema for the Alerts API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AlertSpec defines the desired state of Alert
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: Annotations to add to the alert generated in Grafana.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  anomalyCondition:
+                    description: The condition for when to consider a point as anomalous.
                     type: string
-                  triggerType:
-                    description: |-
-                      (String) The type of event that will cause this outgoing webhook to execute. The types of triggers are: escalation, alert group created, acknowledge, resolve, silence, unsilence, unresolve, unacknowledge. Defaults to escalation.
-                      The type of event that will cause this outgoing webhook to execute. The types of triggers are: `escalation`, `alert group created`, `acknowledge`, `resolve`, `silence`, `unsilence`, `unresolve`, `unacknowledge`. Defaults to `escalation`.
+                  for:
+                    description: How long values must be anomalous before firing an
+                      alert.
                     type: string
-                  url:
-                    description: |-
-                      (String) The webhook URL.
-                      The webhook URL.
+                  jobId:
+                    description: The forecast this alert belongs to.
                     type: string
-                  user:
-                    description: |-
-                      (String) Username to use when making the outgoing webhook request.
-                      Username to use when making the outgoing webhook request.
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: Labels to add to the alert generated in Grafana.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  noDataState:
+                    description: How the alert should be processed when no data is
+                      returned by the underlying series
+                    type: string
+                  outlierId:
+                    description: The forecast this alert belongs to.
+                    type: string
+                  threshold:
+                    description: The threshold of points over the window that need
+                      to be anomalous to alert.
+                    type: string
+                  title:
+                    description: The title of the alert.
+                    type: string
+                  window:
+                    description: How much time to average values over
                     type: string
                 type: object
               initProvider:
@@ -23700,105 +22651,44 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  authorizationHeaderSecretRef:
-                    description: |-
-                      (String, Sensitive) The auth data of the webhook. Used in Authorization header instead of user/password auth.
-                      The auth data of the webhook. Used in Authorization header instead of user/password auth.
-                    properties:
-                      key:
-                        description: The key to select.
-                        type: string
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
-                        type: string
-                    required:
-                    - key
-                    - name
-                    - namespace
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: Annotations to add to the alert generated in Grafana.
                     type: object
-                  data:
-                    description: |-
-                      (String) The data of the webhook.
-                      The data of the webhook.
+                    x-kubernetes-map-type: granular
+                  anomalyCondition:
+                    description: The condition for when to consider a point as anomalous.
                     type: string
-                  forwardWholePayload:
-                    description: |-
-                      (Boolean) Toggle to send the entire webhook payload instead of using the values in the Data field.
-                      Toggle to send the entire webhook payload instead of using the values in the Data field.
-                    type: boolean
-                  headers:
-                    description: |-
-                      (String) Headers to add to the outgoing webhook request.
-                      Headers to add to the outgoing webhook request.
+                  for:
+                    description: How long values must be anomalous before firing an
+                      alert.
                     type: string
-                  httpMethod:
-                    description: |-
-                      (String) The HTTP method used in the request made by the outgoing webhook. Defaults to POST.
-                      The HTTP method used in the request made by the outgoing webhook. Defaults to `POST`.
+                  jobId:
+                    description: The forecast this alert belongs to.
                     type: string
-                  integrationFilter:
-                    description: |-
-                      (List of String) Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
-                      Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
-                    items:
+                  labels:
+                    additionalProperties:
                       type: string
-                    type: array
-                  isWebhookEnabled:
-                    description: |-
-                      (Boolean) Controls whether the outgoing webhook will trigger or is ignored. Defaults to true.
-                      Controls whether the outgoing webhook will trigger or is ignored. Defaults to `true`.
-                    type: boolean
-                  name:
-                    description: |-
-                      (String) The name of the outgoing webhook.
-                      The name of the outgoing webhook.
-                    type: string
-                  passwordSecretRef:
-                    description: |-
-                      (String, Sensitive) The auth data of the webhook. Used for Basic authentication
-                      The auth data of the webhook. Used for Basic authentication
-                    properties:
-                      key:
-                        description: The key to select.
-                        type: string
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
-                        type: string
-                    required:
-                    - key
-                    - name
-                    - namespace
+                    description: Labels to add to the alert generated in Grafana.
                     type: object
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    x-kubernetes-map-type: granular
+                  noDataState:
+                    description: How the alert should be processed when no data is
+                      returned by the underlying series
                     type: string
-                  triggerTemplate:
-                    description: |-
-                      (String) A template used to dynamically determine whether the webhook should execute based on the content of the payload.
-                      A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                  outlierId:
+                    description: The forecast this alert belongs to.
                     type: string
-                  triggerType:
-                    description: |-
-                      (String) The type of event that will cause this outgoing webhook to execute. The types of triggers are: escalation, alert group created, acknowledge, resolve, silence, unsilence, unresolve, unacknowledge. Defaults to escalation.
-                      The type of event that will cause this outgoing webhook to execute. The types of triggers are: `escalation`, `alert group created`, `acknowledge`, `resolve`, `silence`, `unsilence`, `unresolve`, `unacknowledge`. Defaults to `escalation`.
+                  threshold:
+                    description: The threshold of points over the window that need
+                      to be anomalous to alert.
                     type: string
-                  url:
-                    description: |-
-                      (String) The webhook URL.
-                      The webhook URL.
+                  title:
+                    description: The title of the alert.
                     type: string
-                  user:
-                    description: |-
-                      (String) Username to use when making the outgoing webhook request.
-                      Username to use when making the outgoing webhook request.
+                  window:
+                    description: How much time to average values over
                     type: string
                 type: object
               managementPolicies:
@@ -23969,83 +22859,55 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.url is a required parameter
+            - message: spec.forProvider.title is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.url)
-                || (has(self.initProvider) && has(self.initProvider.url))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.title)
+                || (has(self.initProvider) && has(self.initProvider.title))'
           status:
-            description: OutgoingWebhookStatus defines the observed state of OutgoingWebhook.
+            description: AlertStatus defines the observed state of Alert.
             properties:
               atProvider:
                 properties:
-                  data:
-                    description: |-
-                      (String) The data of the webhook.
-                      The data of the webhook.
-                    type: string
-                  forwardWholePayload:
-                    description: |-
-                      (Boolean) Toggle to send the entire webhook payload instead of using the values in the Data field.
-                      Toggle to send the entire webhook payload instead of using the values in the Data field.
-                    type: boolean
-                  headers:
-                    description: |-
-                      (String) Headers to add to the outgoing webhook request.
-                      Headers to add to the outgoing webhook request.
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: Annotations to add to the alert generated in Grafana.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  anomalyCondition:
+                    description: The condition for when to consider a point as anomalous.
                     type: string
-                  httpMethod:
-                    description: |-
-                      (String) The HTTP method used in the request made by the outgoing webhook. Defaults to POST.
-                      The HTTP method used in the request made by the outgoing webhook. Defaults to `POST`.
+                  for:
+                    description: How long values must be anomalous before firing an
+                      alert.
                     type: string
                   id:
-                    description: (String) The ID of this resource.
                     type: string
-                  integrationFilter:
-                    description: |-
-                      (List of String) Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
-                      Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
-                    items:
-                      type: string
-                    type: array
-                  isWebhookEnabled:
-                    description: |-
-                      (Boolean) Controls whether the outgoing webhook will trigger or is ignored. Defaults to true.
-                      Controls whether the outgoing webhook will trigger or is ignored. Defaults to `true`.
-                    type: boolean
-                  name:
-                    description: |-
-                      (String) The name of the outgoing webhook.
-                      The name of the outgoing webhook.
+                  jobId:
+                    description: The forecast this alert belongs to.
                     type: string
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: Labels to add to the alert generated in Grafana.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  noDataState:
+                    description: How the alert should be processed when no data is
+                      returned by the underlying series
                     type: string
-                  triggerTemplate:
-                    description: |-
-                      (String) A template used to dynamically determine whether the webhook should execute based on the content of the payload.
-                      A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                  outlierId:
+                    description: The forecast this alert belongs to.
                     type: string
-                  triggerType:
-                    description: |-
-                      (String) The type of event that will cause this outgoing webhook to execute. The types of triggers are: escalation, alert group created, acknowledge, resolve, silence, unsilence, unresolve, unacknowledge. Defaults to escalation.
-                      The type of event that will cause this outgoing webhook to execute. The types of triggers are: `escalation`, `alert group created`, `acknowledge`, `resolve`, `silence`, `unsilence`, `unresolve`, `unacknowledge`. Defaults to `escalation`.
+                  threshold:
+                    description: The threshold of points over the window that need
+                      to be anomalous to alert.
                     type: string
-                  url:
-                    description: |-
-                      (String) The webhook URL.
-                      The webhook URL.
+                  title:
+                    description: The title of the alert.
                     type: string
-                  user:
-                    description: |-
-                      (String) Username to use when making the outgoing webhook request.
-                      Username to use when making the outgoing webhook request.
+                  window:
+                    description: How much time to average values over
                     type: string
                 type: object
               conditions:
@@ -24115,18 +22977,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: routes.oncall.grafana.crossplane.io
+  name: holidays.ml.grafana.crossplane.io
 spec:
-  group: oncall.grafana.crossplane.io
+  group: ml.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: Route
-    listKind: RouteList
-    plural: routes
-    singular: route
+    kind: Holiday
+    listKind: HolidayList
+    plural: holidays
+    singular: holiday
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -24145,7 +23007,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Route is the Schema for the Routes API. HTTP API https://grafana.com/docs/oncall/latest/oncall-api-reference/routes/
+        description: 'Holiday is the Schema for the Holidays API. A holiday describes
+          time periods where a time series is expected to behave differently to normal.
+          To use a holiday in a job, use its id in the holidays attribute of a grafana_machine_learning_job:'
         properties:
           apiVersion:
             description: |-
@@ -24165,7 +23029,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: RouteSpec defines the desired state of Route
+            description: HolidaySpec defines the desired state of Holiday
             properties:
               deletionPolicy:
                 default: Delete
@@ -24183,259 +23047,155 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  escalationChainId:
-                    description: |-
-                      (String) The ID of the escalation chain.
-                      The ID of the escalation chain.
+                  customPeriods:
+                    description: A list of custom periods for the holiday.
+                    items:
+                      properties:
+                        endTime:
+                          type: string
+                        name:
+                          description: The name of the custom period.
+                          type: string
+                        startTime:
+                          type: string
+                      type: object
+                    type: array
+                  description:
+                    description: A description of the holiday.
                     type: string
-                  escalationChainRef:
-                    description: Reference to a EscalationChain in oncall to populate
-                      escalationChainId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  escalationChainSelector:
-                    description: Selector for a EscalationChain in oncall to populate
-                      escalationChainId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
+                  icalTimezone:
+                    description: The timezone to use for events in the iCal file pointed
+                      to by ical_url.
+                    type: string
+                  icalUrl:
+                    description: A URL to an iCal file containing all occurrences
+                      of the holiday.
+                    type: string
+                  name:
+                    description: The name of the holiday.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  customPeriods:
+                    description: A list of custom periods for the holiday.
+                    items:
+                      properties:
+                        endTime:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  integrationId:
-                    description: |-
-                      (String) The ID of the integration.
-                      The ID of the integration.
+                        name:
+                          description: The name of the custom period.
+                          type: string
+                        startTime:
+                          type: string
+                      type: object
+                    type: array
+                  description:
+                    description: A description of the holiday.
                     type: string
-                  integrationRef:
-                    description: Reference to a Integration in oncall to populate
-                      integrationId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  integrationSelector:
-                    description: Selector for a Integration in oncall to populate
-                      integrationId.
+                  icalTimezone:
+                    description: The timezone to use for events in the iCal file pointed
+                      to by ical_url.
+                    type: string
+                  icalUrl:
+                    description: A URL to an iCal file containing all occurrences
+                      of the holiday.
+                    type: string
+                  name:
+                    description: The name of the holiday.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
                     properties:
-                      matchControllerRef:
+                      resolution:
+                        default: Required
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
                     type: object
-                  msteams:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      MS teams-specific settings for a route.
-                    items:
-                      properties:
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in MS teams. Defaults to `true`.
-                          type: boolean
-                        id:
-                          description: |-
-                            (String) The ID of this resource.
-                            MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
-                          type: string
-                      type: object
-                    type: array
-                  position:
-                    description: |-
-                      (Number) The position of the route (starts from 0).
-                      The position of the route (starts from 0).
-                    type: number
-                  routingRegex:
-                    description: |-
-                      (String) Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
-                      Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
-                    type: string
-                  routingType:
-                    description: |-
-                      (String) The type of route. Can be jinja2, regex Defaults to regex.
-                      The type of route. Can be jinja2, regex Defaults to `regex`.
-                    type: string
-                  slack:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      Slack-specific settings for a route.
-                    items:
-                      properties:
-                        channelId:
-                          description: |-
-                            (String) Slack channel id. Alerts will be directed to this channel in Slack.
-                            Slack channel id. Alerts will be directed to this channel in Slack.
-                          type: string
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in Slack. Defaults to `true`.
-                          type: boolean
-                      type: object
-                    type: array
-                  telegram:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      Telegram-specific settings for a route.
-                    items:
-                      properties:
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in Telegram. Defaults to `true`.
-                          type: boolean
-                        id:
-                          description: |-
-                            (String) The ID of this resource.
-                            Telegram channel id. Alerts will be directed to this channel in Telegram.
-                          type: string
-                      type: object
-                    type: array
+                required:
+                - name
                 type: object
-              initProvider:
+              publishConnectionDetailsTo:
                 description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
                 properties:
-                  escalationChainId:
+                  configRef:
+                    default:
+                      name: default
                     description: |-
-                      (String) The ID of the escalation chain.
-                      The ID of the escalation chain.
-                    type: string
-                  escalationChainRef:
-                    description: Reference to a EscalationChain in oncall to populate
-                      escalationChainId.
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -24468,55 +23228,249 @@ spec:
                     required:
                     - name
                     type: object
-                  escalationChainSelector:
-                    description: Selector for a EscalationChain in oncall to populate
-                      escalationChainId.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
+                      annotations:
+                        additionalProperties:
+                          type: string
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
                     type: object
-                  integrationId:
-                    description: |-
-                      (String) The ID of the integration.
-                      The ID of the integration.
+                  name:
+                    description: Name is the name of the connection secret.
                     type: string
-                  integrationRef:
-                    description: Reference to a Integration in oncall to populate
-                      integrationId.
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+          status:
+            description: HolidayStatus defines the observed state of Holiday.
+            properties:
+              atProvider:
+                properties:
+                  customPeriods:
+                    description: A list of custom periods for the holiday.
+                    items:
+                      properties:
+                        endTime:
+                          type: string
+                        name:
+                          description: The name of the custom period.
+                          type: string
+                        startTime:
+                          type: string
+                      type: object
+                    type: array
+                  description:
+                    description: A description of the holiday.
+                    type: string
+                  icalTimezone:
+                    description: The timezone to use for events in the iCal file pointed
+                      to by ical_url.
+                    type: string
+                  icalUrl:
+                    description: A URL to an iCal file containing all occurrences
+                      of the holiday.
+                    type: string
+                  id:
+                    type: string
+                  name:
+                    description: The name of the holiday.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: jobs.ml.grafana.crossplane.io
+spec:
+  group: ml.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: Job
+    listKind: JobList
+    plural: jobs
+    singular: job
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Job is the Schema for the Jobs API. A job defines the queries
+          and model parameters for a machine learning task. See the Grafana Cloud
+          docs https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
+          for more information on available hyperparameters for use in the hyper_params
+          field.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: JobSpec defines the desired state of Job
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  customLabels:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the custom labels added on
+                      the forecast.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  dataSourceRef:
+                    description: Reference to a DataSource in oss to populate datasourceUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -24549,9 +23503,8 @@ spec:
                     required:
                     - name
                     type: object
-                  integrationSelector:
-                    description: Selector for a Integration in oncall to populate
-                      integrationId.
+                  dataSourceSelector:
+                    description: Selector for a DataSource in oss to populate datasourceUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -24590,75 +23543,193 @@ spec:
                             type: string
                         type: object
                     type: object
-                  msteams:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      MS teams-specific settings for a route.
+                  datasourceType:
+                    description: The type of datasource being queried. Currently allowed
+                      values are prometheus, graphite, loki, postgres, and datadog.
+                    type: string
+                  datasourceUid:
+                    description: The uid of the datasource to query.
+                    type: string
+                  description:
+                    description: A description of the job.
+                    type: string
+                  holidays:
+                    description: A list of holiday IDs or names to take into account
+                      when training the model.
                     items:
-                      properties:
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in MS teams. Defaults to `true`.
-                          type: boolean
-                        id:
-                          description: |-
-                            (String) The ID of this resource.
-                            MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
-                          type: string
-                      type: object
+                      type: string
                     type: array
-                  position:
-                    description: |-
-                      (Number) The position of the route (starts from 0).
-                      The position of the route (starts from 0).
+                  hyperParams:
+                    additionalProperties:
+                      type: string
+                    description: The hyperparameters used to fine tune the algorithm.
+                      See https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
+                      for the full list of available hyperparameters. Defaults to
+                      `map[]`.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  interval:
+                    description: The data interval in seconds to train the data on.
+                      Defaults to `300`.
                     type: number
-                  routingRegex:
-                    description: |-
-                      (String) Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
-                      Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                  metric:
+                    description: The metric used to query the job results.
                     type: string
-                  routingType:
-                    description: |-
-                      (String) The type of route. Can be jinja2, regex Defaults to regex.
-                      The type of route. Can be jinja2, regex Defaults to `regex`.
+                  name:
+                    description: The name of the job.
                     type: string
-                  slack:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      Slack-specific settings for a route.
-                    items:
-                      properties:
-                        channelId:
-                          description: |-
-                            (String) Slack channel id. Alerts will be directed to this channel in Slack.
-                            Slack channel id. Alerts will be directed to this channel in Slack.
+                  queryParams:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the query params to query
+                      Grafana with.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  trainingWindow:
+                    description: The data interval in seconds to train the data on.
+                      Defaults to `7776000`.
+                    type: number
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  customLabels:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the custom labels added on
+                      the forecast.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  dataSourceRef:
+                    description: Reference to a DataSource in oss to populate datasourceUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dataSourceSelector:
+                    description: Selector for a DataSource in oss to populate datasourceUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
                           type: string
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in Slack. Defaults to `true`.
-                          type: boolean
-                      type: object
-                    type: array
-                  telegram:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      Telegram-specific settings for a route.
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  datasourceType:
+                    description: The type of datasource being queried. Currently allowed
+                      values are prometheus, graphite, loki, postgres, and datadog.
+                    type: string
+                  datasourceUid:
+                    description: The uid of the datasource to query.
+                    type: string
+                  description:
+                    description: A description of the job.
+                    type: string
+                  holidays:
+                    description: A list of holiday IDs or names to take into account
+                      when training the model.
                     items:
-                      properties:
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in Telegram. Defaults to `true`.
-                          type: boolean
-                        id:
-                          description: |-
-                            (String) The ID of this resource.
-                            Telegram channel id. Alerts will be directed to this channel in Telegram.
-                          type: string
-                      type: object
+                      type: string
                     type: array
+                  hyperParams:
+                    additionalProperties:
+                      type: string
+                    description: The hyperparameters used to fine tune the algorithm.
+                      See https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
+                      for the full list of available hyperparameters. Defaults to
+                      `map[]`.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  interval:
+                    description: The data interval in seconds to train the data on.
+                      Defaults to `300`.
+                    type: number
+                  metric:
+                    description: The metric used to query the job results.
+                    type: string
+                  name:
+                    description: The name of the job.
+                    type: string
+                  queryParams:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the query params to query
+                      Grafana with.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  trainingWindow:
+                    description: The data interval in seconds to train the data on.
+                      Defaults to `7776000`.
+                    type: number
                 type: object
               managementPolicies:
                 default:
@@ -24828,101 +23899,82 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.position is a required parameter
+            - message: spec.forProvider.datasourceType is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.position)
-                || (has(self.initProvider) && has(self.initProvider.position))'
-            - message: spec.forProvider.routingRegex is a required parameter
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.datasourceType)
+                || (has(self.initProvider) && has(self.initProvider.datasourceType))'
+            - message: spec.forProvider.metric is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.routingRegex)
-                || (has(self.initProvider) && has(self.initProvider.routingRegex))'
-          status:
-            description: RouteStatus defines the observed state of Route.
-            properties:
-              atProvider:
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.metric)
+                || (has(self.initProvider) && has(self.initProvider.metric))'
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.queryParams is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.queryParams)
+                || (has(self.initProvider) && has(self.initProvider.queryParams))'
+          status:
+            description: JobStatus defines the observed state of Job.
+            properties:
+              atProvider:
                 properties:
-                  escalationChainId:
-                    description: |-
-                      (String) The ID of the escalation chain.
-                      The ID of the escalation chain.
+                  customLabels:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the custom labels added on
+                      the forecast.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  datasourceType:
+                    description: The type of datasource being queried. Currently allowed
+                      values are prometheus, graphite, loki, postgres, and datadog.
                     type: string
-                  id:
-                    description: (String) The ID of this resource.
+                  datasourceUid:
+                    description: The uid of the datasource to query.
                     type: string
-                  integrationId:
-                    description: |-
-                      (String) The ID of the integration.
-                      The ID of the integration.
+                  description:
+                    description: A description of the job.
                     type: string
-                  msteams:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      MS teams-specific settings for a route.
+                  holidays:
+                    description: A list of holiday IDs or names to take into account
+                      when training the model.
                     items:
-                      properties:
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in MS teams. Defaults to `true`.
-                          type: boolean
-                        id:
-                          description: |-
-                            (String) The ID of this resource.
-                            MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
-                          type: string
-                      type: object
+                      type: string
                     type: array
-                  position:
-                    description: |-
-                      (Number) The position of the route (starts from 0).
-                      The position of the route (starts from 0).
+                  hyperParams:
+                    additionalProperties:
+                      type: string
+                    description: The hyperparameters used to fine tune the algorithm.
+                      See https://grafana.com/docs/grafana-cloud/alerting-and-irm/machine-learning/forecasts/models/
+                      for the full list of available hyperparameters. Defaults to
+                      `map[]`.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  id:
+                    type: string
+                  interval:
+                    description: The data interval in seconds to train the data on.
+                      Defaults to `300`.
                     type: number
-                  routingRegex:
-                    description: |-
-                      (String) Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
-                      Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                  metric:
+                    description: The metric used to query the job results.
                     type: string
-                  routingType:
-                    description: |-
-                      (String) The type of route. Can be jinja2, regex Defaults to regex.
-                      The type of route. Can be jinja2, regex Defaults to `regex`.
+                  name:
+                    description: The name of the job.
                     type: string
-                  slack:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      Slack-specific settings for a route.
-                    items:
-                      properties:
-                        channelId:
-                          description: |-
-                            (String) Slack channel id. Alerts will be directed to this channel in Slack.
-                            Slack channel id. Alerts will be directed to this channel in Slack.
-                          type: string
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in Slack. Defaults to `true`.
-                          type: boolean
-                      type: object
-                    type: array
-                  telegram:
-                    description: |-
-                      specific settings for a route. (see below for nested schema)
-                      Telegram-specific settings for a route.
-                    items:
-                      properties:
-                        enabled:
-                          description: |-
-                            (Boolean) Enable notification in MS teams. Defaults to true.
-                            Enable notification in Telegram. Defaults to `true`.
-                          type: boolean
-                        id:
-                          description: |-
-                            (String) The ID of this resource.
-                            Telegram channel id. Alerts will be directed to this channel in Telegram.
-                          type: string
-                      type: object
-                    type: array
+                  queryParams:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the query params to query
+                      Grafana with.
+                    type: object
+                    x-kubernetes-map-type: granular
+                  trainingWindow:
+                    description: The data interval in seconds to train the data on.
+                      Defaults to `7776000`.
+                    type: number
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -24991,18 +24043,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: schedules.oncall.grafana.crossplane.io
+  name: outlierdetectors.ml.grafana.crossplane.io
 spec:
-  group: oncall.grafana.crossplane.io
+  group: ml.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: Schedule
-    listKind: ScheduleList
-    plural: schedules
-    singular: schedule
+    kind: OutlierDetector
+    listKind: OutlierDetectorList
+    plural: outlierdetectors
+    singular: outlierdetector
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -25021,7 +24073,11 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Schedule is the Schema for the Schedules API. HTTP API https://grafana.com/docs/oncall/latest/oncall-api-reference/schedules/
+        description: OutlierDetector is the Schema for the OutlierDetectors API. An
+          outlier detector monitors the results of a query and reports when its values
+          are outside normal bands. The normal band is configured by choice of algorithm,
+          its sensitivity and other configuration. Visit https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
+          for more details.
         properties:
           apiVersion:
             description: |-
@@ -25041,7 +24097,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: ScheduleSpec defines the desired state of Schedule
+            description: OutlierDetectorSpec defines the desired state of OutlierDetector
             properties:
               deletionPolicy:
                 default: Delete
@@ -25059,88 +24115,40 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  enableWebOverrides:
-                    description: |-
-                      (Boolean) Enable overrides via web UI (it will ignore ical_url_overrides).
-                      Enable overrides via web UI (it will ignore ical_url_overrides).
-                    type: boolean
-                  icalUrlOverrides:
-                    description: |-
-                      (String) The URL of external iCal calendar which override primary events.
-                      The URL of external iCal calendar which override primary events.
-                    type: string
-                  icalUrlPrimary:
-                    description: |-
-                      (String) The URL of the external calendar iCal file.
-                      The URL of the external calendar iCal file.
-                    type: string
-                  name:
-                    description: |-
-                      (String) The schedule's name.
-                      The schedule's name.
-                    type: string
-                  shifts:
-                    description: |-
-                      call shifts.
-                      The list of ID's of on-call shifts.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  shiftsRef:
-                    description: References to OnCallShift in oncall to populate shifts.
+                  algorithm:
+                    description: The algorithm to use and its configuration. See https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
+                      for details.
                     items:
-                      description: A Reference to a named object.
                       properties:
+                        config:
+                          description: For DBSCAN only, specify the configuration
+                            map
+                          items:
+                            properties:
+                              epsilon:
+                                description: Specify the epsilon parameter (positive
+                                  float)
+                                type: number
+                            type: object
+                          type: array
                         name:
-                          description: Name of the referenced object.
+                          description: The name of the algorithm to use ('mad' or
+                            'dbscan').
                           type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
+                        sensitivity:
+                          description: Specify the sensitivity of the detector (in
+                            range [0,1]).
+                          type: number
                       type: object
                     type: array
-                  shiftsSelector:
-                    description: Selector for a list of OnCallShift in oncall to populate
-                      shifts.
+                  dataSourceRef:
+                    description: Reference to a DataSource in oss to populate datasourceUid.
                     properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
+                      name:
+                        description: Name of the referenced object.
+                        type: string
                       policy:
-                        description: Policies for selection.
+                        description: Policies for referencing.
                         properties:
                           resolution:
                             default: Required
@@ -25164,40 +24172,76 @@ spec:
                             - IfNotPresent
                             type: string
                         type: object
-                    type: object
-                  slack:
-                    description: |-
-                      specific settings for a schedule. (see below for nested schema)
-                      The Slack-specific settings for a schedule.
-                    items:
-                      properties:
-                        channelId:
-                          description: |-
-                            (String) Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
-                            Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
-                          type: string
-                        userGroupId:
-                          description: |-
-                            call users change.
-                            Slack user group id. Members of user group will be updated when on-call users change.
+                    required:
+                    - name
+                    type: object
+                  dataSourceSelector:
+                    description: Selector for a DataSource in oss to populate datasourceUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
                           type: string
-                      type: object
-                    type: array
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  datasourceType:
+                    description: The type of datasource being queried. Currently allowed
+                      values are prometheus, graphite, loki, postgres, and datadog.
                     type: string
-                  timeZone:
-                    description: |-
-                      (String) The schedule's time zone.
-                      The schedule's time zone.
+                  datasourceUid:
+                    description: The uid of the datasource to query.
                     type: string
-                  type:
-                    description: |-
-                      (String) The schedule's type. Valid values are ical, calendar.
-                      The schedule's type. Valid values are `ical`, `calendar`.
+                  description:
+                    description: A description of the outlier detector.
+                    type: string
+                  interval:
+                    description: The data interval in seconds to monitor. Defaults
+                      to `300`.
+                    type: number
+                  metric:
+                    description: The metric used to query the outlier detector results.
+                    type: string
+                  name:
+                    description: The name of the outlier detector.
                     type: string
+                  queryParams:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the query params to query
+                      Grafana with.
+                    type: object
+                    x-kubernetes-map-type: granular
                 type: object
               initProvider:
                 description: |-
@@ -25212,74 +24256,68 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  enableWebOverrides:
-                    description: |-
-                      (Boolean) Enable overrides via web UI (it will ignore ical_url_overrides).
-                      Enable overrides via web UI (it will ignore ical_url_overrides).
-                    type: boolean
-                  icalUrlOverrides:
-                    description: |-
-                      (String) The URL of external iCal calendar which override primary events.
-                      The URL of external iCal calendar which override primary events.
-                    type: string
-                  icalUrlPrimary:
-                    description: |-
-                      (String) The URL of the external calendar iCal file.
-                      The URL of the external calendar iCal file.
-                    type: string
-                  name:
-                    description: |-
-                      (String) The schedule's name.
-                      The schedule's name.
-                    type: string
-                  shifts:
-                    description: |-
-                      call shifts.
-                      The list of ID's of on-call shifts.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  shiftsRef:
-                    description: References to OnCallShift in oncall to populate shifts.
+                  algorithm:
+                    description: The algorithm to use and its configuration. See https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
+                      for details.
                     items:
-                      description: A Reference to a named object.
                       properties:
+                        config:
+                          description: For DBSCAN only, specify the configuration
+                            map
+                          items:
+                            properties:
+                              epsilon:
+                                description: Specify the epsilon parameter (positive
+                                  float)
+                                type: number
+                            type: object
+                          type: array
                         name:
-                          description: Name of the referenced object.
+                          description: The name of the algorithm to use ('mad' or
+                            'dbscan').
                           type: string
-                        policy:
-                          description: Policies for referencing.
-                          properties:
-                            resolution:
-                              default: Required
-                              description: |-
-                                Resolution specifies whether resolution of this reference is required.
-                                The default is 'Required', which means the reconcile will fail if the
-                                reference cannot be resolved. 'Optional' means this reference will be
-                                a no-op if it cannot be resolved.
-                              enum:
-                              - Required
-                              - Optional
-                              type: string
-                            resolve:
-                              description: |-
-                                Resolve specifies when this reference should be resolved. The default
-                                is 'IfNotPresent', which will attempt to resolve the reference only when
-                                the corresponding field is not present. Use 'Always' to resolve the
-                                reference on every reconcile.
-                              enum:
-                              - Always
-                              - IfNotPresent
-                              type: string
-                          type: object
-                      required:
-                      - name
+                        sensitivity:
+                          description: Specify the sensitivity of the detector (in
+                            range [0,1]).
+                          type: number
                       type: object
                     type: array
-                  shiftsSelector:
-                    description: Selector for a list of OnCallShift in oncall to populate
-                      shifts.
+                  dataSourceRef:
+                    description: Reference to a DataSource in oss to populate datasourceUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dataSourceSelector:
+                    description: Selector for a DataSource in oss to populate datasourceUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -25318,45 +24356,39 @@ spec:
                             type: string
                         type: object
                     type: object
-                  slack:
-                    description: |-
-                      specific settings for a schedule. (see below for nested schema)
-                      The Slack-specific settings for a schedule.
-                    items:
-                      properties:
-                        channelId:
-                          description: |-
-                            (String) Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
-                            Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
-                          type: string
-                        userGroupId:
-                          description: |-
-                            call users change.
-                            Slack user group id. Members of user group will be updated when on-call users change.
-                          type: string
-                      type: object
-                    type: array
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                  datasourceType:
+                    description: The type of datasource being queried. Currently allowed
+                      values are prometheus, graphite, loki, postgres, and datadog.
                     type: string
-                  timeZone:
-                    description: |-
-                      (String) The schedule's time zone.
-                      The schedule's time zone.
+                  datasourceUid:
+                    description: The uid of the datasource to query.
                     type: string
-                  type:
-                    description: |-
-                      (String) The schedule's type. Valid values are ical, calendar.
-                      The schedule's type. Valid values are `ical`, `calendar`.
+                  description:
+                    description: A description of the outlier detector.
                     type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  interval:
+                    description: The data interval in seconds to monitor. Defaults
+                      to `300`.
+                    type: number
+                  metric:
+                    description: The metric used to query the outlier detector results.
+                    type: string
+                  name:
+                    description: The name of the outlier detector.
+                    type: string
+                  queryParams:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the query params to query
+                      Grafana with.
+                    type: object
+                    x-kubernetes-map-type: granular
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
                   through a Crossplane feature flag.
                   ManagementPolicies specify the array of actions Crossplane is allowed to
                   take on the managed and external resources.
@@ -25520,83 +24552,86 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
+            - message: spec.forProvider.algorithm is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.algorithm)
+                || (has(self.initProvider) && has(self.initProvider.algorithm))'
+            - message: spec.forProvider.datasourceType is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.datasourceType)
+                || (has(self.initProvider) && has(self.initProvider.datasourceType))'
+            - message: spec.forProvider.metric is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.metric)
+                || (has(self.initProvider) && has(self.initProvider.metric))'
             - message: spec.forProvider.name is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
                 || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.type is a required parameter
+            - message: spec.forProvider.queryParams is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
-                || (has(self.initProvider) && has(self.initProvider.type))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.queryParams)
+                || (has(self.initProvider) && has(self.initProvider.queryParams))'
           status:
-            description: ScheduleStatus defines the observed state of Schedule.
+            description: OutlierDetectorStatus defines the observed state of OutlierDetector.
             properties:
               atProvider:
                 properties:
-                  enableWebOverrides:
-                    description: |-
-                      (Boolean) Enable overrides via web UI (it will ignore ical_url_overrides).
-                      Enable overrides via web UI (it will ignore ical_url_overrides).
-                    type: boolean
-                  icalUrlOverrides:
-                    description: |-
-                      (String) The URL of external iCal calendar which override primary events.
-                      The URL of external iCal calendar which override primary events.
-                    type: string
-                  icalUrlPrimary:
-                    description: |-
-                      (String) The URL of the external calendar iCal file.
-                      The URL of the external calendar iCal file.
-                    type: string
-                  id:
-                    description: (String) The ID of this resource.
-                    type: string
-                  name:
-                    description: |-
-                      (String) The schedule's name.
-                      The schedule's name.
-                    type: string
-                  shifts:
-                    description: |-
-                      call shifts.
-                      The list of ID's of on-call shifts.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  slack:
-                    description: |-
-                      specific settings for a schedule. (see below for nested schema)
-                      The Slack-specific settings for a schedule.
+                  algorithm:
+                    description: The algorithm to use and its configuration. See https://grafana.com/docs/grafana-cloud/machine-learning/outlier-detection/
+                      for details.
                     items:
                       properties:
-                        channelId:
-                          description: |-
-                            (String) Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
-                            Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
-                          type: string
-                        userGroupId:
-                          description: |-
-                            call users change.
-                            Slack user group id. Members of user group will be updated when on-call users change.
+                        config:
+                          description: For DBSCAN only, specify the configuration
+                            map
+                          items:
+                            properties:
+                              epsilon:
+                                description: Specify the epsilon parameter (positive
+                                  float)
+                                type: number
+                            type: object
+                          type: array
+                        name:
+                          description: The name of the algorithm to use ('mad' or
+                            'dbscan').
                           type: string
+                        sensitivity:
+                          description: Specify the sensitivity of the detector (in
+                            range [0,1]).
+                          type: number
                       type: object
                     type: array
-                  teamId:
-                    description: |-
-                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
-                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                  datasourceType:
+                    description: The type of datasource being queried. Currently allowed
+                      values are prometheus, graphite, loki, postgres, and datadog.
                     type: string
-                  timeZone:
-                    description: |-
-                      (String) The schedule's time zone.
-                      The schedule's time zone.
+                  datasourceUid:
+                    description: The uid of the datasource to query.
                     type: string
-                  type:
-                    description: |-
-                      (String) The schedule's type. Valid values are ical, calendar.
-                      The schedule's type. Valid values are `ical`, `calendar`.
+                  description:
+                    description: A description of the outlier detector.
+                    type: string
+                  id:
+                    type: string
+                  interval:
+                    description: The data interval in seconds to monitor. Defaults
+                      to `300`.
+                    type: number
+                  metric:
+                    description: The metric used to query the outlier detector results.
                     type: string
+                  name:
+                    description: The name of the outlier detector.
+                    type: string
+                  queryParams:
+                    additionalProperties:
+                      type: string
+                    description: An object representing the query params to query
+                      Grafana with.
+                    type: object
+                    x-kubernetes-map-type: granular
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -25665,7 +24700,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: usernotificationrules.oncall.grafana.crossplane.io
+  name: escalationchains.oncall.grafana.crossplane.io
 spec:
   group: oncall.grafana.crossplane.io
   names:
@@ -25673,10 +24708,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: UserNotificationRule
-    listKind: UserNotificationRuleList
-    plural: usernotificationrules
-    singular: usernotificationrule
+    kind: EscalationChain
+    listKind: EscalationChainList
+    plural: escalationchains
+    singular: escalationchain
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -25695,9 +24730,8 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'UserNotificationRule is the Schema for the UserNotificationRules
-          API. HTTP API https://grafana.com/docs/oncall/latest/oncall-api-reference/personal_notification_rules/
-          Note: you must be running Grafana OnCall >= v1.8.0 to use this resource.'
+        description: EscalationChain is the Schema for the EscalationChains API. HTTP
+          API https://grafana.com/docs/oncall/latest/oncall-api-reference/escalation_chains/
         properties:
           apiVersion:
             description: |-
@@ -25717,7 +24751,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: UserNotificationRuleSpec defines the desired state of UserNotificationRule
+            description: EscalationChainSpec defines the desired state of EscalationChain
             properties:
               deletionPolicy:
                 default: Delete
@@ -25735,30 +24769,15 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  duration:
-                    description: |-
-                      (Number) A time in seconds to wait (when type=wait). Can be 60, 300, 900, 1800, 3600
-                      A time in seconds to wait (when `type=wait`). Can be 60, 300, 900, 1800, 3600
-                    type: number
-                  important:
-                    description: |-
-                      (Boolean) Boolean value which indicates if a rule is “important”
-                      Boolean value which indicates if a rule is “important”
-                    type: boolean
-                  position:
-                    description: |-
-                      (Number) Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
-                      Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
-                    type: number
-                  type:
+                  name:
                     description: |-
-                      (String) The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: notify_by_msteams is only available for Grafana Cloud customers.
-                      The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: `notify_by_msteams` is only available for Grafana Cloud customers.
+                      (String) The name of the escalation chain.
+                      The name of the escalation chain.
                     type: string
-                  userId:
+                  teamId:
                     description: |-
-                      (String) User ID
-                      User ID
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
                     type: string
                 type: object
               initProvider:
@@ -25774,30 +24793,15 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  duration:
-                    description: |-
-                      (Number) A time in seconds to wait (when type=wait). Can be 60, 300, 900, 1800, 3600
-                      A time in seconds to wait (when `type=wait`). Can be 60, 300, 900, 1800, 3600
-                    type: number
-                  important:
-                    description: |-
-                      (Boolean) Boolean value which indicates if a rule is “important”
-                      Boolean value which indicates if a rule is “important”
-                    type: boolean
-                  position:
-                    description: |-
-                      (Number) Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
-                      Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
-                    type: number
-                  type:
+                  name:
                     description: |-
-                      (String) The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: notify_by_msteams is only available for Grafana Cloud customers.
-                      The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: `notify_by_msteams` is only available for Grafana Cloud customers.
+                      (String) The name of the escalation chain.
+                      The name of the escalation chain.
                     type: string
-                  userId:
+                  teamId:
                     description: |-
-                      (String) User ID
-                      User ID
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
                     type: string
                 type: object
               managementPolicies:
@@ -25968,48 +24972,28 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.type is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
-                || (has(self.initProvider) && has(self.initProvider.type))'
-            - message: spec.forProvider.userId is a required parameter
+            - message: spec.forProvider.name is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.userId)
-                || (has(self.initProvider) && has(self.initProvider.userId))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
           status:
-            description: UserNotificationRuleStatus defines the observed state of
-              UserNotificationRule.
+            description: EscalationChainStatus defines the observed state of EscalationChain.
             properties:
               atProvider:
                 properties:
-                  duration:
-                    description: |-
-                      (Number) A time in seconds to wait (when type=wait). Can be 60, 300, 900, 1800, 3600
-                      A time in seconds to wait (when `type=wait`). Can be 60, 300, 900, 1800, 3600
-                    type: number
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  important:
-                    description: |-
-                      (Boolean) Boolean value which indicates if a rule is “important”
-                      Boolean value which indicates if a rule is “important”
-                    type: boolean
-                  position:
-                    description: |-
-                      (Number) Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
-                      Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
-                    type: number
-                  type:
+                  name:
                     description: |-
-                      (String) The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: notify_by_msteams is only available for Grafana Cloud customers.
-                      The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: `notify_by_msteams` is only available for Grafana Cloud customers.
+                      (String) The name of the escalation chain.
+                      The name of the escalation chain.
                     type: string
-                  userId:
+                  teamId:
                     description: |-
-                      (String) User ID
-                      User ID
-                    type: string
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -26078,18 +25062,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: annotations.oss.grafana.crossplane.io
+  name: escalations.oncall.grafana.crossplane.io
 spec:
-  group: oss.grafana.crossplane.io
+  group: oncall.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: Annotation
-    listKind: AnnotationList
-    plural: annotations
-    singular: annotation
+    kind: Escalation
+    listKind: EscalationList
+    plural: escalations
+    singular: escalation
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -26108,9 +25092,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Annotation is the Schema for the Annotations API. Official documentation
-          https://grafana.com/docs/grafana/latest/dashboards/build-dashboards/annotate-visualizations/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/annotations/
+        description: Escalation is the Schema for the Escalations API. Official documentation
+          https://grafana.com/docs/oncall/latest/configure/escalation-chains-and-routes/HTTP
+          API https://grafana.com/docs/oncall/latest/oncall-api-reference/escalation_policies/
         properties:
           apiVersion:
             description: |-
@@ -26130,7 +25114,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: AnnotationSpec defines the desired state of Annotation
+            description: EscalationSpec defines the desired state of Escalation
             properties:
               deletionPolicy:
                 default: Delete
@@ -26148,8 +25132,14 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  dashboardRef:
-                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                  actionToTrigger:
+                    description: |-
+                      (String) The ID of an Action for trigger_webhook type step.
+                      The ID of an Action for trigger_webhook type step.
+                    type: string
+                  actionToTriggerRef:
+                    description: Reference to a OutgoingWebhook in oncall to populate
+                      actionToTrigger.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -26182,8 +25172,9 @@ spec:
                     required:
                     - name
                     type: object
-                  dashboardSelector:
-                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                  actionToTriggerSelector:
+                    description: Selector for a OutgoingWebhook in oncall to populate
+                      actionToTrigger.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -26222,18 +25213,119 @@ spec:
                             type: string
                         type: object
                     type: object
-                  dashboardUid:
+                  duration:
                     description: |-
-                      (String) The UID of the dashboard on which to create the annotation.
-                      The UID of the dashboard on which to create the annotation.
+                      86400) seconds
+                      The duration of delay for wait type step. (60-86400) seconds
+                    type: number
+                  escalationChainId:
+                    description: |-
+                      (String) The ID of the escalation chain.
+                      The ID of the escalation chain.
                     type: string
-                  orgId:
+                  escalationChainRef:
+                    description: Reference to a EscalationChain in oncall to populate
+                      escalationChainId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  escalationChainSelector:
+                    description: Selector for a EscalationChain in oncall to populate
+                      escalationChainId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  groupToNotify:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The ID of a User Group for notify_user_group type step.
+                      The ID of a User Group for notify_user_group type step.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                  important:
+                    description: |-
+                      (Boolean) Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
+                      Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
+                    type: boolean
+                  notifyIfTimeFrom:
+                    description: |-
+                      (String) The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
+                      The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
+                    type: string
+                  notifyIfTimeTo:
+                    description: |-
+                      (String) The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
+                      The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
+                    type: string
+                  notifyOnCallFromSchedule:
+                    description: |-
+                      (String) ID of a Schedule for notify_on_call_from_schedule type step.
+                      ID of a Schedule for notify_on_call_from_schedule type step.
+                    type: string
+                  notifyOnCallFromScheduleRef:
+                    description: Reference to a Schedule in oncall to populate notifyOnCallFromSchedule.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -26266,8 +25358,8 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  notifyOnCallFromScheduleSelector:
+                    description: Selector for a Schedule in oncall to populate notifyOnCallFromSchedule.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -26306,33 +25398,41 @@ spec:
                             type: string
                         type: object
                     type: object
-                  panelId:
+                  notifyToTeamMembers:
                     description: |-
-                      (Number) The ID of the dashboard panel on which to create the annotation.
-                      The ID of the dashboard panel on which to create the annotation.
-                    type: number
-                  tags:
+                      (String) The ID of a Team for a notify_team_members type step.
+                      The ID of a Team for a notify_team_members type step.
+                    type: string
+                  personsToNotify:
                     description: |-
-                      (Set of String) The tags to associate with the annotation.
-                      The tags to associate with the annotation.
+                      (Set of String) The list of ID's of users for notify_persons type step.
+                      The list of ID's of users for notify_persons type step.
                     items:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                  text:
+                  personsToNotifyNextEachTime:
                     description: |-
-                      (String) The text to associate with the annotation.
-                      The text to associate with the annotation.
-                    type: string
-                  time:
+                      (Set of String) The list of ID's of users for notify_person_next_each_time type step.
+                      The list of ID's of users for notify_person_next_each_time type step.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  position:
                     description: |-
-                      formatted time string indicating the annotation's time.
-                      The RFC 3339-formatted time string indicating the annotation's time.
+                      (Number) The position of the escalation step (starts from 0).
+                      The position of the escalation step (starts from 0).
+                    type: number
+                  severity:
+                    description: |-
+                      (String) The severity of the incident for declare_incident type step.
+                      The severity of the incident for declare_incident type step.
                     type: string
-                  timeEnd:
+                  type:
                     description: |-
-                      formatted time string indicating the annotation's end time.
-                      The RFC 3339-formatted time string indicating the annotation's end time.
+                      (String) The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
+                      The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
                     type: string
                 type: object
               initProvider:
@@ -26348,8 +25448,14 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  dashboardRef:
-                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                  actionToTrigger:
+                    description: |-
+                      (String) The ID of an Action for trigger_webhook type step.
+                      The ID of an Action for trigger_webhook type step.
+                    type: string
+                  actionToTriggerRef:
+                    description: Reference to a OutgoingWebhook in oncall to populate
+                      actionToTrigger.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -26382,8 +25488,9 @@ spec:
                     required:
                     - name
                     type: object
-                  dashboardSelector:
-                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                  actionToTriggerSelector:
+                    description: Selector for a OutgoingWebhook in oncall to populate
+                      actionToTrigger.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -26422,18 +25529,19 @@ spec:
                             type: string
                         type: object
                     type: object
-                  dashboardUid:
+                  duration:
                     description: |-
-                      (String) The UID of the dashboard on which to create the annotation.
-                      The UID of the dashboard on which to create the annotation.
-                    type: string
-                  orgId:
+                      86400) seconds
+                      The duration of delay for wait type step. (60-86400) seconds
+                    type: number
+                  escalationChainId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The ID of the escalation chain.
+                      The ID of the escalation chain.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                  escalationChainRef:
+                    description: Reference to a EscalationChain in oncall to populate
+                      escalationChainId.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -26466,8 +25574,9 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  escalationChainSelector:
+                    description: Selector for a EscalationChain in oncall to populate
+                      escalationChainId.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -26506,33 +25615,140 @@ spec:
                             type: string
                         type: object
                     type: object
-                  panelId:
+                  groupToNotify:
                     description: |-
-                      (Number) The ID of the dashboard panel on which to create the annotation.
-                      The ID of the dashboard panel on which to create the annotation.
-                    type: number
-                  tags:
+                      (String) The ID of a User Group for notify_user_group type step.
+                      The ID of a User Group for notify_user_group type step.
+                    type: string
+                  important:
                     description: |-
-                      (Set of String) The tags to associate with the annotation.
-                      The tags to associate with the annotation.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  text:
+                      (Boolean) Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
+                      Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
+                    type: boolean
+                  notifyIfTimeFrom:
                     description: |-
-                      (String) The text to associate with the annotation.
-                      The text to associate with the annotation.
+                      (String) The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
+                      The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
                     type: string
-                  time:
+                  notifyIfTimeTo:
                     description: |-
-                      formatted time string indicating the annotation's time.
-                      The RFC 3339-formatted time string indicating the annotation's time.
+                      (String) The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
+                      The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
                     type: string
-                  timeEnd:
+                  notifyOnCallFromSchedule:
                     description: |-
-                      formatted time string indicating the annotation's end time.
-                      The RFC 3339-formatted time string indicating the annotation's end time.
+                      (String) ID of a Schedule for notify_on_call_from_schedule type step.
+                      ID of a Schedule for notify_on_call_from_schedule type step.
+                    type: string
+                  notifyOnCallFromScheduleRef:
+                    description: Reference to a Schedule in oncall to populate notifyOnCallFromSchedule.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  notifyOnCallFromScheduleSelector:
+                    description: Selector for a Schedule in oncall to populate notifyOnCallFromSchedule.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  notifyToTeamMembers:
+                    description: |-
+                      (String) The ID of a Team for a notify_team_members type step.
+                      The ID of a Team for a notify_team_members type step.
+                    type: string
+                  personsToNotify:
+                    description: |-
+                      (Set of String) The list of ID's of users for notify_persons type step.
+                      The list of ID's of users for notify_persons type step.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  personsToNotifyNextEachTime:
+                    description: |-
+                      (Set of String) The list of ID's of users for notify_person_next_each_time type step.
+                      The list of ID's of users for notify_person_next_each_time type step.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  position:
+                    description: |-
+                      (Number) The position of the escalation step (starts from 0).
+                      The position of the escalation step (starts from 0).
+                    type: number
+                  severity:
+                    description: |-
+                      (String) The severity of the incident for declare_incident type step.
+                      The severity of the incident for declare_incident type step.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
+                      The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
                     type: string
                 type: object
               managementPolicies:
@@ -26703,55 +25919,97 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.text is a required parameter
+            - message: spec.forProvider.position is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.text)
-                || (has(self.initProvider) && has(self.initProvider.text))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.position)
+                || (has(self.initProvider) && has(self.initProvider.position))'
+            - message: spec.forProvider.type is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
+                || (has(self.initProvider) && has(self.initProvider.type))'
           status:
-            description: AnnotationStatus defines the observed state of Annotation.
+            description: EscalationStatus defines the observed state of Escalation.
             properties:
               atProvider:
                 properties:
-                  dashboardUid:
+                  actionToTrigger:
                     description: |-
-                      (String) The UID of the dashboard on which to create the annotation.
-                      The UID of the dashboard on which to create the annotation.
+                      (String) The ID of an Action for trigger_webhook type step.
+                      The ID of an Action for trigger_webhook type step.
+                    type: string
+                  duration:
+                    description: |-
+                      86400) seconds
+                      The duration of delay for wait type step. (60-86400) seconds
+                    type: number
+                  escalationChainId:
+                    description: |-
+                      (String) The ID of the escalation chain.
+                      The ID of the escalation chain.
+                    type: string
+                  groupToNotify:
+                    description: |-
+                      (String) The ID of a User Group for notify_user_group type step.
+                      The ID of a User Group for notify_user_group type step.
                     type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  orgId:
+                  important:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (Boolean) Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
+                      Will activate "important" personal notification rules. Actual for steps: notify_persons, notify_on_call_from_schedule and notify_user_group,notify_team_members
+                    type: boolean
+                  notifyIfTimeFrom:
+                    description: |-
+                      (String) The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
+                      The beginning of the time interval for notify_if_time_from_to type step in UTC (for example 08:00:00Z).
                     type: string
-                  panelId:
+                  notifyIfTimeTo:
                     description: |-
-                      (Number) The ID of the dashboard panel on which to create the annotation.
-                      The ID of the dashboard panel on which to create the annotation.
-                    type: number
-                  tags:
+                      (String) The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
+                      The end of the time interval for notify_if_time_from_to type step in UTC (for example 18:00:00Z).
+                    type: string
+                  notifyOnCallFromSchedule:
                     description: |-
-                      (Set of String) The tags to associate with the annotation.
-                      The tags to associate with the annotation.
+                      (String) ID of a Schedule for notify_on_call_from_schedule type step.
+                      ID of a Schedule for notify_on_call_from_schedule type step.
+                    type: string
+                  notifyToTeamMembers:
+                    description: |-
+                      (String) The ID of a Team for a notify_team_members type step.
+                      The ID of a Team for a notify_team_members type step.
+                    type: string
+                  personsToNotify:
+                    description: |-
+                      (Set of String) The list of ID's of users for notify_persons type step.
+                      The list of ID's of users for notify_persons type step.
                     items:
                       type: string
                     type: array
                     x-kubernetes-list-type: set
-                  text:
+                  personsToNotifyNextEachTime:
                     description: |-
-                      (String) The text to associate with the annotation.
-                      The text to associate with the annotation.
-                    type: string
-                  time:
+                      (Set of String) The list of ID's of users for notify_person_next_each_time type step.
+                      The list of ID's of users for notify_person_next_each_time type step.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  position:
                     description: |-
-                      formatted time string indicating the annotation's time.
-                      The RFC 3339-formatted time string indicating the annotation's time.
+                      (Number) The position of the escalation step (starts from 0).
+                      The position of the escalation step (starts from 0).
+                    type: number
+                  severity:
+                    description: |-
+                      (String) The severity of the incident for declare_incident type step.
+                      The severity of the incident for declare_incident type step.
                     type: string
-                  timeEnd:
+                  type:
                     description: |-
-                      formatted time string indicating the annotation's end time.
-                      The RFC 3339-formatted time string indicating the annotation's end time.
+                      (String) The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
+                      The type of escalation policy. Can be wait, notify_persons, notify_person_next_each_time, notify_on_call_from_schedule, trigger_webhook, notify_user_group, resolve, notify_whole_channel, notify_if_time_from_to, repeat_escalation, notify_team_members, declare_incident
                     type: string
                 type: object
               conditions:
@@ -26821,18 +26079,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: dashboardpermissions.oss.grafana.crossplane.io
+  name: integrations.oncall.grafana.crossplane.io
 spec:
-  group: oss.grafana.crossplane.io
+  group: oncall.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: DashboardPermission
-    listKind: DashboardPermissionList
-    plural: dashboardpermissions
-    singular: dashboardpermission
+    kind: Integration
+    listKind: IntegrationList
+    plural: integrations
+    singular: integration
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -26851,11 +26109,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: DashboardPermission is the Schema for the DashboardPermissions
-          API. Manages the entire set of permissions for a dashboard. Permissions
-          that aren't specified when applying this resource will be removed. Official
-          documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/dashboard_permissions/
+        description: Integration is the Schema for the Integrations API. Official
+          documentation https://grafana.com/docs/oncall/latest/configure/integrations/HTTP
+          API https://grafana.com/docs/oncall/latest/oncall-api-reference/
         properties:
           apiVersion:
             description: |-
@@ -26875,7 +26131,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: DashboardPermissionSpec defines the desired state of DashboardPermission
+            description: IntegrationSpec defines the desired state of Integration
             properties:
               deletionPolicy:
                 default: Delete
@@ -26893,187 +26149,20 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  dashboardRef:
-                    description: Reference to a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  dashboardSelector:
-                    description: Selector for a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  dashboardUid:
-                    description: |-
-                      (String) UID of the dashboard to apply permissions to.
-                      UID of the dashboard to apply permissions to.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  permissions:
+                  defaultRoute:
                     description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
+                      (Block List, Min: 1, Max: 1) The Default route for all alerts from the given integration (see below for nested schema)
+                      The Default route for all alerts from the given integration
                     items:
                       properties:
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
-                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
-                          type: string
-                        role:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        teamId:
+                        escalationChainId:
                           description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
+                            (String) The ID of the escalation chain.
+                            The ID of the escalation chain.
                           type: string
-                        teamRef:
-                          description: Reference to a Team in oss to populate teamId.
+                        escalationChainRef:
+                          description: Reference to a EscalationChain in oncall to
+                            populate escalationChainId.
                           properties:
                             name:
                               description: Name of the referenced object.
@@ -27106,8 +26195,9 @@ spec:
                           required:
                           - name
                           type: object
-                        teamSelector:
-                          description: Selector for a Team in oss to populate teamId.
+                        escalationChainSelector:
+                          description: Selector for a EscalationChain in oncall to
+                            populate escalationChainId.
                           properties:
                             matchControllerRef:
                               description: |-
@@ -27146,87 +26236,259 @@ spec:
                                   type: string
                               type: object
                           type: object
-                        userId:
+                        msteams:
                           description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                        userRef:
-                          description: Reference to a User in oss to populate userId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        userSelector:
-                          description: Selector for a User in oss to populate userId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
+                            specific settings for a route. (see below for nested schema)
+                            MS teams-specific settings for a route.
+                          items:
+                            properties:
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in MS teams. Defaults to `true`.
+                                type: boolean
+                              id:
+                                description: |-
+                                  (String) The ID of this resource.
+                                  MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
                                 type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
+                            type: object
+                          type: array
+                        slack:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Slack-specific settings for a route.
+                          items:
+                            properties:
+                              channelId:
+                                description: |-
+                                  (String) Slack channel id. Alerts will be directed to this channel in Slack.
+                                  Slack channel id. Alerts will be directed to this channel in Slack.
+                                type: string
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in Slack. Defaults to `true`.
+                                type: boolean
+                            type: object
+                          type: array
+                        telegram:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Telegram-specific settings for a route.
+                          items:
+                            properties:
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in Telegram. Defaults to `true`.
+                                type: boolean
+                              id:
+                                description: |-
+                                  (String) The ID of this resource.
+                                  Telegram channel id. Alerts will be directed to this channel in Telegram.
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    type: array
+                  name:
+                    description: |-
+                      (String) The name of the service integration.
+                      The name of the service integration.
+                    type: string
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  templates:
+                    description: |-
+                      (Block List, Max: 1) Jinja2 templates for Alert payload. An empty templates block will be ignored. (see below for nested schema)
+                      Jinja2 templates for Alert payload. An empty templates block will be ignored.
+                    items:
+                      properties:
+                        acknowledgeSignal:
+                          description: |-
+                            (String) Template for sending a signal to acknowledge the Incident.
+                            Template for sending a signal to acknowledge the Incident.
+                          type: string
+                        email:
+                          description: |-
+                            (Block List, Max: 1) Templates for Email. (see below for nested schema)
+                            Templates for Email.
+                          items:
+                            properties:
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        groupingKey:
+                          description: |-
+                            (String) Template for the key by which alerts are grouped.
+                            Template for the key by which alerts are grouped.
+                          type: string
+                        microsoftTeams:
+                          description: |-
+                            (Block List, Max: 1) Templates for Microsoft Teams. NOTE: Microsoft Teams templates are only available on Grafana Cloud. (see below for nested schema)
+                            Templates for Microsoft Teams. **NOTE**: Microsoft Teams templates are only available on Grafana Cloud.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        mobileApp:
+                          description: |-
+                            (Block List, Max: 1) Templates for Mobile app push notifications. (see below for nested schema)
+                            Templates for Mobile app push notifications.
+                          items:
+                            properties:
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        phoneCall:
+                          description: |-
+                            (Block List, Max: 1) Templates for Phone Call. (see below for nested schema)
+                            Templates for Phone Call.
+                          items:
+                            properties:
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        resolveSignal:
+                          description: |-
+                            (String) Template for sending a signal to resolve the Incident.
+                            Template for sending a signal to resolve the Incident.
+                          type: string
+                        slack:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Templates for Slack.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        sms:
+                          description: |-
+                            (Block List, Max: 1) Templates for SMS. (see below for nested schema)
+                            Templates for SMS.
+                          items:
+                            properties:
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        sourceLink:
+                          description: |-
+                            (String) Template for a source link.
+                            Template for a source link.
+                          type: string
+                        telegram:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Templates for Telegram.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        web:
+                          description: |-
+                            (Block List, Max: 1) Templates for Web. (see below for nested schema)
+                            Templates for Web.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
                       type: object
                     type: array
+                  type:
+                    description: |-
+                      (String) The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                      The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -27241,187 +26503,20 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  dashboardRef:
-                    description: Reference to a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  dashboardSelector:
-                    description: Selector for a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  dashboardUid:
-                    description: |-
-                      (String) UID of the dashboard to apply permissions to.
-                      UID of the dashboard to apply permissions to.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  permissions:
+                  defaultRoute:
                     description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
+                      (Block List, Min: 1, Max: 1) The Default route for all alerts from the given integration (see below for nested schema)
+                      The Default route for all alerts from the given integration
                     items:
                       properties:
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
-                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
-                          type: string
-                        role:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        teamId:
+                        escalationChainId:
                           description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
+                            (String) The ID of the escalation chain.
+                            The ID of the escalation chain.
                           type: string
-                        teamRef:
-                          description: Reference to a Team in oss to populate teamId.
+                        escalationChainRef:
+                          description: Reference to a EscalationChain in oncall to
+                            populate escalationChainId.
                           properties:
                             name:
                               description: Name of the referenced object.
@@ -27454,8 +26549,9 @@ spec:
                           required:
                           - name
                           type: object
-                        teamSelector:
-                          description: Selector for a Team in oss to populate teamId.
+                        escalationChainSelector:
+                          description: Selector for a EscalationChain in oncall to
+                            populate escalationChainId.
                           properties:
                             matchControllerRef:
                               description: |-
@@ -27494,541 +26590,340 @@ spec:
                                   type: string
                               type: object
                           type: object
-                        userId:
+                        msteams:
                           description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                        userRef:
-                          description: Reference to a User in oss to populate userId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        userSelector:
-                          description: Selector for a User in oss to populate userId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
+                            specific settings for a route. (see below for nested schema)
+                            MS teams-specific settings for a route.
+                          items:
+                            properties:
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in MS teams. Defaults to `true`.
+                                type: boolean
+                              id:
+                                description: |-
+                                  (String) The ID of this resource.
+                                  MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
                                 type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
+                            type: object
+                          type: array
+                        slack:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Slack-specific settings for a route.
+                          items:
+                            properties:
+                              channelId:
+                                description: |-
+                                  (String) Slack channel id. Alerts will be directed to this channel in Slack.
+                                  Slack channel id. Alerts will be directed to this channel in Slack.
+                                type: string
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in Slack. Defaults to `true`.
+                                type: boolean
+                            type: object
+                          type: array
+                        telegram:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Telegram-specific settings for a route.
+                          items:
+                            properties:
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in Telegram. Defaults to `true`.
+                                type: boolean
+                              id:
+                                description: |-
+                                  (String) The ID of this resource.
+                                  Telegram channel id. Alerts will be directed to this channel in Telegram.
+                                type: string
+                            type: object
+                          type: array
                       type: object
                     type: array
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
-                    type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
-                    description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
-                    properties:
-                      annotations:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
-                    type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
-                description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
-                properties:
                   name:
-                    description: Name of the secret.
-                    type: string
-                  namespace:
-                    description: Namespace of the secret.
-                    type: string
-                required:
-                - name
-                - namespace
-                type: object
-            required:
-            - forProvider
-            type: object
-          status:
-            description: DashboardPermissionStatus defines the observed state of DashboardPermission.
-            properties:
-              atProvider:
-                properties:
-                  dashboardUid:
                     description: |-
-                      (String) UID of the dashboard to apply permissions to.
-                      UID of the dashboard to apply permissions to.
-                    type: string
-                  id:
-                    description: (String) The ID of this resource.
+                      (String) The name of the service integration.
+                      The name of the service integration.
                     type: string
-                  orgId:
+                  teamId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
                     type: string
-                  permissions:
+                  templates:
                     description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
+                      (Block List, Max: 1) Jinja2 templates for Alert payload. An empty templates block will be ignored. (see below for nested schema)
+                      Jinja2 templates for Alert payload. An empty templates block will be ignored.
                     items:
                       properties:
-                        permission:
+                        acknowledgeSignal:
                           description: |-
-                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
-                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                            (String) Template for sending a signal to acknowledge the Incident.
+                            Template for sending a signal to acknowledge the Incident.
                           type: string
-                        role:
+                        email:
                           description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                            (Block List, Max: 1) Templates for Email. (see below for nested schema)
+                            Templates for Email.
+                          items:
+                            properties:
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        groupingKey:
+                          description: |-
+                            (String) Template for the key by which alerts are grouped.
+                            Template for the key by which alerts are grouped.
                           type: string
-                        teamId:
+                        microsoftTeams:
                           description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
+                            (Block List, Max: 1) Templates for Microsoft Teams. NOTE: Microsoft Teams templates are only available on Grafana Cloud. (see below for nested schema)
+                            Templates for Microsoft Teams. **NOTE**: Microsoft Teams templates are only available on Grafana Cloud.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        mobileApp:
+                          description: |-
+                            (Block List, Max: 1) Templates for Mobile app push notifications. (see below for nested schema)
+                            Templates for Mobile app push notifications.
+                          items:
+                            properties:
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        phoneCall:
+                          description: |-
+                            (Block List, Max: 1) Templates for Phone Call. (see below for nested schema)
+                            Templates for Phone Call.
+                          items:
+                            properties:
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        resolveSignal:
+                          description: |-
+                            (String) Template for sending a signal to resolve the Incident.
+                            Template for sending a signal to resolve the Incident.
                           type: string
-                        userId:
+                        slack:
                           description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                            specific settings for a route. (see below for nested schema)
+                            Templates for Slack.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        sms:
+                          description: |-
+                            (Block List, Max: 1) Templates for SMS. (see below for nested schema)
+                            Templates for SMS.
+                          items:
+                            properties:
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        sourceLink:
+                          description: |-
+                            (String) Template for a source link.
+                            Template for a source link.
                           type: string
+                        telegram:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Templates for Telegram.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        web:
+                          description: |-
+                            (Block List, Max: 1) Templates for Web. (see below for nested schema)
+                            Templates for Web.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
                       type: object
                     type: array
+                  type:
+                    description: |-
+                      (String) The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                      The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                    type: string
                 type: object
-              conditions:
-                description: Conditions of the resource.
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
                 items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        LastTransitionTime is the last time this condition transitioned from one
-                        status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A Message containing details about this condition's last transition from
-                        one status to another, if any.
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      type: integer
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: |-
-                        Type of this condition. At most one of each condition type may apply to
-                        a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
                 type: array
-                x-kubernetes-list-map-keys:
-                - type
-                x-kubernetes-list-type: map
-              observedGeneration:
+              providerConfigRef:
+                default:
+                  name: default
                 description: |-
-                  ObservedGeneration is the latest metadata.generation
-                  which resulted in either a ready state, or stalled due to error
-                  it can not recover from without human intervention.
-                format: int64
-                type: integer
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
-  name: dashboardpublics.oss.grafana.crossplane.io
-spec:
-  group: oss.grafana.crossplane.io
-  names:
-    categories:
-    - crossplane
-    - managed
-    - grafana
-    kind: DashboardPublic
-    listKind: DashboardPublicList
-    plural: dashboardpublics
-    singular: dashboardpublic
-  scope: Cluster
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=='Synced')].status
-      name: SYNCED
-      type: string
-    - jsonPath: .status.conditions[?(@.type=='Ready')].status
-      name: READY
-      type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: 'DashboardPublic is the Schema for the DashboardPublics API.
-          Manages Grafana public dashboards. Note: This resource is available only
-          with Grafana 10.2+. Official documentation https://grafana.com/docs/grafana/latest/dashboards/dashboard-public/HTTP
-          API https://grafana.com/docs/grafana/next/developers/http_api/dashboard_public/'
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: DashboardPublicSpec defines the desired state of DashboardPublic
-            properties:
-              deletionPolicy:
-                default: Delete
-                description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
-                type: string
-              forProvider:
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
                 properties:
-                  accessToken:
-                    description: |-
-                      (String) A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
-                      A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                  name:
+                    description: Name of the referenced object.
                     type: string
-                  annotationsEnabled:
-                    description: |-
-                      (Boolean) Set to true to show annotations. The default value is false.
-                      Set to `true` to show annotations. The default value is `false`.
-                    type: boolean
-                  dashboardRef:
-                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                  policy:
+                    description: Policies for referencing.
                     properties:
-                      name:
-                        description: Name of the referenced object.
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  dashboardSelector:
-                    description: Selector for a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      matchControllerRef:
+                      resolve:
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
                     type: object
-                  dashboardUid:
-                    description: |-
-                      (String) The unique identifier of the original dashboard.
-                      The unique identifier of the original dashboard.
-                    type: string
-                  isEnabled:
-                    description: |-
-                      (Boolean) Set to true to enable the public dashboard. The default value is false.
-                      Set to `true` to enable the public dashboard. The default value is `false`.
-                    type: boolean
-                  orgId:
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -28061,478 +26956,353 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
                     properties:
-                      matchControllerRef:
+                      annotations:
+                        additionalProperties:
+                          type: string
                         description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
                         additionalProperties:
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
                         type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
                     type: object
-                  share:
-                    description: |-
-                      (String) Set the share mode. The default value is public.
-                      Set the share mode. The default value is `public`.
-                    type: string
-                  timeSelectionEnabled:
-                    description: |-
-                      (Boolean) Set to true to enable the time picker in the public dashboard. The default value is false.
-                      Set to `true` to enable the time picker in the public dashboard. The default value is `false`.
-                    type: boolean
-                  uid:
-                    description: |-
-                      (String) The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
-                      The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                  name:
+                    description: Name is the name of the connection secret.
                     type: string
+                required:
+                - name
                 type: object
-              initProvider:
+              writeConnectionSecretToRef:
                 description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
                 properties:
-                  accessToken:
-                    description: |-
-                      (String) A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
-                      A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                  name:
+                    description: Name of the secret.
                     type: string
-                  annotationsEnabled:
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.defaultRoute is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.defaultRoute)
+                || (has(self.initProvider) && has(self.initProvider.defaultRoute))'
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.type is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
+                || (has(self.initProvider) && has(self.initProvider.type))'
+          status:
+            description: IntegrationStatus defines the observed state of Integration.
+            properties:
+              atProvider:
+                properties:
+                  defaultRoute:
                     description: |-
-                      (Boolean) Set to true to show annotations. The default value is false.
-                      Set to `true` to show annotations. The default value is `false`.
-                    type: boolean
-                  dashboardRef:
-                    description: Reference to a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  dashboardSelector:
-                    description: Selector for a Dashboard in oss to populate dashboardUid.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
+                      (Block List, Min: 1, Max: 1) The Default route for all alerts from the given integration (see below for nested schema)
+                      The Default route for all alerts from the given integration
+                    items:
+                      properties:
+                        escalationChainId:
+                          description: |-
+                            (String) The ID of the escalation chain.
+                            The ID of the escalation chain.
                           type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  dashboardUid:
-                    description: |-
-                      (String) The unique identifier of the original dashboard.
-                      The unique identifier of the original dashboard.
+                        id:
+                          description: (String) The ID of this resource.
+                          type: string
+                        msteams:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            MS teams-specific settings for a route.
+                          items:
+                            properties:
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in MS teams. Defaults to `true`.
+                                type: boolean
+                              id:
+                                description: |-
+                                  (String) The ID of this resource.
+                                  MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
+                                type: string
+                            type: object
+                          type: array
+                        slack:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Slack-specific settings for a route.
+                          items:
+                            properties:
+                              channelId:
+                                description: |-
+                                  (String) Slack channel id. Alerts will be directed to this channel in Slack.
+                                  Slack channel id. Alerts will be directed to this channel in Slack.
+                                type: string
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in Slack. Defaults to `true`.
+                                type: boolean
+                            type: object
+                          type: array
+                        telegram:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Telegram-specific settings for a route.
+                          items:
+                            properties:
+                              enabled:
+                                description: |-
+                                  (Boolean) Enable notification in MS teams. Defaults to true.
+                                  Enable notification in Telegram. Defaults to `true`.
+                                type: boolean
+                              id:
+                                description: |-
+                                  (String) The ID of this resource.
+                                  Telegram channel id. Alerts will be directed to this channel in Telegram.
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    type: array
+                  id:
+                    description: (String) The ID of this resource.
                     type: string
-                  isEnabled:
+                  link:
                     description: |-
-                      (Boolean) Set to true to enable the public dashboard. The default value is false.
-                      Set to `true` to enable the public dashboard. The default value is `false`.
-                    type: boolean
-                  orgId:
+                      (String) The link for using in an integrated tool.
+                      The link for using in an integrated tool.
+                    type: string
+                  name:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The name of the service integration.
+                      The name of the service integration.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  share:
-                    description: |-
-                      (String) Set the share mode. The default value is public.
-                      Set the share mode. The default value is `public`.
-                    type: string
-                  timeSelectionEnabled:
-                    description: |-
-                      (Boolean) Set to true to enable the time picker in the public dashboard. The default value is false.
-                      Set to `true` to enable the time picker in the public dashboard. The default value is `false`.
-                    type: boolean
-                  uid:
+                  teamId:
                     description: |-
-                      (String) The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
-                      The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
-                    type: string
-                type: object
-              managementPolicies:
-                default:
-                - '*'
-                description: |-
-                  THIS IS A BETA FIELD. It is on by default but can be opted out
-                  through a Crossplane feature flag.
-                  ManagementPolicies specify the array of actions Crossplane is allowed to
-                  take on the managed and external resources.
-                  This field is planned to replace the DeletionPolicy field in a future
-                  release. Currently, both could be set independently and non-default
-                  values would be honored if the feature flag is enabled. If both are
-                  custom, the DeletionPolicy field will be ignored.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
-                items:
-                  description: |-
-                    A ManagementAction represents an action that the Crossplane controllers
-                    can take on an external resource.
-                  enum:
-                  - Observe
-                  - Create
-                  - Update
-                  - Delete
-                  - LateInitialize
-                  - '*'
-                  type: string
-                type: array
-              providerConfigRef:
-                default:
-                  name: default
-                description: |-
-                  ProviderConfigReference specifies how the provider that will be used to
-                  create, observe, update, and delete this managed resource should be
-                  configured.
-                properties:
-                  name:
-                    description: Name of the referenced object.
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
                     type: string
-                  policy:
-                    description: Policies for referencing.
-                    properties:
-                      resolution:
-                        default: Required
-                        description: |-
-                          Resolution specifies whether resolution of this reference is required.
-                          The default is 'Required', which means the reconcile will fail if the
-                          reference cannot be resolved. 'Optional' means this reference will be
-                          a no-op if it cannot be resolved.
-                        enum:
-                        - Required
-                        - Optional
-                        type: string
-                      resolve:
-                        description: |-
-                          Resolve specifies when this reference should be resolved. The default
-                          is 'IfNotPresent', which will attempt to resolve the reference only when
-                          the corresponding field is not present. Use 'Always' to resolve the
-                          reference on every reconcile.
-                        enum:
-                        - Always
-                        - IfNotPresent
-                        type: string
-                    type: object
-                required:
-                - name
-                type: object
-              publishConnectionDetailsTo:
-                description: |-
-                  PublishConnectionDetailsTo specifies the connection secret config which
-                  contains a name, metadata and a reference to secret store config to
-                  which any connection details for this managed resource should be written.
-                  Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                properties:
-                  configRef:
-                    default:
-                      name: default
+                  templates:
                     description: |-
-                      SecretStoreConfigRef specifies which secret store config should be used
-                      for this ConnectionSecret.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  metadata:
-                    description: Metadata is the metadata for connection secret.
-                    properties:
-                      annotations:
-                        additionalProperties:
+                      (Block List, Max: 1) Jinja2 templates for Alert payload. An empty templates block will be ignored. (see below for nested schema)
+                      Jinja2 templates for Alert payload. An empty templates block will be ignored.
+                    items:
+                      properties:
+                        acknowledgeSignal:
+                          description: |-
+                            (String) Template for sending a signal to acknowledge the Incident.
+                            Template for sending a signal to acknowledge the Incident.
                           type: string
-                        description: |-
-                          Annotations are the annotations to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.annotations".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      labels:
-                        additionalProperties:
+                        email:
+                          description: |-
+                            (Block List, Max: 1) Templates for Email. (see below for nested schema)
+                            Templates for Email.
+                          items:
+                            properties:
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        groupingKey:
+                          description: |-
+                            (String) Template for the key by which alerts are grouped.
+                            Template for the key by which alerts are grouped.
                           type: string
-                        description: |-
-                          Labels are the labels/tags to be added to connection secret.
-                          - For Kubernetes secrets, this will be used as "metadata.labels".
-                          - It is up to Secret Store implementation for others store types.
-                        type: object
-                      type:
-                        description: |-
-                          Type is the SecretType for the connection secret.
-                          - Only valid for Kubernetes Secret Stores.
-                        type: string
-                    type: object
-                  name:
-                    description: Name is the name of the connection secret.
-                    type: string
-                required:
-                - name
-                type: object
-              writeConnectionSecretToRef:
-                description: |-
-                  WriteConnectionSecretToReference specifies the namespace and name of a
-                  Secret to which any connection details for this managed resource should
-                  be written. Connection details frequently include the endpoint, username,
-                  and password required to connect to the managed resource.
-                  This field is planned to be replaced in a future release in favor of
-                  PublishConnectionDetailsTo. Currently, both could be set independently
-                  and connection details would be published to both without affecting
-                  each other.
-                properties:
-                  name:
-                    description: Name of the secret.
-                    type: string
-                  namespace:
-                    description: Namespace of the secret.
-                    type: string
-                required:
-                - name
-                - namespace
-                type: object
-            required:
-            - forProvider
-            type: object
-          status:
-            description: DashboardPublicStatus defines the observed state of DashboardPublic.
-            properties:
-              atProvider:
-                properties:
-                  accessToken:
-                    description: |-
-                      (String) A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
-                      A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
-                    type: string
-                  annotationsEnabled:
-                    description: |-
-                      (Boolean) Set to true to show annotations. The default value is false.
-                      Set to `true` to show annotations. The default value is `false`.
-                    type: boolean
-                  dashboardUid:
-                    description: |-
-                      (String) The unique identifier of the original dashboard.
-                      The unique identifier of the original dashboard.
-                    type: string
-                  id:
-                    description: (String) The ID of this resource.
-                    type: string
-                  isEnabled:
-                    description: |-
-                      (Boolean) Set to true to enable the public dashboard. The default value is false.
-                      Set to `true` to enable the public dashboard. The default value is `false`.
-                    type: boolean
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  share:
-                    description: |-
-                      (String) Set the share mode. The default value is public.
-                      Set the share mode. The default value is `public`.
-                    type: string
-                  timeSelectionEnabled:
-                    description: |-
-                      (Boolean) Set to true to enable the time picker in the public dashboard. The default value is false.
-                      Set to `true` to enable the time picker in the public dashboard. The default value is `false`.
-                    type: boolean
-                  uid:
+                        microsoftTeams:
+                          description: |-
+                            (Block List, Max: 1) Templates for Microsoft Teams. NOTE: Microsoft Teams templates are only available on Grafana Cloud. (see below for nested schema)
+                            Templates for Microsoft Teams. **NOTE**: Microsoft Teams templates are only available on Grafana Cloud.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        mobileApp:
+                          description: |-
+                            (Block List, Max: 1) Templates for Mobile app push notifications. (see below for nested schema)
+                            Templates for Mobile app push notifications.
+                          items:
+                            properties:
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        phoneCall:
+                          description: |-
+                            (Block List, Max: 1) Templates for Phone Call. (see below for nested schema)
+                            Templates for Phone Call.
+                          items:
+                            properties:
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        resolveSignal:
+                          description: |-
+                            (String) Template for sending a signal to resolve the Incident.
+                            Template for sending a signal to resolve the Incident.
+                          type: string
+                        slack:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Templates for Slack.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        sms:
+                          description: |-
+                            (Block List, Max: 1) Templates for SMS. (see below for nested schema)
+                            Templates for SMS.
+                          items:
+                            properties:
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        sourceLink:
+                          description: |-
+                            (String) Template for a source link.
+                            Template for a source link.
+                          type: string
+                        telegram:
+                          description: |-
+                            specific settings for a route. (see below for nested schema)
+                            Templates for Telegram.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                        web:
+                          description: |-
+                            (Block List, Max: 1) Templates for Web. (see below for nested schema)
+                            Templates for Web.
+                          items:
+                            properties:
+                              imageUrl:
+                                description: |-
+                                  (String) Template for Alert image url.
+                                  Template for Alert image url.
+                                type: string
+                              message:
+                                description: |-
+                                  (String) Template for Alert message.
+                                  Template for Alert message.
+                                type: string
+                              title:
+                                description: |-
+                                  (String) Template for Alert title.
+                                  Template for Alert title.
+                                type: string
+                            type: object
+                          type: array
+                      type: object
+                    type: array
+                  type:
                     description: |-
-                      (String) The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
-                      The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                      (String) The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
+                      The type of integration. Can be grafana, grafana_alerting, webhook, alertmanager, kapacitor, fabric, newrelic, datadog, pagerduty, pingdom, elastalert, amazon_sns, curler, sentry, formatted_webhook, heartbeat, demo, manual, stackdriver, uptimerobot, sentry_platform, zabbix, prtg, slack_channel, inbound_email, direct_paging, jira.
                     type: string
                 type: object
               conditions:
@@ -28602,18 +27372,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: dashboards.oss.grafana.crossplane.io
+  name: oncallshifts.oncall.grafana.crossplane.io
 spec:
-  group: oss.grafana.crossplane.io
+  group: oncall.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: Dashboard
-    listKind: DashboardList
-    plural: dashboards
-    singular: dashboard
+    kind: OnCallShift
+    listKind: OnCallShiftList
+    plural: oncallshifts
+    singular: oncallshift
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -28632,9 +27402,8 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Dashboard is the Schema for the Dashboards API. Manages Grafana
-          dashboards. Official documentation https://grafana.com/docs/grafana/latest/dashboards/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/dashboard/
+        description: OnCallShift is the Schema for the OnCallShifts API. HTTP API
+          https://grafana.com/docs/oncall/latest/oncall-api-reference/on_call_shifts/
         properties:
           apiVersion:
             description: |-
@@ -28654,7 +27423,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: DashboardSpec defines the desired state of Dashboard
+            description: OnCallShiftSpec defines the desired state of OnCallShift
             properties:
               deletionPolicy:
                 default: Delete
@@ -28672,179 +27441,107 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  configJson:
-                    description: |-
-                      (String) The complete dashboard model JSON.
-                      The complete dashboard model JSON.
-                    type: string
-                  folder:
+                  byDay:
                     description: |-
-                      (String) The id or UID of the folder to save the dashboard in.
-                      The id or UID of the folder to save the dashboard in.
-                    type: string
-                  folderRef:
-                    description: Reference to a Folder in oss to populate folder.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  folderSelector:
-                    description: Selector for a Folder in oss to populate folder.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  message:
+                      (Set of String) This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                      This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  byMonth:
                     description: |-
-                      (String) Set a commit message for the version history.
-                      Set a commit message for the version history.
+                      (Set of Number) This parameter takes a list of months. Valid values are 1 to 12
+                      This parameter takes a list of months. Valid values are 1 to 12
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
+                  byMonthday:
+                    description: |-
+                      31 to -1
+                      This parameter takes a list of days of the month.  Valid values are 1 to 31 or -31 to -1
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
+                  duration:
+                    description: |-
+                      (Number) The duration of the event.
+                      The duration of the event.
+                    type: number
+                  frequency:
+                    description: |-
+                      (String) The frequency of the event. Can be hourly, daily, weekly, monthly
+                      The frequency of the event. Can be hourly, daily, weekly, monthly
                     type: string
-                  orgId:
+                  interval:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (Number) The positive integer representing at which intervals the recurrence rule repeats.
+                      The positive integer representing at which intervals the recurrence rule repeats.
+                    type: number
+                  level:
+                    description: |-
+                      (Number) The priority level. The higher the value, the higher the priority.
+                      The priority level. The higher the value, the higher the priority.
+                    type: number
+                  name:
+                    description: |-
+                      (String) The shift's name.
+                      The shift's name.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
+                  rollingUsers:
+                    description: |-
+                      call users (for rolling_users event type)
+                      The list of lists with on-call users (for rolling_users event type)
+                    items:
+                      items:
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  overwrite:
+                      type: array
+                    type: array
+                  start:
                     description: |-
-                      (Boolean) Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
-                      Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
-                    type: boolean
+                      call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                      The start time of the on-call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                    type: string
+                  startRotationFromUserIndex:
+                    description: |-
+                      call rotation starts.
+                      The index of the list of users in rolling_users, from which on-call rotation starts.
+                    type: number
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  timeZone:
+                    description: |-
+                      (String) The shift's timezone.  Overrides schedule's timezone.
+                      The shift's timezone.  Overrides schedule's timezone.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The shift's type. Can be rolling_users, recurrent_event, single_event
+                      The shift's type. Can be rolling_users, recurrent_event, single_event
+                    type: string
+                  until:
+                    description: |-
+                      call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                      The end time of recurrent on-call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                    type: string
+                  users:
+                    description: |-
+                      call users (for single_event and recurrent_event event type).
+                      The list of on-call users (for single_event and recurrent_event event type).
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  weekStart:
+                    description: |-
+                      (String) Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                      Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -28859,179 +27556,107 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  configJson:
+                  byDay:
                     description: |-
-                      (String) The complete dashboard model JSON.
-                      The complete dashboard model JSON.
-                    type: string
-                  folder:
+                      (Set of String) This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                      This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  byMonth:
                     description: |-
-                      (String) The id or UID of the folder to save the dashboard in.
-                      The id or UID of the folder to save the dashboard in.
+                      (Set of Number) This parameter takes a list of months. Valid values are 1 to 12
+                      This parameter takes a list of months. Valid values are 1 to 12
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
+                  byMonthday:
+                    description: |-
+                      31 to -1
+                      This parameter takes a list of days of the month.  Valid values are 1 to 31 or -31 to -1
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
+                  duration:
+                    description: |-
+                      (Number) The duration of the event.
+                      The duration of the event.
+                    type: number
+                  frequency:
+                    description: |-
+                      (String) The frequency of the event. Can be hourly, daily, weekly, monthly
+                      The frequency of the event. Can be hourly, daily, weekly, monthly
                     type: string
-                  folderRef:
-                    description: Reference to a Folder in oss to populate folder.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
+                  interval:
+                    description: |-
+                      (Number) The positive integer representing at which intervals the recurrence rule repeats.
+                      The positive integer representing at which intervals the recurrence rule repeats.
+                    type: number
+                  level:
+                    description: |-
+                      (Number) The priority level. The higher the value, the higher the priority.
+                      The priority level. The higher the value, the higher the priority.
+                    type: number
+                  name:
+                    description: |-
+                      (String) The shift's name.
+                      The shift's name.
+                    type: string
+                  rollingUsers:
+                    description: |-
+                      call users (for rolling_users event type)
+                      The list of lists with on-call users (for rolling_users event type)
+                    items:
+                      items:
                         type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  folderSelector:
-                    description: Selector for a Folder in oss to populate folder.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  message:
+                      type: array
+                    type: array
+                  start:
                     description: |-
-                      (String) Set a commit message for the version history.
-                      Set a commit message for the version history.
+                      call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                      The start time of the on-call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
                     type: string
-                  orgId:
+                  startRotationFromUserIndex:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      call rotation starts.
+                      The index of the list of users in rolling_users, from which on-call rotation starts.
+                    type: number
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
                     type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  overwrite:
+                  timeZone:
                     description: |-
-                      (Boolean) Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
-                      Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
-                    type: boolean
+                      (String) The shift's timezone.  Overrides schedule's timezone.
+                      The shift's timezone.  Overrides schedule's timezone.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The shift's type. Can be rolling_users, recurrent_event, single_event
+                      The shift's type. Can be rolling_users, recurrent_event, single_event
+                    type: string
+                  until:
+                    description: |-
+                      call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                      The end time of recurrent on-call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                    type: string
+                  users:
+                    description: |-
+                      call users (for single_event and recurrent_event event type).
+                      The list of on-call users (for single_event and recurrent_event event type).
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  weekStart:
+                    description: |-
+                      (String) Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                      Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -29201,63 +27826,131 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.configJson is a required parameter
+            - message: spec.forProvider.duration is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.configJson)
-                || (has(self.initProvider) && has(self.initProvider.configJson))'
-          status:
-            description: DashboardStatus defines the observed state of Dashboard.
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.duration)
+                || (has(self.initProvider) && has(self.initProvider.duration))'
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.start is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.start)
+                || (has(self.initProvider) && has(self.initProvider.start))'
+            - message: spec.forProvider.type is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
+                || (has(self.initProvider) && has(self.initProvider.type))'
+          status:
+            description: OnCallShiftStatus defines the observed state of OnCallShift.
             properties:
               atProvider:
                 properties:
-                  configJson:
+                  byDay:
                     description: |-
-                      (String) The complete dashboard model JSON.
-                      The complete dashboard model JSON.
-                    type: string
-                  dashboardId:
+                      (Set of String) This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                      This parameter takes a list of days in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  byMonth:
                     description: |-
-                      (Number) The numeric ID of the dashboard computed by Grafana.
-                      The numeric ID of the dashboard computed by Grafana.
+                      (Set of Number) This parameter takes a list of months. Valid values are 1 to 12
+                      This parameter takes a list of months. Valid values are 1 to 12
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
+                  byMonthday:
+                    description: |-
+                      31 to -1
+                      This parameter takes a list of days of the month.  Valid values are 1 to 31 or -31 to -1
+                    items:
+                      type: number
+                    type: array
+                    x-kubernetes-list-type: set
+                  duration:
+                    description: |-
+                      (Number) The duration of the event.
+                      The duration of the event.
                     type: number
-                  folder:
+                  frequency:
                     description: |-
-                      (String) The id or UID of the folder to save the dashboard in.
-                      The id or UID of the folder to save the dashboard in.
+                      (String) The frequency of the event. Can be hourly, daily, weekly, monthly
+                      The frequency of the event. Can be hourly, daily, weekly, monthly
                     type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  message:
+                  interval:
                     description: |-
-                      (String) Set a commit message for the version history.
-                      Set a commit message for the version history.
+                      (Number) The positive integer representing at which intervals the recurrence rule repeats.
+                      The positive integer representing at which intervals the recurrence rule repeats.
+                    type: number
+                  level:
+                    description: |-
+                      (Number) The priority level. The higher the value, the higher the priority.
+                      The priority level. The higher the value, the higher the priority.
+                    type: number
+                  name:
+                    description: |-
+                      (String) The shift's name.
+                      The shift's name.
                     type: string
-                  orgId:
+                  rollingUsers:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      call users (for rolling_users event type)
+                      The list of lists with on-call users (for rolling_users event type)
+                    items:
+                      items:
+                        type: string
+                      type: array
+                    type: array
+                  start:
+                    description: |-
+                      call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                      The start time of the on-call shift. This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
                     type: string
-                  overwrite:
+                  startRotationFromUserIndex:
                     description: |-
-                      (Boolean) Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
-                      Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
-                    type: boolean
-                  uid:
+                      call rotation starts.
+                      The index of the list of users in rolling_users, from which on-call rotation starts.
+                    type: number
+                  teamId:
                     description: |-
-                      (String) The unique identifier of a dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a dashboard. The uid allows having consistent URLs for accessing dashboards and when syncing dashboards between multiple Grafana installs.
-                      The unique identifier of a dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a dashboard. The uid allows having consistent URLs for accessing dashboards and when syncing dashboards between multiple Grafana installs.
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
                     type: string
-                  url:
+                  timeZone:
                     description: |-
-                      (String) The full URL of the dashboard.
-                      The full URL of the dashboard.
+                      (String) The shift's timezone.  Overrides schedule's timezone.
+                      The shift's timezone.  Overrides schedule's timezone.
                     type: string
-                  version:
+                  type:
                     description: |-
-                      (Number) Whenever you save a version of your dashboard, a copy of that version is saved so that previous versions of your dashboard are not lost.
-                      Whenever you save a version of your dashboard, a copy of that version is saved so that previous versions of your dashboard are not lost.
-                    type: number
+                      (String) The shift's type. Can be rolling_users, recurrent_event, single_event
+                      The shift's type. Can be rolling_users, recurrent_event, single_event
+                    type: string
+                  until:
+                    description: |-
+                      call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                      The end time of recurrent on-call shifts (endless if null). This parameter takes a date format as yyyy-MM-dd'T'HH:mm:ss (for example "2020-09-05T08:00:00")
+                    type: string
+                  users:
+                    description: |-
+                      call users (for single_event and recurrent_event event type).
+                      The list of on-call users (for single_event and recurrent_event event type).
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  weekStart:
+                    description: |-
+                      (String) Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                      Start day of the week in iCal format. Can be MO, TU, WE, TH, FR, SA, SU
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -29326,18 +28019,18 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: datasources.oss.grafana.crossplane.io
+  name: outgoingwebhooks.oncall.grafana.crossplane.io
 spec:
-  group: oss.grafana.crossplane.io
+  group: oncall.grafana.crossplane.io
   names:
     categories:
     - crossplane
     - managed
     - grafana
-    kind: DataSource
-    listKind: DataSourceList
-    plural: datasources
-    singular: datasource
+    kind: OutgoingWebhook
+    listKind: OutgoingWebhookList
+    plural: outgoingwebhooks
+    singular: outgoingwebhook
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -29356,10 +28049,8 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: DataSource is the Schema for the DataSources API. Official documentation
-          https://grafana.com/docs/grafana/latest/datasources/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/data_source/
-          The required arguments for this resource vary depending on the type of data
-          source selected (via the 'type' argument).
+        description: OutgoingWebhook is the Schema for the OutgoingWebhooks API. HTTP
+          API https://grafana.com/docs/oncall/latest/oncall-api-reference/outgoing_webhooks/
         properties:
           apiVersion:
             description: |-
@@ -29379,81 +28070,8645 @@ spec:
           metadata:
             type: object
           spec:
-            description: DataSourceSpec defines the desired state of DataSource
+            description: OutgoingWebhookSpec defines the desired state of OutgoingWebhook
             properties:
               deletionPolicy:
                 default: Delete
                 description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
-                type: string
-              forProvider:
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  authorizationHeaderSecretRef:
+                    description: |-
+                      (String, Sensitive) The auth data of the webhook. Used in Authorization header instead of user/password auth.
+                      The auth data of the webhook. Used in Authorization header instead of user/password auth.
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  data:
+                    description: |-
+                      (String) The data of the webhook.
+                      The data of the webhook.
+                    type: string
+                  forwardWholePayload:
+                    description: |-
+                      (Boolean) Toggle to send the entire webhook payload instead of using the values in the Data field.
+                      Toggle to send the entire webhook payload instead of using the values in the Data field.
+                    type: boolean
+                  headers:
+                    description: |-
+                      (String) Headers to add to the outgoing webhook request.
+                      Headers to add to the outgoing webhook request.
+                    type: string
+                  httpMethod:
+                    description: |-
+                      (String) The HTTP method used in the request made by the outgoing webhook. Defaults to POST.
+                      The HTTP method used in the request made by the outgoing webhook. Defaults to `POST`.
+                    type: string
+                  integrationFilter:
+                    description: |-
+                      (List of String) Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
+                      Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
+                    items:
+                      type: string
+                    type: array
+                  isWebhookEnabled:
+                    description: |-
+                      (Boolean) Controls whether the outgoing webhook will trigger or is ignored. Defaults to true.
+                      Controls whether the outgoing webhook will trigger or is ignored. Defaults to `true`.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the outgoing webhook.
+                      The name of the outgoing webhook.
+                    type: string
+                  passwordSecretRef:
+                    description: |-
+                      (String, Sensitive) The auth data of the webhook. Used for Basic authentication
+                      The auth data of the webhook. Used for Basic authentication
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  triggerTemplate:
+                    description: |-
+                      (String) A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                      A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                    type: string
+                  triggerType:
+                    description: |-
+                      (String) The type of event that will cause this outgoing webhook to execute. The types of triggers are: escalation, alert group created, acknowledge, resolve, silence, unsilence, unresolve, unacknowledge. Defaults to escalation.
+                      The type of event that will cause this outgoing webhook to execute. The types of triggers are: `escalation`, `alert group created`, `acknowledge`, `resolve`, `silence`, `unsilence`, `unresolve`, `unacknowledge`. Defaults to `escalation`.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The webhook URL.
+                      The webhook URL.
+                    type: string
+                  user:
+                    description: |-
+                      (String) Username to use when making the outgoing webhook request.
+                      Username to use when making the outgoing webhook request.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  authorizationHeaderSecretRef:
+                    description: |-
+                      (String, Sensitive) The auth data of the webhook. Used in Authorization header instead of user/password auth.
+                      The auth data of the webhook. Used in Authorization header instead of user/password auth.
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  data:
+                    description: |-
+                      (String) The data of the webhook.
+                      The data of the webhook.
+                    type: string
+                  forwardWholePayload:
+                    description: |-
+                      (Boolean) Toggle to send the entire webhook payload instead of using the values in the Data field.
+                      Toggle to send the entire webhook payload instead of using the values in the Data field.
+                    type: boolean
+                  headers:
+                    description: |-
+                      (String) Headers to add to the outgoing webhook request.
+                      Headers to add to the outgoing webhook request.
+                    type: string
+                  httpMethod:
+                    description: |-
+                      (String) The HTTP method used in the request made by the outgoing webhook. Defaults to POST.
+                      The HTTP method used in the request made by the outgoing webhook. Defaults to `POST`.
+                    type: string
+                  integrationFilter:
+                    description: |-
+                      (List of String) Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
+                      Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
+                    items:
+                      type: string
+                    type: array
+                  isWebhookEnabled:
+                    description: |-
+                      (Boolean) Controls whether the outgoing webhook will trigger or is ignored. Defaults to true.
+                      Controls whether the outgoing webhook will trigger or is ignored. Defaults to `true`.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the outgoing webhook.
+                      The name of the outgoing webhook.
+                    type: string
+                  passwordSecretRef:
+                    description: |-
+                      (String, Sensitive) The auth data of the webhook. Used for Basic authentication
+                      The auth data of the webhook. Used for Basic authentication
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  triggerTemplate:
+                    description: |-
+                      (String) A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                      A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                    type: string
+                  triggerType:
+                    description: |-
+                      (String) The type of event that will cause this outgoing webhook to execute. The types of triggers are: escalation, alert group created, acknowledge, resolve, silence, unsilence, unresolve, unacknowledge. Defaults to escalation.
+                      The type of event that will cause this outgoing webhook to execute. The types of triggers are: `escalation`, `alert group created`, `acknowledge`, `resolve`, `silence`, `unsilence`, `unresolve`, `unacknowledge`. Defaults to `escalation`.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The webhook URL.
+                      The webhook URL.
+                    type: string
+                  user:
+                    description: |-
+                      (String) Username to use when making the outgoing webhook request.
+                      Username to use when making the outgoing webhook request.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.url is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.url)
+                || (has(self.initProvider) && has(self.initProvider.url))'
+          status:
+            description: OutgoingWebhookStatus defines the observed state of OutgoingWebhook.
+            properties:
+              atProvider:
+                properties:
+                  data:
+                    description: |-
+                      (String) The data of the webhook.
+                      The data of the webhook.
+                    type: string
+                  forwardWholePayload:
+                    description: |-
+                      (Boolean) Toggle to send the entire webhook payload instead of using the values in the Data field.
+                      Toggle to send the entire webhook payload instead of using the values in the Data field.
+                    type: boolean
+                  headers:
+                    description: |-
+                      (String) Headers to add to the outgoing webhook request.
+                      Headers to add to the outgoing webhook request.
+                    type: string
+                  httpMethod:
+                    description: |-
+                      (String) The HTTP method used in the request made by the outgoing webhook. Defaults to POST.
+                      The HTTP method used in the request made by the outgoing webhook. Defaults to `POST`.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  integrationFilter:
+                    description: |-
+                      (List of String) Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
+                      Restricts the outgoing webhook to only trigger if the event came from a selected integration. If no integrations are selected the outgoing webhook will trigger for any integration.
+                    items:
+                      type: string
+                    type: array
+                  isWebhookEnabled:
+                    description: |-
+                      (Boolean) Controls whether the outgoing webhook will trigger or is ignored. Defaults to true.
+                      Controls whether the outgoing webhook will trigger or is ignored. Defaults to `true`.
+                    type: boolean
+                  name:
+                    description: |-
+                      (String) The name of the outgoing webhook.
+                      The name of the outgoing webhook.
+                    type: string
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  triggerTemplate:
+                    description: |-
+                      (String) A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                      A template used to dynamically determine whether the webhook should execute based on the content of the payload.
+                    type: string
+                  triggerType:
+                    description: |-
+                      (String) The type of event that will cause this outgoing webhook to execute. The types of triggers are: escalation, alert group created, acknowledge, resolve, silence, unsilence, unresolve, unacknowledge. Defaults to escalation.
+                      The type of event that will cause this outgoing webhook to execute. The types of triggers are: `escalation`, `alert group created`, `acknowledge`, `resolve`, `silence`, `unsilence`, `unresolve`, `unacknowledge`. Defaults to `escalation`.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The webhook URL.
+                      The webhook URL.
+                    type: string
+                  user:
+                    description: |-
+                      (String) Username to use when making the outgoing webhook request.
+                      Username to use when making the outgoing webhook request.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: routes.oncall.grafana.crossplane.io
+spec:
+  group: oncall.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: Route
+    listKind: RouteList
+    plural: routes
+    singular: route
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Route is the Schema for the Routes API. HTTP API https://grafana.com/docs/oncall/latest/oncall-api-reference/routes/
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RouteSpec defines the desired state of Route
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  escalationChainId:
+                    description: |-
+                      (String) The ID of the escalation chain.
+                      The ID of the escalation chain.
+                    type: string
+                  escalationChainRef:
+                    description: Reference to a EscalationChain in oncall to populate
+                      escalationChainId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  escalationChainSelector:
+                    description: Selector for a EscalationChain in oncall to populate
+                      escalationChainId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  integrationId:
+                    description: |-
+                      (String) The ID of the integration.
+                      The ID of the integration.
+                    type: string
+                  integrationRef:
+                    description: Reference to a Integration in oncall to populate
+                      integrationId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  integrationSelector:
+                    description: Selector for a Integration in oncall to populate
+                      integrationId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  msteams:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      MS teams-specific settings for a route.
+                    items:
+                      properties:
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in MS teams. Defaults to `true`.
+                          type: boolean
+                        id:
+                          description: |-
+                            (String) The ID of this resource.
+                            MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
+                          type: string
+                      type: object
+                    type: array
+                  position:
+                    description: |-
+                      (Number) The position of the route (starts from 0).
+                      The position of the route (starts from 0).
+                    type: number
+                  routingRegex:
+                    description: |-
+                      (String) Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                      Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                    type: string
+                  routingType:
+                    description: |-
+                      (String) The type of route. Can be jinja2, regex Defaults to regex.
+                      The type of route. Can be jinja2, regex Defaults to `regex`.
+                    type: string
+                  slack:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      Slack-specific settings for a route.
+                    items:
+                      properties:
+                        channelId:
+                          description: |-
+                            (String) Slack channel id. Alerts will be directed to this channel in Slack.
+                            Slack channel id. Alerts will be directed to this channel in Slack.
+                          type: string
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in Slack. Defaults to `true`.
+                          type: boolean
+                      type: object
+                    type: array
+                  telegram:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      Telegram-specific settings for a route.
+                    items:
+                      properties:
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in Telegram. Defaults to `true`.
+                          type: boolean
+                        id:
+                          description: |-
+                            (String) The ID of this resource.
+                            Telegram channel id. Alerts will be directed to this channel in Telegram.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  escalationChainId:
+                    description: |-
+                      (String) The ID of the escalation chain.
+                      The ID of the escalation chain.
+                    type: string
+                  escalationChainRef:
+                    description: Reference to a EscalationChain in oncall to populate
+                      escalationChainId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  escalationChainSelector:
+                    description: Selector for a EscalationChain in oncall to populate
+                      escalationChainId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  integrationId:
+                    description: |-
+                      (String) The ID of the integration.
+                      The ID of the integration.
+                    type: string
+                  integrationRef:
+                    description: Reference to a Integration in oncall to populate
+                      integrationId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  integrationSelector:
+                    description: Selector for a Integration in oncall to populate
+                      integrationId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  msteams:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      MS teams-specific settings for a route.
+                    items:
+                      properties:
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in MS teams. Defaults to `true`.
+                          type: boolean
+                        id:
+                          description: |-
+                            (String) The ID of this resource.
+                            MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
+                          type: string
+                      type: object
+                    type: array
+                  position:
+                    description: |-
+                      (Number) The position of the route (starts from 0).
+                      The position of the route (starts from 0).
+                    type: number
+                  routingRegex:
+                    description: |-
+                      (String) Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                      Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                    type: string
+                  routingType:
+                    description: |-
+                      (String) The type of route. Can be jinja2, regex Defaults to regex.
+                      The type of route. Can be jinja2, regex Defaults to `regex`.
+                    type: string
+                  slack:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      Slack-specific settings for a route.
+                    items:
+                      properties:
+                        channelId:
+                          description: |-
+                            (String) Slack channel id. Alerts will be directed to this channel in Slack.
+                            Slack channel id. Alerts will be directed to this channel in Slack.
+                          type: string
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in Slack. Defaults to `true`.
+                          type: boolean
+                      type: object
+                    type: array
+                  telegram:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      Telegram-specific settings for a route.
+                    items:
+                      properties:
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in Telegram. Defaults to `true`.
+                          type: boolean
+                        id:
+                          description: |-
+                            (String) The ID of this resource.
+                            Telegram channel id. Alerts will be directed to this channel in Telegram.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.position is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.position)
+                || (has(self.initProvider) && has(self.initProvider.position))'
+            - message: spec.forProvider.routingRegex is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.routingRegex)
+                || (has(self.initProvider) && has(self.initProvider.routingRegex))'
+          status:
+            description: RouteStatus defines the observed state of Route.
+            properties:
+              atProvider:
+                properties:
+                  escalationChainId:
+                    description: |-
+                      (String) The ID of the escalation chain.
+                      The ID of the escalation chain.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  integrationId:
+                    description: |-
+                      (String) The ID of the integration.
+                      The ID of the integration.
+                    type: string
+                  msteams:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      MS teams-specific settings for a route.
+                    items:
+                      properties:
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in MS teams. Defaults to `true`.
+                          type: boolean
+                        id:
+                          description: |-
+                            (String) The ID of this resource.
+                            MS teams channel id. Alerts will be directed to this channel in Microsoft teams.
+                          type: string
+                      type: object
+                    type: array
+                  position:
+                    description: |-
+                      (Number) The position of the route (starts from 0).
+                      The position of the route (starts from 0).
+                    type: number
+                  routingRegex:
+                    description: |-
+                      (String) Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                      Python Regex query. Route is chosen for an alert if there is a match inside the alert payload.
+                    type: string
+                  routingType:
+                    description: |-
+                      (String) The type of route. Can be jinja2, regex Defaults to regex.
+                      The type of route. Can be jinja2, regex Defaults to `regex`.
+                    type: string
+                  slack:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      Slack-specific settings for a route.
+                    items:
+                      properties:
+                        channelId:
+                          description: |-
+                            (String) Slack channel id. Alerts will be directed to this channel in Slack.
+                            Slack channel id. Alerts will be directed to this channel in Slack.
+                          type: string
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in Slack. Defaults to `true`.
+                          type: boolean
+                      type: object
+                    type: array
+                  telegram:
+                    description: |-
+                      specific settings for a route. (see below for nested schema)
+                      Telegram-specific settings for a route.
+                    items:
+                      properties:
+                        enabled:
+                          description: |-
+                            (Boolean) Enable notification in MS teams. Defaults to true.
+                            Enable notification in Telegram. Defaults to `true`.
+                          type: boolean
+                        id:
+                          description: |-
+                            (String) The ID of this resource.
+                            Telegram channel id. Alerts will be directed to this channel in Telegram.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: schedules.oncall.grafana.crossplane.io
+spec:
+  group: oncall.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: Schedule
+    listKind: ScheduleList
+    plural: schedules
+    singular: schedule
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Schedule is the Schema for the Schedules API. HTTP API https://grafana.com/docs/oncall/latest/oncall-api-reference/schedules/
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ScheduleSpec defines the desired state of Schedule
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  enableWebOverrides:
+                    description: |-
+                      (Boolean) Enable overrides via web UI (it will ignore ical_url_overrides).
+                      Enable overrides via web UI (it will ignore ical_url_overrides).
+                    type: boolean
+                  icalUrlOverrides:
+                    description: |-
+                      (String) The URL of external iCal calendar which override primary events.
+                      The URL of external iCal calendar which override primary events.
+                    type: string
+                  icalUrlPrimary:
+                    description: |-
+                      (String) The URL of the external calendar iCal file.
+                      The URL of the external calendar iCal file.
+                    type: string
+                  name:
+                    description: |-
+                      (String) The schedule's name.
+                      The schedule's name.
+                    type: string
+                  shifts:
+                    description: |-
+                      call shifts.
+                      The list of ID's of on-call shifts.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  shiftsRef:
+                    description: References to OnCallShift in oncall to populate shifts.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  shiftsSelector:
+                    description: Selector for a list of OnCallShift in oncall to populate
+                      shifts.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  slack:
+                    description: |-
+                      specific settings for a schedule. (see below for nested schema)
+                      The Slack-specific settings for a schedule.
+                    items:
+                      properties:
+                        channelId:
+                          description: |-
+                            (String) Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
+                            Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
+                          type: string
+                        userGroupId:
+                          description: |-
+                            call users change.
+                            Slack user group id. Members of user group will be updated when on-call users change.
+                          type: string
+                      type: object
+                    type: array
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  timeZone:
+                    description: |-
+                      (String) The schedule's time zone.
+                      The schedule's time zone.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The schedule's type. Valid values are ical, calendar.
+                      The schedule's type. Valid values are `ical`, `calendar`.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  enableWebOverrides:
+                    description: |-
+                      (Boolean) Enable overrides via web UI (it will ignore ical_url_overrides).
+                      Enable overrides via web UI (it will ignore ical_url_overrides).
+                    type: boolean
+                  icalUrlOverrides:
+                    description: |-
+                      (String) The URL of external iCal calendar which override primary events.
+                      The URL of external iCal calendar which override primary events.
+                    type: string
+                  icalUrlPrimary:
+                    description: |-
+                      (String) The URL of the external calendar iCal file.
+                      The URL of the external calendar iCal file.
+                    type: string
+                  name:
+                    description: |-
+                      (String) The schedule's name.
+                      The schedule's name.
+                    type: string
+                  shifts:
+                    description: |-
+                      call shifts.
+                      The list of ID's of on-call shifts.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  shiftsRef:
+                    description: References to OnCallShift in oncall to populate shifts.
+                    items:
+                      description: A Reference to a named object.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                              - Required
+                              - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                              - Always
+                              - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  shiftsSelector:
+                    description: Selector for a list of OnCallShift in oncall to populate
+                      shifts.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  slack:
+                    description: |-
+                      specific settings for a schedule. (see below for nested schema)
+                      The Slack-specific settings for a schedule.
+                    items:
+                      properties:
+                        channelId:
+                          description: |-
+                            (String) Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
+                            Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
+                          type: string
+                        userGroupId:
+                          description: |-
+                            call users change.
+                            Slack user group id. Members of user group will be updated when on-call users change.
+                          type: string
+                      type: object
+                    type: array
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  timeZone:
+                    description: |-
+                      (String) The schedule's time zone.
+                      The schedule's time zone.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The schedule's type. Valid values are ical, calendar.
+                      The schedule's type. Valid values are `ical`, `calendar`.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.type is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
+                || (has(self.initProvider) && has(self.initProvider.type))'
+          status:
+            description: ScheduleStatus defines the observed state of Schedule.
+            properties:
+              atProvider:
+                properties:
+                  enableWebOverrides:
+                    description: |-
+                      (Boolean) Enable overrides via web UI (it will ignore ical_url_overrides).
+                      Enable overrides via web UI (it will ignore ical_url_overrides).
+                    type: boolean
+                  icalUrlOverrides:
+                    description: |-
+                      (String) The URL of external iCal calendar which override primary events.
+                      The URL of external iCal calendar which override primary events.
+                    type: string
+                  icalUrlPrimary:
+                    description: |-
+                      (String) The URL of the external calendar iCal file.
+                      The URL of the external calendar iCal file.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  name:
+                    description: |-
+                      (String) The schedule's name.
+                      The schedule's name.
+                    type: string
+                  shifts:
+                    description: |-
+                      call shifts.
+                      The list of ID's of on-call shifts.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  slack:
+                    description: |-
+                      specific settings for a schedule. (see below for nested schema)
+                      The Slack-specific settings for a schedule.
+                    items:
+                      properties:
+                        channelId:
+                          description: |-
+                            (String) Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
+                            Slack channel id. Reminder about schedule shifts will be directed to this channel in Slack.
+                          type: string
+                        userGroupId:
+                          description: |-
+                            call users change.
+                            Slack user group id. Members of user group will be updated when on-call users change.
+                          type: string
+                      type: object
+                    type: array
+                  teamId:
+                    description: |-
+                      (String) The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the grafana_oncall_team datasource.
+                      The ID of the OnCall team. To get one, create a team in Grafana, and navigate to the OnCall plugin (to sync the team with OnCall). You can then get the ID using the `grafana_oncall_team` datasource.
+                    type: string
+                  timeZone:
+                    description: |-
+                      (String) The schedule's time zone.
+                      The schedule's time zone.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The schedule's type. Valid values are ical, calendar.
+                      The schedule's type. Valid values are `ical`, `calendar`.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: usernotificationrules.oncall.grafana.crossplane.io
+spec:
+  group: oncall.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: UserNotificationRule
+    listKind: UserNotificationRuleList
+    plural: usernotificationrules
+    singular: usernotificationrule
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'UserNotificationRule is the Schema for the UserNotificationRules
+          API. HTTP API https://grafana.com/docs/oncall/latest/oncall-api-reference/personal_notification_rules/
+          Note: you must be running Grafana OnCall >= v1.8.0 to use this resource.'
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: UserNotificationRuleSpec defines the desired state of UserNotificationRule
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  duration:
+                    description: |-
+                      (Number) A time in seconds to wait (when type=wait). Can be 60, 300, 900, 1800, 3600
+                      A time in seconds to wait (when `type=wait`). Can be 60, 300, 900, 1800, 3600
+                    type: number
+                  important:
+                    description: |-
+                      (Boolean) Boolean value which indicates if a rule is “important”
+                      Boolean value which indicates if a rule is “important”
+                    type: boolean
+                  position:
+                    description: |-
+                      (Number) Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
+                      Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
+                    type: number
+                  type:
+                    description: |-
+                      (String) The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: notify_by_msteams is only available for Grafana Cloud customers.
+                      The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: `notify_by_msteams` is only available for Grafana Cloud customers.
+                    type: string
+                  userId:
+                    description: |-
+                      (String) User ID
+                      User ID
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  duration:
+                    description: |-
+                      (Number) A time in seconds to wait (when type=wait). Can be 60, 300, 900, 1800, 3600
+                      A time in seconds to wait (when `type=wait`). Can be 60, 300, 900, 1800, 3600
+                    type: number
+                  important:
+                    description: |-
+                      (Boolean) Boolean value which indicates if a rule is “important”
+                      Boolean value which indicates if a rule is “important”
+                    type: boolean
+                  position:
+                    description: |-
+                      (Number) Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
+                      Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
+                    type: number
+                  type:
+                    description: |-
+                      (String) The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: notify_by_msteams is only available for Grafana Cloud customers.
+                      The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: `notify_by_msteams` is only available for Grafana Cloud customers.
+                    type: string
+                  userId:
+                    description: |-
+                      (String) User ID
+                      User ID
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.type is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
+                || (has(self.initProvider) && has(self.initProvider.type))'
+            - message: spec.forProvider.userId is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.userId)
+                || (has(self.initProvider) && has(self.initProvider.userId))'
+          status:
+            description: UserNotificationRuleStatus defines the observed state of
+              UserNotificationRule.
+            properties:
+              atProvider:
+                properties:
+                  duration:
+                    description: |-
+                      (Number) A time in seconds to wait (when type=wait). Can be 60, 300, 900, 1800, 3600
+                      A time in seconds to wait (when `type=wait`). Can be 60, 300, 900, 1800, 3600
+                    type: number
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  important:
+                    description: |-
+                      (Boolean) Boolean value which indicates if a rule is “important”
+                      Boolean value which indicates if a rule is “important”
+                    type: boolean
+                  position:
+                    description: |-
+                      (Number) Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
+                      Personal notification rules execute one after another starting from position=0. A new escalation policy created with a position of an existing escalation policy will move the old one (and all following) down on the list.
+                    type: number
+                  type:
+                    description: |-
+                      (String) The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: notify_by_msteams is only available for Grafana Cloud customers.
+                      The type of notification rule. Can be wait, notify_by_slack, notify_by_msteams, notify_by_sms, notify_by_phone_call, notify_by_telegram, notify_by_email, notify_by_mobile_app, notify_by_mobile_app_critical. NOTE: `notify_by_msteams` is only available for Grafana Cloud customers.
+                    type: string
+                  userId:
+                    description: |-
+                      (String) User ID
+                      User ID
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: annotations.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: Annotation
+    listKind: AnnotationList
+    plural: annotations
+    singular: annotation
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Annotation is the Schema for the Annotations API. Official documentation
+          https://grafana.com/docs/grafana/latest/dashboards/build-dashboards/annotate-visualizations/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/annotations/
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AnnotationSpec defines the desired state of Annotation
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  dashboardRef:
+                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dashboardSelector:
+                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  dashboardUid:
+                    description: |-
+                      (String) The UID of the dashboard on which to create the annotation.
+                      The UID of the dashboard on which to create the annotation.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  panelId:
+                    description: |-
+                      (Number) The ID of the dashboard panel on which to create the annotation.
+                      The ID of the dashboard panel on which to create the annotation.
+                    type: number
+                  tags:
+                    description: |-
+                      (Set of String) The tags to associate with the annotation.
+                      The tags to associate with the annotation.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  text:
+                    description: |-
+                      (String) The text to associate with the annotation.
+                      The text to associate with the annotation.
+                    type: string
+                  time:
+                    description: |-
+                      formatted time string indicating the annotation's time.
+                      The RFC 3339-formatted time string indicating the annotation's time.
+                    type: string
+                  timeEnd:
+                    description: |-
+                      formatted time string indicating the annotation's end time.
+                      The RFC 3339-formatted time string indicating the annotation's end time.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  dashboardRef:
+                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dashboardSelector:
+                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  dashboardUid:
+                    description: |-
+                      (String) The UID of the dashboard on which to create the annotation.
+                      The UID of the dashboard on which to create the annotation.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  panelId:
+                    description: |-
+                      (Number) The ID of the dashboard panel on which to create the annotation.
+                      The ID of the dashboard panel on which to create the annotation.
+                    type: number
+                  tags:
+                    description: |-
+                      (Set of String) The tags to associate with the annotation.
+                      The tags to associate with the annotation.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  text:
+                    description: |-
+                      (String) The text to associate with the annotation.
+                      The text to associate with the annotation.
+                    type: string
+                  time:
+                    description: |-
+                      formatted time string indicating the annotation's time.
+                      The RFC 3339-formatted time string indicating the annotation's time.
+                    type: string
+                  timeEnd:
+                    description: |-
+                      formatted time string indicating the annotation's end time.
+                      The RFC 3339-formatted time string indicating the annotation's end time.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.text is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.text)
+                || (has(self.initProvider) && has(self.initProvider.text))'
+          status:
+            description: AnnotationStatus defines the observed state of Annotation.
+            properties:
+              atProvider:
+                properties:
+                  dashboardUid:
+                    description: |-
+                      (String) The UID of the dashboard on which to create the annotation.
+                      The UID of the dashboard on which to create the annotation.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  panelId:
+                    description: |-
+                      (Number) The ID of the dashboard panel on which to create the annotation.
+                      The ID of the dashboard panel on which to create the annotation.
+                    type: number
+                  tags:
+                    description: |-
+                      (Set of String) The tags to associate with the annotation.
+                      The tags to associate with the annotation.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  text:
+                    description: |-
+                      (String) The text to associate with the annotation.
+                      The text to associate with the annotation.
+                    type: string
+                  time:
+                    description: |-
+                      formatted time string indicating the annotation's time.
+                      The RFC 3339-formatted time string indicating the annotation's time.
+                    type: string
+                  timeEnd:
+                    description: |-
+                      formatted time string indicating the annotation's end time.
+                      The RFC 3339-formatted time string indicating the annotation's end time.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: dashboardpermissionitems.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: DashboardPermissionItem
+    listKind: DashboardPermissionItemList
+    plural: dashboardpermissionitems
+    singular: dashboardpermissionitem
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DashboardPermissionItem is the Schema for the DashboardPermissionItems
+          API. Manages a single permission item for a dashboard. Conflicts with the
+          "grafana_dashboard_permission" resource which manages the entire set of
+          permissions for a dashboard.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DashboardPermissionItemSpec defines the desired state of
+              DashboardPermissionItem
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  dashboardUid:
+                    description: |-
+                      (String) The UID of the dashboard.
+                      The UID of the dashboard.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  dashboardUid:
+                    description: |-
+                      (String) The UID of the dashboard.
+                      The UID of the dashboard.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.dashboardUid is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.dashboardUid)
+                || (has(self.initProvider) && has(self.initProvider.dashboardUid))'
+            - message: spec.forProvider.permission is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.permission)
+                || (has(self.initProvider) && has(self.initProvider.permission))'
+          status:
+            description: DashboardPermissionItemStatus defines the observed state
+              of DashboardPermissionItem.
+            properties:
+              atProvider:
+                properties:
+                  dashboardUid:
+                    description: |-
+                      (String) The UID of the dashboard.
+                      The UID of the dashboard.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: dashboardpermissions.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: DashboardPermission
+    listKind: DashboardPermissionList
+    plural: dashboardpermissions
+    singular: dashboardpermission
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DashboardPermission is the Schema for the DashboardPermissions
+          API. Manages the entire set of permissions for a dashboard. Permissions
+          that aren't specified when applying this resource will be removed. Official
+          documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/dashboard_permissions/
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DashboardPermissionSpec defines the desired state of DashboardPermission
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  dashboardRef:
+                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dashboardSelector:
+                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  dashboardUid:
+                    description: |-
+                      (String) UID of the dashboard to apply permissions to.
+                      UID of the dashboard to apply permissions to.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
+                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                          type: string
+                        role:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        teamRef:
+                          description: Reference to a Team in oss to populate teamId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        teamSelector:
+                          description: Selector for a Team in oss to populate teamId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                        userRef:
+                          description: Reference to a User in oss to populate userId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        userSelector:
+                          description: Selector for a User in oss to populate userId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  dashboardRef:
+                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dashboardSelector:
+                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  dashboardUid:
+                    description: |-
+                      (String) UID of the dashboard to apply permissions to.
+                      UID of the dashboard to apply permissions to.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
+                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                          type: string
+                        role:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        teamRef:
+                          description: Reference to a Team in oss to populate teamId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        teamSelector:
+                          description: Selector for a Team in oss to populate teamId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                        userRef:
+                          description: Reference to a User in oss to populate userId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        userSelector:
+                          description: Selector for a User in oss to populate userId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+          status:
+            description: DashboardPermissionStatus defines the observed state of DashboardPermission.
+            properties:
+              atProvider:
+                properties:
+                  dashboardUid:
+                    description: |-
+                      (String) UID of the dashboard to apply permissions to.
+                      UID of the dashboard to apply permissions to.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
+                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                          type: string
+                        role:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: dashboardpublics.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: DashboardPublic
+    listKind: DashboardPublicList
+    plural: dashboardpublics
+    singular: dashboardpublic
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'DashboardPublic is the Schema for the DashboardPublics API.
+          Manages Grafana public dashboards. Note: This resource is available only
+          with Grafana 10.2+. Official documentation https://grafana.com/docs/grafana/latest/dashboards/dashboard-public/HTTP
+          API https://grafana.com/docs/grafana/next/developers/http_api/dashboard_public/'
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DashboardPublicSpec defines the desired state of DashboardPublic
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  accessToken:
+                    description: |-
+                      (String) A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                      A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                    type: string
+                  annotationsEnabled:
+                    description: |-
+                      (Boolean) Set to true to show annotations. The default value is false.
+                      Set to `true` to show annotations. The default value is `false`.
+                    type: boolean
+                  dashboardRef:
+                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dashboardSelector:
+                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  dashboardUid:
+                    description: |-
+                      (String) The unique identifier of the original dashboard.
+                      The unique identifier of the original dashboard.
+                    type: string
+                  isEnabled:
+                    description: |-
+                      (Boolean) Set to true to enable the public dashboard. The default value is false.
+                      Set to `true` to enable the public dashboard. The default value is `false`.
+                    type: boolean
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  share:
+                    description: |-
+                      (String) Set the share mode. The default value is public.
+                      Set the share mode. The default value is `public`.
+                    type: string
+                  timeSelectionEnabled:
+                    description: |-
+                      (Boolean) Set to true to enable the time picker in the public dashboard. The default value is false.
+                      Set to `true` to enable the time picker in the public dashboard. The default value is `false`.
+                    type: boolean
+                  uid:
+                    description: |-
+                      (String) The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                      The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  accessToken:
+                    description: |-
+                      (String) A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                      A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                    type: string
+                  annotationsEnabled:
+                    description: |-
+                      (Boolean) Set to true to show annotations. The default value is false.
+                      Set to `true` to show annotations. The default value is `false`.
+                    type: boolean
+                  dashboardRef:
+                    description: Reference to a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  dashboardSelector:
+                    description: Selector for a Dashboard in oss to populate dashboardUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  dashboardUid:
+                    description: |-
+                      (String) The unique identifier of the original dashboard.
+                      The unique identifier of the original dashboard.
+                    type: string
+                  isEnabled:
+                    description: |-
+                      (Boolean) Set to true to enable the public dashboard. The default value is false.
+                      Set to `true` to enable the public dashboard. The default value is `false`.
+                    type: boolean
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  share:
+                    description: |-
+                      (String) Set the share mode. The default value is public.
+                      Set the share mode. The default value is `public`.
+                    type: string
+                  timeSelectionEnabled:
+                    description: |-
+                      (Boolean) Set to true to enable the time picker in the public dashboard. The default value is false.
+                      Set to `true` to enable the time picker in the public dashboard. The default value is `false`.
+                    type: boolean
+                  uid:
+                    description: |-
+                      (String) The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                      The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+          status:
+            description: DashboardPublicStatus defines the observed state of DashboardPublic.
+            properties:
+              atProvider:
+                properties:
+                  accessToken:
+                    description: |-
+                      (String) A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                      A public unique identifier of a public dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a public dashboard.
+                    type: string
+                  annotationsEnabled:
+                    description: |-
+                      (Boolean) Set to true to show annotations. The default value is false.
+                      Set to `true` to show annotations. The default value is `false`.
+                    type: boolean
+                  dashboardUid:
+                    description: |-
+                      (String) The unique identifier of the original dashboard.
+                      The unique identifier of the original dashboard.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  isEnabled:
+                    description: |-
+                      (Boolean) Set to true to enable the public dashboard. The default value is false.
+                      Set to `true` to enable the public dashboard. The default value is `false`.
+                    type: boolean
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  share:
+                    description: |-
+                      (String) Set the share mode. The default value is public.
+                      Set the share mode. The default value is `public`.
+                    type: string
+                  timeSelectionEnabled:
+                    description: |-
+                      (Boolean) Set to true to enable the time picker in the public dashboard. The default value is false.
+                      Set to `true` to enable the time picker in the public dashboard. The default value is `false`.
+                    type: boolean
+                  uid:
+                    description: |-
+                      (String) The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                      The unique identifier of a public dashboard. It's automatically generated if not provided when creating a public dashboard.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: dashboards.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: Dashboard
+    listKind: DashboardList
+    plural: dashboards
+    singular: dashboard
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Dashboard is the Schema for the Dashboards API. Manages Grafana
+          dashboards. Official documentation https://grafana.com/docs/grafana/latest/dashboards/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/dashboard/
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DashboardSpec defines the desired state of Dashboard
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  configJson:
+                    description: |-
+                      (String) The complete dashboard model JSON.
+                      The complete dashboard model JSON.
+                    type: string
+                  folder:
+                    description: |-
+                      (String) The id or UID of the folder to save the dashboard in.
+                      The id or UID of the folder to save the dashboard in.
+                    type: string
+                  folderRef:
+                    description: Reference to a Folder in oss to populate folder.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  folderSelector:
+                    description: Selector for a Folder in oss to populate folder.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  message:
+                    description: |-
+                      (String) Set a commit message for the version history.
+                      Set a commit message for the version history.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  overwrite:
+                    description: |-
+                      (Boolean) Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+                      Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+                    type: boolean
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  configJson:
+                    description: |-
+                      (String) The complete dashboard model JSON.
+                      The complete dashboard model JSON.
+                    type: string
+                  folder:
+                    description: |-
+                      (String) The id or UID of the folder to save the dashboard in.
+                      The id or UID of the folder to save the dashboard in.
+                    type: string
+                  folderRef:
+                    description: Reference to a Folder in oss to populate folder.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  folderSelector:
+                    description: Selector for a Folder in oss to populate folder.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  message:
+                    description: |-
+                      (String) Set a commit message for the version history.
+                      Set a commit message for the version history.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  overwrite:
+                    description: |-
+                      (Boolean) Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+                      Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+                    type: boolean
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.configJson is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.configJson)
+                || (has(self.initProvider) && has(self.initProvider.configJson))'
+          status:
+            description: DashboardStatus defines the observed state of Dashboard.
+            properties:
+              atProvider:
+                properties:
+                  configJson:
+                    description: |-
+                      (String) The complete dashboard model JSON.
+                      The complete dashboard model JSON.
+                    type: string
+                  dashboardId:
+                    description: |-
+                      (Number) The numeric ID of the dashboard computed by Grafana.
+                      The numeric ID of the dashboard computed by Grafana.
+                    type: number
+                  folder:
+                    description: |-
+                      (String) The id or UID of the folder to save the dashboard in.
+                      The id or UID of the folder to save the dashboard in.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  message:
+                    description: |-
+                      (String) Set a commit message for the version history.
+                      Set a commit message for the version history.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  overwrite:
+                    description: |-
+                      (Boolean) Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+                      Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+                    type: boolean
+                  uid:
+                    description: |-
+                      (String) The unique identifier of a dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a dashboard. The uid allows having consistent URLs for accessing dashboards and when syncing dashboards between multiple Grafana installs.
+                      The unique identifier of a dashboard. This is used to construct its URL. It's automatically generated if not provided when creating a dashboard. The uid allows having consistent URLs for accessing dashboards and when syncing dashboards between multiple Grafana installs.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The full URL of the dashboard.
+                      The full URL of the dashboard.
+                    type: string
+                  version:
+                    description: |-
+                      (Number) Whenever you save a version of your dashboard, a copy of that version is saved so that previous versions of your dashboard are not lost.
+                      Whenever you save a version of your dashboard, a copy of that version is saved so that previous versions of your dashboard are not lost.
+                    type: number
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: datasourceconfigs.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: DataSourceConfig
+    listKind: DataSourceConfigList
+    plural: datasourceconfigs
+    singular: datasourceconfig
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DataSourceConfig is the Schema for the DataSourceConfigs API.
+          Official documentation https://grafana.com/docs/grafana/latest/datasources/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/data_source/
+          The required arguments for this resource vary depending on the type of data
+          source selected (via the 'type' argument). Use this resource for configuring
+          multiple datasources, when that configuration (json_data_encoded field)
+          requires circular references like in the example below. When using the
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DataSourceConfigSpec defines the desired state of DataSourceConfig
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  httpHeadersSecretRef:
+                    description: |-
+                      (Map of String, Sensitive) Custom HTTP headers
+                      Custom HTTP headers
+                    properties:
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - name
+                    - namespace
+                    type: object
+                  jsonDataEncoded:
+                    description: |-
+                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  secureJsonDataEncodedSecretRef:
+                    description: |-
+                      (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  uid:
+                    description: |-
+                      (String) Unique identifier. If unset, this will be automatically generated.
+                      Unique identifier. If unset, this will be automatically generated.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  httpHeadersSecretRef:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  jsonDataEncoded:
+                    description: |-
+                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  secureJsonDataEncodedSecretRef:
+                    description: |-
+                      (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  uid:
+                    description: |-
+                      (String) Unique identifier. If unset, this will be automatically generated.
+                      Unique identifier. If unset, this will be automatically generated.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+          status:
+            description: DataSourceConfigStatus defines the observed state of DataSourceConfig.
+            properties:
+              atProvider:
+                properties:
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  jsonDataEncoded:
+                    description: |-
+                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier. If unset, this will be automatically generated.
+                      Unique identifier. If unset, this will be automatically generated.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: datasources.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: DataSource
+    listKind: DataSourceList
+    plural: datasources
+    singular: datasource
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DataSource is the Schema for the DataSources API. Official documentation
+          https://grafana.com/docs/grafana/latest/datasources/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/data_source/
+          The required arguments for this resource vary depending on the type of data
+          source selected (via the 'type' argument).
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DataSourceSpec defines the desired state of DataSource
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  accessMode:
+                    description: |-
+                      (String) The method by which Grafana will access the data source: proxy or direct. Defaults to proxy.
+                      The method by which Grafana will access the data source: `proxy` or `direct`. Defaults to `proxy`.
+                    type: string
+                  basicAuthEnabled:
+                    description: |-
+                      (Boolean) Whether to enable basic auth for the data source. Defaults to false.
+                      Whether to enable basic auth for the data source. Defaults to `false`.
+                    type: boolean
+                  basicAuthUsername:
+                    description: |-
+                      (String) Basic auth username. Defaults to “.
+                      Basic auth username. Defaults to “.
+                    type: string
+                  databaseName:
+                    description: |-
+                      (String)  The name of the database to use on the selected data source server. Defaults to “.
+                      (Required by some data source types) The name of the database to use on the selected data source server. Defaults to “.
+                    type: string
+                  httpHeadersSecretRef:
+                    description: |-
+                      (Map of String, Sensitive) Custom HTTP headers
+                      Custom HTTP headers
+                    properties:
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - name
+                    - namespace
+                    type: object
+                  isDefault:
+                    description: |-
+                      (Boolean) Whether to set the data source as default. This should only be true to a single data source. Defaults to false.
+                      Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
+                    type: boolean
+                  jsonDataEncoded:
+                    description: |-
+                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    type: string
+                  name:
+                    description: |-
+                      (String) A unique name for the data source.
+                      A unique name for the data source.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  secureJsonDataEncodedSecretRef:
+                    description: |-
+                      (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  type:
+                    description: |-
+                      (String) The data source type. Must be one of the supported data source keywords.
+                      The data source type. Must be one of the supported data source keywords.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier. If unset, this will be automatically generated.
+                      Unique identifier. If unset, this will be automatically generated.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
+                      The URL for the data source. The type of URL required varies depending on the chosen data source type.
+                    type: string
+                  username:
+                    description: |-
+                      (String)  The username to use to authenticate to the data source. Defaults to “.
+                      (Required by some data source types) The username to use to authenticate to the data source. Defaults to “.
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  accessMode:
+                    description: |-
+                      (String) The method by which Grafana will access the data source: proxy or direct. Defaults to proxy.
+                      The method by which Grafana will access the data source: `proxy` or `direct`. Defaults to `proxy`.
+                    type: string
+                  basicAuthEnabled:
+                    description: |-
+                      (Boolean) Whether to enable basic auth for the data source. Defaults to false.
+                      Whether to enable basic auth for the data source. Defaults to `false`.
+                    type: boolean
+                  basicAuthUsername:
+                    description: |-
+                      (String) Basic auth username. Defaults to “.
+                      Basic auth username. Defaults to “.
+                    type: string
+                  databaseName:
+                    description: |-
+                      (String)  The name of the database to use on the selected data source server. Defaults to “.
+                      (Required by some data source types) The name of the database to use on the selected data source server. Defaults to “.
+                    type: string
+                  httpHeadersSecretRef:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  isDefault:
+                    description: |-
+                      (Boolean) Whether to set the data source as default. This should only be true to a single data source. Defaults to false.
+                      Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
+                    type: boolean
+                  jsonDataEncoded:
+                    description: |-
+                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    type: string
+                  name:
+                    description: |-
+                      (String) A unique name for the data source.
+                      A unique name for the data source.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  secureJsonDataEncodedSecretRef:
+                    description: |-
+                      (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    properties:
+                      key:
+                        description: The key to select.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: Namespace of the secret.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    - namespace
+                    type: object
+                  type:
+                    description: |-
+                      (String) The data source type. Must be one of the supported data source keywords.
+                      The data source type. Must be one of the supported data source keywords.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier. If unset, this will be automatically generated.
+                      Unique identifier. If unset, this will be automatically generated.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
+                      The URL for the data source. The type of URL required varies depending on the chosen data source type.
+                    type: string
+                  username:
+                    description: |-
+                      (String)  The username to use to authenticate to the data source. Defaults to “.
+                      (Required by some data source types) The username to use to authenticate to the data source. Defaults to “.
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
+            - message: spec.forProvider.type is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
+                || (has(self.initProvider) && has(self.initProvider.type))'
+          status:
+            description: DataSourceStatus defines the observed state of DataSource.
+            properties:
+              atProvider:
+                properties:
+                  accessMode:
+                    description: |-
+                      (String) The method by which Grafana will access the data source: proxy or direct. Defaults to proxy.
+                      The method by which Grafana will access the data source: `proxy` or `direct`. Defaults to `proxy`.
+                    type: string
+                  basicAuthEnabled:
+                    description: |-
+                      (Boolean) Whether to enable basic auth for the data source. Defaults to false.
+                      Whether to enable basic auth for the data source. Defaults to `false`.
+                    type: boolean
+                  basicAuthUsername:
+                    description: |-
+                      (String) Basic auth username. Defaults to “.
+                      Basic auth username. Defaults to “.
+                    type: string
+                  databaseName:
+                    description: |-
+                      (String)  The name of the database to use on the selected data source server. Defaults to “.
+                      (Required by some data source types) The name of the database to use on the selected data source server. Defaults to “.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  isDefault:
+                    description: |-
+                      (Boolean) Whether to set the data source as default. This should only be true to a single data source. Defaults to false.
+                      Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
+                    type: boolean
+                  jsonDataEncoded:
+                    description: |-
+                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                    type: string
+                  name:
+                    description: |-
+                      (String) A unique name for the data source.
+                      A unique name for the data source.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  type:
+                    description: |-
+                      (String) The data source type. Must be one of the supported data source keywords.
+                      The data source type. Must be one of the supported data source keywords.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier. If unset, this will be automatically generated.
+                      Unique identifier. If unset, this will be automatically generated.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
+                      The URL for the data source. The type of URL required varies depending on the chosen data source type.
+                    type: string
+                  username:
+                    description: |-
+                      (String)  The username to use to authenticate to the data source. Defaults to “.
+                      (Required by some data source types) The username to use to authenticate to the data source. Defaults to “.
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: folderpermissionitems.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: FolderPermissionItem
+    listKind: FolderPermissionItemList
+    plural: folderpermissionitems
+    singular: folderpermissionitem
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: FolderPermissionItem is the Schema for the FolderPermissionItems
+          API. Manages a single permission item for a folder. Conflicts with the "grafana_folder_permission"
+          resource which manages the entire set of permissions for a folder.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FolderPermissionItemSpec defines the desired state of FolderPermissionItem
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  folderUid:
+                    description: |-
+                      (String) The UID of the folder.
+                      The UID of the folder.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  folderUid:
+                    description: |-
+                      (String) The UID of the folder.
+                      The UID of the folder.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              managementPolicies:
+                default:
+                - '*'
+                description: |-
+                  THIS IS A BETA FIELD. It is on by default but can be opted out
+                  through a Crossplane feature flag.
+                  ManagementPolicies specify the array of actions Crossplane is allowed to
+                  take on the managed and external resources.
+                  This field is planned to replace the DeletionPolicy field in a future
+                  release. Currently, both could be set independently and non-default
+                  values would be honored if the feature flag is enabled. If both are
+                  custom, the DeletionPolicy field will be ignored.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                  and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                items:
+                  description: |-
+                    A ManagementAction represents an action that the Crossplane controllers
+                    can take on an external resource.
+                  enum:
+                  - Observe
+                  - Create
+                  - Update
+                  - Delete
+                  - LateInitialize
+                  - '*'
+                  type: string
+                type: array
+              providerConfigRef:
+                default:
+                  name: default
+                description: |-
+                  ProviderConfigReference specifies how the provider that will be used to
+                  create, observe, update, and delete this managed resource should be
+                  configured.
+                properties:
+                  name:
+                    description: Name of the referenced object.
+                    type: string
+                  policy:
+                    description: Policies for referencing.
+                    properties:
+                      resolution:
+                        default: Required
+                        description: |-
+                          Resolution specifies whether resolution of this reference is required.
+                          The default is 'Required', which means the reconcile will fail if the
+                          reference cannot be resolved. 'Optional' means this reference will be
+                          a no-op if it cannot be resolved.
+                        enum:
+                        - Required
+                        - Optional
+                        type: string
+                      resolve:
+                        description: |-
+                          Resolve specifies when this reference should be resolved. The default
+                          is 'IfNotPresent', which will attempt to resolve the reference only when
+                          the corresponding field is not present. Use 'Always' to resolve the
+                          reference on every reconcile.
+                        enum:
+                        - Always
+                        - IfNotPresent
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              publishConnectionDetailsTo:
+                description: |-
+                  PublishConnectionDetailsTo specifies the connection secret config which
+                  contains a name, metadata and a reference to secret store config to
+                  which any connection details for this managed resource should be written.
+                  Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                properties:
+                  configRef:
+                    default:
+                      name: default
+                    description: |-
+                      SecretStoreConfigRef specifies which secret store config should be used
+                      for this ConnectionSecret.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  metadata:
+                    description: Metadata is the metadata for connection secret.
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Annotations are the annotations to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.annotations".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          Labels are the labels/tags to be added to connection secret.
+                          - For Kubernetes secrets, this will be used as "metadata.labels".
+                          - It is up to Secret Store implementation for others store types.
+                        type: object
+                      type:
+                        description: |-
+                          Type is the SecretType for the connection secret.
+                          - Only valid for Kubernetes Secret Stores.
+                        type: string
+                    type: object
+                  name:
+                    description: Name is the name of the connection secret.
+                    type: string
+                required:
+                - name
+                type: object
+              writeConnectionSecretToRef:
+                description: |-
+                  WriteConnectionSecretToReference specifies the namespace and name of a
+                  Secret to which any connection details for this managed resource should
+                  be written. Connection details frequently include the endpoint, username,
+                  and password required to connect to the managed resource.
+                  This field is planned to be replaced in a future release in favor of
+                  PublishConnectionDetailsTo. Currently, both could be set independently
+                  and connection details would be published to both without affecting
+                  each other.
+                properties:
+                  name:
+                    description: Name of the secret.
+                    type: string
+                  namespace:
+                    description: Namespace of the secret.
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - forProvider
+            type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.folderUid is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.folderUid)
+                || (has(self.initProvider) && has(self.initProvider.folderUid))'
+            - message: spec.forProvider.permission is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.permission)
+                || (has(self.initProvider) && has(self.initProvider.permission))'
+          status:
+            description: FolderPermissionItemStatus defines the observed state of
+              FolderPermissionItem.
+            properties:
+              atProvider:
+                properties:
+                  folderUid:
+                    description: |-
+                      (String) The UID of the folder.
+                      The UID of the folder.
+                    type: string
+                  id:
+                    description: (String) The ID of this resource.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                    type: string
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  role:
+                    description: |-
+                      (String) the role onto which the permission is to be assigned
+                      the role onto which the permission is to be assigned
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
+                type: object
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        LastTransitionTime is the last time this condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A Message containing details about this condition's last transition from
+                        one status to another, if any.
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        ObservedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      type: integer
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: |-
+                        Type of this condition. At most one of each condition type may apply to
+                        a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              observedGeneration:
+                description: |-
+                  ObservedGeneration is the latest metadata.generation
+                  which resulted in either a ready state, or stalled due to error
+                  it can not recover from without human intervention.
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: folderpermissions.oss.grafana.crossplane.io
+spec:
+  group: oss.grafana.crossplane.io
+  names:
+    categories:
+    - crossplane
+    - managed
+    - grafana
+    kind: FolderPermission
+    listKind: FolderPermissionList
+    plural: folderpermissions
+    singular: folderpermission
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[?(@.type=='Synced')].status
+      name: SYNCED
+      type: string
+    - jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: READY
+      type: string
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: FolderPermission is the Schema for the FolderPermissions API.
+          Manages the entire set of permissions for a folder. Permissions that aren't
+          specified when applying this resource will be removed. Official documentation
+          https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/folder_permissions/
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FolderPermissionSpec defines the desired state of FolderPermission
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  folderRef:
+                    description: Reference to a Folder in oss to populate folderUid.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  folderSelector:
+                    description: Selector for a Folder in oss to populate folderUid.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  folderUid:
+                    description: |-
+                      (String) The UID of the folder.
+                      The UID of the folder.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
+                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                          type: string
+                        role:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        teamRef:
+                          description: Reference to a Team in oss to populate teamId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        teamSelector:
+                          description: Selector for a Team in oss to populate teamId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                        userRef:
+                          description: Reference to a User in oss to populate userId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        userSelector:
+                          description: Selector for a User in oss to populate userId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                      type: object
+                    type: array
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
                 properties:
-                  accessMode:
-                    description: |-
-                      (String) The method by which Grafana will access the data source: proxy or direct. Defaults to proxy.
-                      The method by which Grafana will access the data source: `proxy` or `direct`. Defaults to `proxy`.
-                    type: string
-                  basicAuthEnabled:
-                    description: |-
-                      (Boolean) Whether to enable basic auth for the data source. Defaults to false.
-                      Whether to enable basic auth for the data source. Defaults to `false`.
-                    type: boolean
-                  basicAuthUsername:
-                    description: |-
-                      (String) Basic auth username. Defaults to “.
-                      Basic auth username. Defaults to “.
-                    type: string
-                  databaseName:
-                    description: |-
-                      (String)  The name of the database to use on the selected data source server. Defaults to “.
-                      (Required by some data source types) The name of the database to use on the selected data source server. Defaults to “.
-                    type: string
-                  httpHeadersSecretRef:
-                    description: |-
-                      (Map of String, Sensitive) Custom HTTP headers
-                      Custom HTTP headers
-                    properties:
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
-                        type: string
-                    required:
-                    - name
-                    - namespace
-                    type: object
-                  isDefault:
-                    description: |-
-                      (Boolean) Whether to set the data source as default. This should only be true to a single data source. Defaults to false.
-                      Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
-                    type: boolean
-                  jsonDataEncoded:
-                    description: |-
-                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                    type: string
-                  name:
-                    description: |-
-                      (String) A unique name for the data source.
-                      A unique name for the data source.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
+                  folderRef:
+                    description: Reference to a Folder in oss to populate folderUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -29486,8 +36741,8 @@ spec:
                     required:
                     - name
                     type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
+                  folderSelector:
+                    description: Selector for a Folder in oss to populate folderUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -29526,97 +36781,10 @@ spec:
                             type: string
                         type: object
                     type: object
-                  secureJsonDataEncodedSecretRef:
-                    description: |-
-                      (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                      Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                    properties:
-                      key:
-                        description: The key to select.
-                        type: string
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
-                        type: string
-                    required:
-                    - key
-                    - name
-                    - namespace
-                    type: object
-                  type:
-                    description: |-
-                      (String) The data source type. Must be one of the supported data source keywords.
-                      The data source type. Must be one of the supported data source keywords.
-                    type: string
-                  uid:
-                    description: |-
-                      (String) Unique identifier. If unset, this will be automatically generated.
-                      Unique identifier. If unset, this will be automatically generated.
-                    type: string
-                  url:
-                    description: |-
-                      (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
-                      The URL for the data source. The type of URL required varies depending on the chosen data source type.
-                    type: string
-                  username:
-                    description: |-
-                      (String)  The username to use to authenticate to the data source. Defaults to “.
-                      (Required by some data source types) The username to use to authenticate to the data source. Defaults to “.
-                    type: string
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  accessMode:
-                    description: |-
-                      (String) The method by which Grafana will access the data source: proxy or direct. Defaults to proxy.
-                      The method by which Grafana will access the data source: `proxy` or `direct`. Defaults to `proxy`.
-                    type: string
-                  basicAuthEnabled:
-                    description: |-
-                      (Boolean) Whether to enable basic auth for the data source. Defaults to false.
-                      Whether to enable basic auth for the data source. Defaults to `false`.
-                    type: boolean
-                  basicAuthUsername:
-                    description: |-
-                      (String) Basic auth username. Defaults to “.
-                      Basic auth username. Defaults to “.
-                    type: string
-                  databaseName:
-                    description: |-
-                      (String)  The name of the database to use on the selected data source server. Defaults to “.
-                      (Required by some data source types) The name of the database to use on the selected data source server. Defaults to “.
-                    type: string
-                  httpHeadersSecretRef:
-                    additionalProperties:
-                      type: string
-                    type: object
-                  isDefault:
-                    description: |-
-                      (Boolean) Whether to set the data source as default. This should only be true to a single data source. Defaults to false.
-                      Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
-                    type: boolean
-                  jsonDataEncoded:
-                    description: |-
-                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                    type: string
-                  name:
+                  folderUid:
                     description: |-
-                      (String) A unique name for the data source.
-                      A unique name for the data source.
+                      (String) The UID of the folder.
+                      The UID of the folder.
                     type: string
                   orgId:
                     description: |-
@@ -29686,56 +36854,193 @@ spec:
                             - Optional
                             type: string
                           resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  secureJsonDataEncodedSecretRef:
-                    description: |-
-                      (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                      Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                    properties:
-                      key:
-                        description: The key to select.
-                        type: string
-                      name:
-                        description: Name of the secret.
-                        type: string
-                      namespace:
-                        description: Namespace of the secret.
-                        type: string
-                    required:
-                    - key
-                    - name
-                    - namespace
-                    type: object
-                  type:
-                    description: |-
-                      (String) The data source type. Must be one of the supported data source keywords.
-                      The data source type. Must be one of the supported data source keywords.
-                    type: string
-                  uid:
-                    description: |-
-                      (String) Unique identifier. If unset, this will be automatically generated.
-                      Unique identifier. If unset, this will be automatically generated.
-                    type: string
-                  url:
-                    description: |-
-                      (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
-                      The URL for the data source. The type of URL required varies depending on the chosen data source type.
-                    type: string
-                  username:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  permissions:
                     description: |-
-                      (String)  The username to use to authenticate to the data source. Defaults to “.
-                      (Required by some data source types) The username to use to authenticate to the data source. Defaults to “.
-                    type: string
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
+                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                          type: string
+                        role:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        teamRef:
+                          description: Reference to a Team in oss to populate teamId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        teamSelector:
+                          description: Selector for a Team in oss to populate teamId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                        userRef:
+                          description: Reference to a User in oss to populate userId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        userSelector:
+                          description: Selector for a User in oss to populate userId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching
+                                labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                  - Required
+                                  - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                  - Always
+                                  - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                      type: object
+                    type: array
                 type: object
               managementPolicies:
                 default:
@@ -29904,83 +37209,52 @@ spec:
             required:
             - forProvider
             type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
-            - message: spec.forProvider.type is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.type)
-                || (has(self.initProvider) && has(self.initProvider.type))'
           status:
-            description: DataSourceStatus defines the observed state of DataSource.
+            description: FolderPermissionStatus defines the observed state of FolderPermission.
             properties:
               atProvider:
                 properties:
-                  accessMode:
-                    description: |-
-                      (String) The method by which Grafana will access the data source: proxy or direct. Defaults to proxy.
-                      The method by which Grafana will access the data source: `proxy` or `direct`. Defaults to `proxy`.
-                    type: string
-                  basicAuthEnabled:
-                    description: |-
-                      (Boolean) Whether to enable basic auth for the data source. Defaults to false.
-                      Whether to enable basic auth for the data source. Defaults to `false`.
-                    type: boolean
-                  basicAuthUsername:
-                    description: |-
-                      (String) Basic auth username. Defaults to “.
-                      Basic auth username. Defaults to “.
-                    type: string
-                  databaseName:
+                  folderUid:
                     description: |-
-                      (String)  The name of the database to use on the selected data source server. Defaults to “.
-                      (Required by some data source types) The name of the database to use on the selected data source server. Defaults to “.
+                      (String) The UID of the folder.
+                      The UID of the folder.
                     type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  isDefault:
-                    description: |-
-                      (Boolean) Whether to set the data source as default. This should only be true to a single data source. Defaults to false.
-                      Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
-                    type: boolean
-                  jsonDataEncoded:
-                    description: |-
-                      (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                      Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
-                    type: string
-                  name:
-                    description: |-
-                      (String) A unique name for the data source.
-                      A unique name for the data source.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  type:
-                    description: |-
-                      (String) The data source type. Must be one of the supported data source keywords.
-                      The data source type. Must be one of the supported data source keywords.
-                    type: string
-                  uid:
-                    description: |-
-                      (String) Unique identifier. If unset, this will be automatically generated.
-                      Unique identifier. If unset, this will be automatically generated.
-                    type: string
-                  url:
-                    description: |-
-                      (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
-                      The URL for the data source. The type of URL required varies depending on the chosen data source type.
-                    type: string
-                  username:
+                  orgId:
                     description: |-
-                      (String)  The username to use to authenticate to the data source. Defaults to “.
-                      (Required by some data source types) The username to use to authenticate to the data source. Defaults to “.
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
+                  permissions:
+                    description: |-
+                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
+                      The permission items to add/update. Items that are omitted from the list will be removed.
+                    items:
+                      properties:
+                        permission:
+                          description: |-
+                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
+                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
+                          type: string
+                        role:
+                          description: |-
+                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
+                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) ID of the team to manage permissions for. Defaults to 0.
+                            ID of the team to manage permissions for. Defaults to `0`.
+                          type: string
+                        userId:
+                          description: |-
+                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
+                            ID of the user or service account to manage permissions for. Defaults to `0`.
+                          type: string
+                      type: object
+                    type: array
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -30049,7 +37323,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: folderpermissions.oss.grafana.crossplane.io
+  name: folders.oss.grafana.crossplane.io
 spec:
   group: oss.grafana.crossplane.io
   names:
@@ -30057,10 +37331,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: FolderPermission
-    listKind: FolderPermissionList
-    plural: folderpermissions
-    singular: folderpermission
+    kind: Folder
+    listKind: FolderList
+    plural: folders
+    singular: folder
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -30079,11 +37353,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: FolderPermission is the Schema for the FolderPermissions API.
-          Manages the entire set of permissions for a folder. Permissions that aren't
-          specified when applying this resource will be removed. Official documentation
-          https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/folder_permissions/
+        description: Folder is the Schema for the Folders API. Official documentation
+          https://grafana.com/docs/grafana/latest/dashboards/manage-dashboards/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/folder/
         properties:
           apiVersion:
             description: |-
@@ -30103,7 +37375,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: FolderPermissionSpec defines the desired state of FolderPermission
+            description: FolderSpec defines the desired state of Folder
             properties:
               deletionPolicy:
                 default: Delete
@@ -30122,7 +37394,7 @@ spec:
               forProvider:
                 properties:
                   folderRef:
-                    description: Reference to a Folder in oss to populate folderUid.
+                    description: Reference to a Folder in oss to populate parentFolderUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -30156,7 +37428,7 @@ spec:
                     - name
                     type: object
                   folderSelector:
-                    description: Selector for a Folder in oss to populate folderUid.
+                    description: Selector for a Folder in oss to populate parentFolderUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -30195,11 +37467,6 @@ spec:
                             type: string
                         type: object
                     type: object
-                  folderUid:
-                    description: |-
-                      (String) The UID of the folder.
-                      The UID of the folder.
-                    type: string
                   orgId:
                     description: |-
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
@@ -30262,199 +37529,43 @@ spec:
                               Resolution specifies whether resolution of this reference is required.
                               The default is 'Required', which means the reconcile will fail if the
                               reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  permissions:
-                    description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
-                    items:
-                      properties:
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
-                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
-                          type: string
-                        role:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        teamId:
-                          description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
-                          type: string
-                        teamRef:
-                          description: Reference to a Team in oss to populate teamId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        teamSelector:
-                          description: Selector for a Team in oss to populate teamId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                        userId:
-                          description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                        userRef:
-                          description: Reference to a User in oss to populate userId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        userSelector:
-                          description: Selector for a User in oss to populate userId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                      type: object
-                    type: array
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  parentFolderUid:
+                    description: |-
+                      (String) The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
+                      The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
+                    type: string
+                  preventDestroyIfNotEmpty:
+                    description: |-
+                      (Boolean) Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to false.
+                      Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to `false`.
+                    type: boolean
+                  title:
+                    description: |-
+                      (String) The title of the folder.
+                      The title of the folder.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier.
+                      Unique identifier.
+                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -30470,7 +37581,7 @@ spec:
                   autoscaler.
                 properties:
                   folderRef:
-                    description: Reference to a Folder in oss to populate folderUid.
+                    description: Reference to a Folder in oss to populate parentFolderUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -30504,7 +37615,7 @@ spec:
                     - name
                     type: object
                   folderSelector:
-                    description: Selector for a Folder in oss to populate folderUid.
+                    description: Selector for a Folder in oss to populate parentFolderUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -30543,11 +37654,6 @@ spec:
                             type: string
                         type: object
                     type: object
-                  folderUid:
-                    description: |-
-                      (String) The UID of the folder.
-                      The UID of the folder.
-                    type: string
                   orgId:
                     description: |-
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
@@ -30593,216 +37699,60 @@ spec:
                       matchControllerRef:
                         description: |-
                           MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  permissions:
-                    description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
-                    items:
-                      properties:
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
-                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
-                          type: string
-                        role:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        teamId:
-                          description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
-                          type: string
-                        teamRef:
-                          description: Reference to a Team in oss to populate teamId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        teamSelector:
-                          description: Selector for a Team in oss to populate teamId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                        userId:
-                          description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                        userRef:
-                          description: Reference to a User in oss to populate userId.
-                          properties:
-                            name:
-                              description: Name of the referenced object.
-                              type: string
-                            policy:
-                              description: Policies for referencing.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          required:
-                          - name
-                          type: object
-                        userSelector:
-                          description: Selector for a User in oss to populate userId.
-                          properties:
-                            matchControllerRef:
-                              description: |-
-                                MatchControllerRef ensures an object with the same controller reference
-                                as the selecting object is selected.
-                              type: boolean
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: MatchLabels ensures an object with matching
-                                labels is selected.
-                              type: object
-                            policy:
-                              description: Policies for selection.
-                              properties:
-                                resolution:
-                                  default: Required
-                                  description: |-
-                                    Resolution specifies whether resolution of this reference is required.
-                                    The default is 'Required', which means the reconcile will fail if the
-                                    reference cannot be resolved. 'Optional' means this reference will be
-                                    a no-op if it cannot be resolved.
-                                  enum:
-                                  - Required
-                                  - Optional
-                                  type: string
-                                resolve:
-                                  description: |-
-                                    Resolve specifies when this reference should be resolved. The default
-                                    is 'IfNotPresent', which will attempt to resolve the reference only when
-                                    the corresponding field is not present. Use 'Always' to resolve the
-                                    reference on every reconcile.
-                                  enum:
-                                  - Always
-                                  - IfNotPresent
-                                  type: string
-                              type: object
-                          type: object
-                      type: object
-                    type: array
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
+                  parentFolderUid:
+                    description: |-
+                      (String) The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
+                      The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
+                    type: string
+                  preventDestroyIfNotEmpty:
+                    description: |-
+                      (Boolean) Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to false.
+                      Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to `false`.
+                    type: boolean
+                  title:
+                    description: |-
+                      (String) The title of the folder.
+                      The title of the folder.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier.
+                      Unique identifier.
+                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -30971,16 +37921,16 @@ spec:
             required:
             - forProvider
             type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.title is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.title)
+                || (has(self.initProvider) && has(self.initProvider.title))'
           status:
-            description: FolderPermissionStatus defines the observed state of FolderPermission.
+            description: FolderStatus defines the observed state of Folder.
             properties:
               atProvider:
                 properties:
-                  folderUid:
-                    description: |-
-                      (String) The UID of the folder.
-                      The UID of the folder.
-                    type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
@@ -30989,34 +37939,31 @@ spec:
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
                       The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  permissions:
+                  parentFolderUid:
                     description: |-
-                      (Block Set) The permission items to add/update. Items that are omitted from the list will be removed. (see below for nested schema)
-                      The permission items to add/update. Items that are omitted from the list will be removed.
-                    items:
-                      properties:
-                        permission:
-                          description: |-
-                            (String) Permission to associate with item. Must be one of View, Edit, or Admin.
-                            Permission to associate with item. Must be one of `View`, `Edit`, or `Admin`.
-                          type: string
-                        role:
-                          description: |-
-                            (String) Name of the basic role to manage permissions for. Options: Viewer, Editor or Admin.
-                            Name of the basic role to manage permissions for. Options: `Viewer`, `Editor` or `Admin`.
-                          type: string
-                        teamId:
-                          description: |-
-                            (String) ID of the team to manage permissions for. Defaults to 0.
-                            ID of the team to manage permissions for. Defaults to `0`.
-                          type: string
-                        userId:
-                          description: |-
-                            (String) ID of the user or service account to manage permissions for. Defaults to 0.
-                            ID of the user or service account to manage permissions for. Defaults to `0`.
-                          type: string
-                      type: object
-                    type: array
+                      (String) The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
+                      The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
+                    type: string
+                  preventDestroyIfNotEmpty:
+                    description: |-
+                      (Boolean) Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to false.
+                      Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to `false`.
+                    type: boolean
+                  title:
+                    description: |-
+                      (String) The title of the folder.
+                      The title of the folder.
+                    type: string
+                  uid:
+                    description: |-
+                      (String) Unique identifier.
+                      Unique identifier.
+                    type: string
+                  url:
+                    description: |-
+                      (String) The full URL of the folder.
+                      The full URL of the folder.
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -31085,7 +38032,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: folders.oss.grafana.crossplane.io
+  name: librarypanels.oss.grafana.crossplane.io
 spec:
   group: oss.grafana.crossplane.io
   names:
@@ -31093,10 +38040,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: Folder
-    listKind: FolderList
-    plural: folders
-    singular: folder
+    kind: LibraryPanel
+    listKind: LibraryPanelList
+    plural: librarypanels
+    singular: librarypanel
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -31115,9 +38062,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Folder is the Schema for the Folders API. Official documentation
-          https://grafana.com/docs/grafana/latest/dashboards/manage-dashboards/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/folder/
+        description: LibraryPanel is the Schema for the LibraryPanels API. Manages
+          Grafana library panels. Official documentation https://grafana.com/docs/grafana/latest/dashboards/build-dashboards/manage-library-panels/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/library_element/
         properties:
           apiVersion:
             description: |-
@@ -31137,7 +38084,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: FolderSpec defines the desired state of Folder
+            description: LibraryPanelSpec defines the desired state of LibraryPanel
             properties:
               deletionPolicy:
                 default: Delete
@@ -31156,7 +38103,7 @@ spec:
               forProvider:
                 properties:
                   folderRef:
-                    description: Reference to a Folder in oss to populate parentFolderUid.
+                    description: Reference to a Folder in oss to populate folderUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -31190,7 +38137,7 @@ spec:
                     - name
                     type: object
                   folderSelector:
-                    description: Selector for a Folder in oss to populate parentFolderUid.
+                    description: Selector for a Folder in oss to populate folderUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -31229,6 +38176,21 @@ spec:
                             type: string
                         type: object
                     type: object
+                  folderUid:
+                    description: |-
+                      (String) Unique ID (UID) of the folder containing the library panel.
+                      Unique ID (UID) of the folder containing the library panel.
+                    type: string
+                  modelJson:
+                    description: |-
+                      (String) The JSON model for the library panel.
+                      The JSON model for the library panel.
+                    type: string
+                  name:
+                    description: |-
+                      (String) Name of the library panel.
+                      Name of the library panel.
+                    type: string
                   orgId:
                     description: |-
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
@@ -31308,25 +38270,10 @@ spec:
                             type: string
                         type: object
                     type: object
-                  parentFolderUid:
-                    description: |-
-                      (String) The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
-                      The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
-                    type: string
-                  preventDestroyIfNotEmpty:
-                    description: |-
-                      (Boolean) Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to false.
-                      Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to `false`.
-                    type: boolean
-                  title:
-                    description: |-
-                      (String) The title of the folder.
-                      The title of the folder.
-                    type: string
                   uid:
                     description: |-
-                      (String) Unique identifier.
-                      Unique identifier.
+                      (String) The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
+                      The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
                     type: string
                 type: object
               initProvider:
@@ -31343,7 +38290,7 @@ spec:
                   autoscaler.
                 properties:
                   folderRef:
-                    description: Reference to a Folder in oss to populate parentFolderUid.
+                    description: Reference to a Folder in oss to populate folderUid.
                     properties:
                       name:
                         description: Name of the referenced object.
@@ -31377,7 +38324,7 @@ spec:
                     - name
                     type: object
                   folderSelector:
-                    description: Selector for a Folder in oss to populate parentFolderUid.
+                    description: Selector for a Folder in oss to populate folderUid.
                     properties:
                       matchControllerRef:
                         description: |-
@@ -31416,6 +38363,21 @@ spec:
                             type: string
                         type: object
                     type: object
+                  folderUid:
+                    description: |-
+                      (String) Unique ID (UID) of the folder containing the library panel.
+                      Unique ID (UID) of the folder containing the library panel.
+                    type: string
+                  modelJson:
+                    description: |-
+                      (String) The JSON model for the library panel.
+                      The JSON model for the library panel.
+                    type: string
+                  name:
+                    description: |-
+                      (String) Name of the library panel.
+                      Name of the library panel.
+                    type: string
                   orgId:
                     description: |-
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
@@ -31495,25 +38457,10 @@ spec:
                             type: string
                         type: object
                     type: object
-                  parentFolderUid:
-                    description: |-
-                      (String) The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
-                      The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
-                    type: string
-                  preventDestroyIfNotEmpty:
-                    description: |-
-                      (Boolean) Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to false.
-                      Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to `false`.
-                    type: boolean
-                  title:
-                    description: |-
-                      (String) The title of the folder.
-                      The title of the folder.
-                    type: string
                   uid:
                     description: |-
-                      (String) Unique identifier.
-                      Unique identifier.
+                      (String) The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
+                      The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
                     type: string
                 type: object
               managementPolicies:
@@ -31684,48 +38631,89 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.title is a required parameter
+            - message: spec.forProvider.modelJson is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.title)
-                || (has(self.initProvider) && has(self.initProvider.title))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.modelJson)
+                || (has(self.initProvider) && has(self.initProvider.modelJson))'
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
           status:
-            description: FolderStatus defines the observed state of Folder.
+            description: LibraryPanelStatus defines the observed state of LibraryPanel.
             properties:
               atProvider:
                 properties:
+                  created:
+                    description: |-
+                      (String) Timestamp when the library panel was created.
+                      Timestamp when the library panel was created.
+                    type: string
+                  dashboardIds:
+                    description: |-
+                      (List of Number) Numerical IDs of Grafana dashboards containing the library panel.
+                      Numerical IDs of Grafana dashboards containing the library panel.
+                    items:
+                      type: number
+                    type: array
+                  description:
+                    description: |-
+                      (String) Description of the library panel.
+                      Description of the library panel.
+                    type: string
+                  folderName:
+                    description: |-
+                      (String) Name of the folder containing the library panel.
+                      Name of the folder containing the library panel.
+                    type: string
+                  folderUid:
+                    description: |-
+                      (String) Unique ID (UID) of the folder containing the library panel.
+                      Unique ID (UID) of the folder containing the library panel.
+                    type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
+                  modelJson:
+                    description: |-
+                      (String) The JSON model for the library panel.
+                      The JSON model for the library panel.
+                    type: string
+                  name:
+                    description: |-
+                      (String) Name of the library panel.
+                      Name of the library panel.
+                    type: string
                   orgId:
                     description: |-
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
                       The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  parentFolderUid:
-                    description: |-
-                      (String) The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
-                      The uid of the parent folder. If set, the folder will be nested. If not set, the folder will be created in the root folder. Note: This requires the nestedFolders feature flag to be enabled on your Grafana instance.
-                    type: string
-                  preventDestroyIfNotEmpty:
+                  panelId:
                     description: |-
-                      (Boolean) Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to false.
-                      Prevent deletion of the folder if it is not empty (contains dashboards or alert rules). This feature requires Grafana 10.2 or later. Defaults to `false`.
-                    type: boolean
-                  title:
+                      (Number) The numeric ID of the library panel computed by Grafana.
+                      The numeric ID of the library panel computed by Grafana.
+                    type: number
+                  type:
                     description: |-
-                      (String) The title of the folder.
-                      The title of the folder.
+                      (String) Type of the library panel (eg. text).
+                      Type of the library panel (eg. text).
                     type: string
                   uid:
                     description: |-
-                      (String) Unique identifier.
-                      Unique identifier.
+                      (String) The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
+                      The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
                     type: string
-                  url:
+                  updated:
                     description: |-
-                      (String) The full URL of the folder.
-                      The full URL of the folder.
+                      (String) Timestamp when the library panel was last modified.
+                      Timestamp when the library panel was last modified.
                     type: string
+                  version:
+                    description: |-
+                      (Number) Version of the library panel.
+                      Version of the library panel.
+                    type: number
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -31794,7 +38782,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: librarypanels.oss.grafana.crossplane.io
+  name: organizationpreferences.oss.grafana.crossplane.io
 spec:
   group: oss.grafana.crossplane.io
   names:
@@ -31802,10 +38790,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: LibraryPanel
-    listKind: LibraryPanelList
-    plural: librarypanels
-    singular: librarypanel
+    kind: OrganizationPreferences
+    listKind: OrganizationPreferencesList
+    plural: organizationpreferences
+    singular: organizationpreferences
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -31824,9 +38812,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: LibraryPanel is the Schema for the LibraryPanels API. Manages
-          Grafana library panels. Official documentation https://grafana.com/docs/grafana/latest/dashboards/build-dashboards/manage-library-panels/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/library_element/
+        description: OrganizationPreferences is the Schema for the OrganizationPreferencess
+          API. Official documentation https://grafana.com/docs/grafana/latest/administration/organization-management/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/preferences/#get-current-org-prefs
         properties:
           apiVersion:
             description: |-
@@ -31846,7 +38834,8 @@ spec:
           metadata:
             type: object
           spec:
-            description: LibraryPanelSpec defines the desired state of LibraryPanel
+            description: OrganizationPreferencesSpec defines the desired state of
+              OrganizationPreferences
             properties:
               deletionPolicy:
                 default: Delete
@@ -31864,94 +38853,10 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  folderRef:
-                    description: Reference to a Folder in oss to populate folderUid.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  folderSelector:
-                    description: Selector for a Folder in oss to populate folderUid.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  folderUid:
-                    description: |-
-                      (String) Unique ID (UID) of the folder containing the library panel.
-                      Unique ID (UID) of the folder containing the library panel.
-                    type: string
-                  modelJson:
-                    description: |-
-                      (String) The JSON model for the library panel.
-                      The JSON model for the library panel.
-                    type: string
-                  name:
+                  homeDashboardUid:
                     description: |-
-                      (String) Name of the library panel.
-                      Name of the library panel.
+                      (String) The Organization home dashboard UID. This is only available in Grafana 9.0+.
+                      The Organization home dashboard UID. This is only available in Grafana 9.0+.
                     type: string
                   orgId:
                     description: |-
@@ -32032,113 +38937,39 @@ spec:
                             type: string
                         type: object
                     type: object
-                  uid:
+                  theme:
                     description: |-
-                      (String) The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
-                      The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
+                      (String) The Organization theme. Available values are light, dark, system, or an empty string for the default.
+                      The Organization theme. Available values are `light`, `dark`, `system`, or an empty string for the default.
                     type: string
-                type: object
-              initProvider:
-                description: |-
-                  THIS IS A BETA FIELD. It will be honored
-                  unless the Management Policies feature flag is disabled.
-                  InitProvider holds the same fields as ForProvider, with the exception
-                  of Identifier and other resource reference fields. The fields that are
-                  in InitProvider are merged into ForProvider when the resource is created.
-                  The same fields are also added to the terraform ignore_changes hook, to
-                  avoid updating them after creation. This is useful for fields that are
-                  required on creation, but we do not desire to update them after creation,
-                  for example because of an external controller is managing them, like an
-                  autoscaler.
-                properties:
-                  folderRef:
-                    description: Reference to a Folder in oss to populate folderUid.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  folderSelector:
-                    description: Selector for a Folder in oss to populate folderUid.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  folderUid:
+                  timezone:
                     description: |-
-                      (String) Unique ID (UID) of the folder containing the library panel.
-                      Unique ID (UID) of the folder containing the library panel.
+                      (String) The Organization timezone. Available values are utc, browser, or an empty string for the default.
+                      The Organization timezone. Available values are `utc`, `browser`, or an empty string for the default.
                     type: string
-                  modelJson:
+                  weekStart:
                     description: |-
-                      (String) The JSON model for the library panel.
-                      The JSON model for the library panel.
+                      (String) The Organization week start day. Available values are sunday, monday, saturday, or an empty string for the default. Defaults to “.
+                      The Organization week start day. Available values are `sunday`, `monday`, `saturday`, or an empty string for the default. Defaults to “.
                     type: string
-                  name:
+                type: object
+              initProvider:
+                description: |-
+                  THIS IS A BETA FIELD. It will be honored
+                  unless the Management Policies feature flag is disabled.
+                  InitProvider holds the same fields as ForProvider, with the exception
+                  of Identifier and other resource reference fields. The fields that are
+                  in InitProvider are merged into ForProvider when the resource is created.
+                  The same fields are also added to the terraform ignore_changes hook, to
+                  avoid updating them after creation. This is useful for fields that are
+                  required on creation, but we do not desire to update them after creation,
+                  for example because of an external controller is managing them, like an
+                  autoscaler.
+                properties:
+                  homeDashboardUid:
                     description: |-
-                      (String) Name of the library panel.
-                      Name of the library panel.
+                      (String) The Organization home dashboard UID. This is only available in Grafana 9.0+.
+                      The Organization home dashboard UID. This is only available in Grafana 9.0+.
                     type: string
                   orgId:
                     description: |-
@@ -32219,10 +39050,20 @@ spec:
                             type: string
                         type: object
                     type: object
-                  uid:
+                  theme:
                     description: |-
-                      (String) The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
-                      The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
+                      (String) The Organization theme. Available values are light, dark, system, or an empty string for the default.
+                      The Organization theme. Available values are `light`, `dark`, `system`, or an empty string for the default.
+                    type: string
+                  timezone:
+                    description: |-
+                      (String) The Organization timezone. Available values are utc, browser, or an empty string for the default.
+                      The Organization timezone. Available values are `utc`, `browser`, or an empty string for the default.
+                    type: string
+                  weekStart:
+                    description: |-
+                      (String) The Organization week start day. Available values are sunday, monday, saturday, or an empty string for the default. Defaults to “.
+                      The Organization week start day. Available values are `sunday`, `monday`, `saturday`, or an empty string for the default. Defaults to “.
                     type: string
                 type: object
               managementPolicies:
@@ -32392,90 +39233,40 @@ spec:
             required:
             - forProvider
             type: object
-            x-kubernetes-validations:
-            - message: spec.forProvider.modelJson is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.modelJson)
-                || (has(self.initProvider) && has(self.initProvider.modelJson))'
-            - message: spec.forProvider.name is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
           status:
-            description: LibraryPanelStatus defines the observed state of LibraryPanel.
+            description: OrganizationPreferencesStatus defines the observed state
+              of OrganizationPreferences.
             properties:
               atProvider:
                 properties:
-                  created:
-                    description: |-
-                      (String) Timestamp when the library panel was created.
-                      Timestamp when the library panel was created.
-                    type: string
-                  dashboardIds:
-                    description: |-
-                      (List of Number) Numerical IDs of Grafana dashboards containing the library panel.
-                      Numerical IDs of Grafana dashboards containing the library panel.
-                    items:
-                      type: number
-                    type: array
-                  description:
-                    description: |-
-                      (String) Description of the library panel.
-                      Description of the library panel.
-                    type: string
-                  folderName:
-                    description: |-
-                      (String) Name of the folder containing the library panel.
-                      Name of the folder containing the library panel.
-                    type: string
-                  folderUid:
+                  homeDashboardUid:
                     description: |-
-                      (String) Unique ID (UID) of the folder containing the library panel.
-                      Unique ID (UID) of the folder containing the library panel.
+                      (String) The Organization home dashboard UID. This is only available in Grafana 9.0+.
+                      The Organization home dashboard UID. This is only available in Grafana 9.0+.
                     type: string
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  modelJson:
-                    description: |-
-                      (String) The JSON model for the library panel.
-                      The JSON model for the library panel.
-                    type: string
-                  name:
-                    description: |-
-                      (String) Name of the library panel.
-                      Name of the library panel.
-                    type: string
                   orgId:
                     description: |-
                       (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
                       The Organization ID. If not set, the Org ID defined in the provider block will be used.
                     type: string
-                  panelId:
-                    description: |-
-                      (Number) The numeric ID of the library panel computed by Grafana.
-                      The numeric ID of the library panel computed by Grafana.
-                    type: number
-                  type:
+                  theme:
                     description: |-
-                      (String) Type of the library panel (eg. text).
-                      Type of the library panel (eg. text).
+                      (String) The Organization theme. Available values are light, dark, system, or an empty string for the default.
+                      The Organization theme. Available values are `light`, `dark`, `system`, or an empty string for the default.
                     type: string
-                  uid:
+                  timezone:
                     description: |-
-                      (String) The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
-                      The unique identifier (UID) of a library panel uniquely identifies library panels between multiple Grafana installs. It’s automatically generated unless you specify it during library panel creation.The UID provides consistent URLs for accessing library panels and when syncing library panels between multiple Grafana installs.
+                      (String) The Organization timezone. Available values are utc, browser, or an empty string for the default.
+                      The Organization timezone. Available values are `utc`, `browser`, or an empty string for the default.
                     type: string
-                  updated:
+                  weekStart:
                     description: |-
-                      (String) Timestamp when the library panel was last modified.
-                      Timestamp when the library panel was last modified.
+                      (String) The Organization week start day. Available values are sunday, monday, saturday, or an empty string for the default. Defaults to “.
+                      The Organization week start day. Available values are `sunday`, `monday`, `saturday`, or an empty string for the default. Defaults to “.
                     type: string
-                  version:
-                    description: |-
-                      (Number) Version of the library panel.
-                      Version of the library panel.
-                    type: number
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -32544,7 +39335,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: organizationpreferences.oss.grafana.crossplane.io
+  name: organizations.oss.grafana.crossplane.io
 spec:
   group: oss.grafana.crossplane.io
   names:
@@ -32552,10 +39343,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: OrganizationPreferences
-    listKind: OrganizationPreferencesList
-    plural: organizationpreferences
-    singular: organizationpreferences
+    kind: Organization
+    listKind: OrganizationList
+    plural: organizations
+    singular: organization
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -32565,155 +39356,138 @@ spec:
     - jsonPath: .status.conditions[?(@.type=='Ready')].status
       name: READY
       type: string
-    - jsonPath: .metadata.annotations.crossplane\.io/external-name
-      name: EXTERNAL-NAME
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: OrganizationPreferences is the Schema for the OrganizationPreferencess
-          API. Official documentation https://grafana.com/docs/grafana/latest/administration/organization-management/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/preferences/#get-current-org-prefs
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OrganizationPreferencesSpec defines the desired state of
-              OrganizationPreferences
-            properties:
-              deletionPolicy:
-                default: Delete
-                description: |-
-                  DeletionPolicy specifies what will happen to the underlying external
-                  when this managed resource is deleted - either "Delete" or "Orphan" the
-                  external resource.
-                  This field is planned to be deprecated in favor of the ManagementPolicies
-                  field in a future release. Currently, both could be set independently and
-                  non-default values would be honored if the feature flag is enabled.
-                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
-                enum:
-                - Orphan
-                - Delete
-                type: string
-              forProvider:
-                properties:
-                  homeDashboardUid:
-                    description: |-
-                      (String) The Organization home dashboard UID. This is only available in Grafana 9.0+.
-                      The Organization home dashboard UID. This is only available in Grafana 9.0+.
-                    type: string
-                  orgId:
-                    description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  theme:
+    - jsonPath: .metadata.annotations.crossplane\.io/external-name
+      name: EXTERNAL-NAME
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Organization is the Schema for the Organizations API. Official
+          documentation https://grafana.com/docs/grafana/latest/administration/organization-management/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/org/ This
+          resource represents an instance-scoped resource and uses Grafana's admin
+          APIs. It does not work with API tokens or service accounts which are org-scoped.
+          You must use basic auth. This resource is also not compatible with Grafana
+          Cloud, as it does not allow basic auth.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OrganizationSpec defines the desired state of Organization
+            properties:
+              deletionPolicy:
+                default: Delete
+                description: |-
+                  DeletionPolicy specifies what will happen to the underlying external
+                  when this managed resource is deleted - either "Delete" or "Orphan" the
+                  external resource.
+                  This field is planned to be deprecated in favor of the ManagementPolicies
+                  field in a future release. Currently, both could be set independently and
+                  non-default values would be honored if the feature flag is enabled.
+                  See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                enum:
+                - Orphan
+                - Delete
+                type: string
+              forProvider:
+                properties:
+                  adminUser:
                     description: |-
-                      (String) The Organization theme. Available values are light, dark, system, or an empty string for the default.
-                      The Organization theme. Available values are `light`, `dark`, `system`, or an empty string for the default.
+                      (String) The login name of the configured default admin user for the Grafana
+                      installation. If unset, this value defaults to admin, the Grafana default.
+                      Defaults to admin.
+                      The login name of the configured default admin user for the Grafana
+                      installation. If unset, this value defaults to admin, the Grafana default.
+                      Defaults to `admin`.
                     type: string
-                  timezone:
+                  admins:
                     description: |-
-                      (String) The Organization timezone. Available values are utc, browser, or an empty string for the default.
-                      The Organization timezone. Available values are `utc`, `browser`, or an empty string for the default.
-                    type: string
-                  weekStart:
+                      (Set of String) A list of email addresses corresponding to users who should be given admin
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given admin
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  createUsers:
                     description: |-
-                      (String) The Organization week start day. Available values are sunday, monday, saturday, or an empty string for the default. Defaults to “.
-                      The Organization week start day. Available values are `sunday`, `monday`, `saturday`, or an empty string for the default. Defaults to “.
+                      (Boolean) Whether or not to create Grafana users specified in the organization's
+                      membership if they don't already exist in Grafana. If unspecified, this
+                      parameter defaults to true, creating placeholder users with the name, login,
+                      and email set to the email of the user, and a random password. Setting this
+                      option to false will cause an error to be thrown for any users that do not
+                      already exist in Grafana.
+                      Defaults to true.
+                      Whether or not to create Grafana users specified in the organization's
+                      membership if they don't already exist in Grafana. If unspecified, this
+                      parameter defaults to true, creating placeholder users with the name, login,
+                      and email set to the email of the user, and a random password. Setting this
+                      option to false will cause an error to be thrown for any users that do not
+                      already exist in Grafana.
+                      Defaults to `true`.
+                    type: boolean
+                  editors:
+                    description: |-
+                      (Set of String) A list of email addresses corresponding to users who should be given editor
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given editor
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  name:
+                    description: |-
+                      (String) The display name for the Grafana organization created.
+                      The display name for the Grafana organization created.
                     type: string
+                  usersWithoutAccess:
+                    description: |-
+                      (Set of String) A list of email addresses corresponding to users who should be given none access to the organization.
+                      Note: users specified here must already exist in Grafana, unless 'create_users' is
+                      set to true. This feature is only available in Grafana 10.2+.
+                      A list of email addresses corresponding to users who should be given none access to the organization.
+                      Note: users specified here must already exist in Grafana, unless 'create_users' is
+                      set to true. This feature is only available in Grafana 10.2+.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  viewers:
+                    description: |-
+                      (Set of String) A list of email addresses corresponding to users who should be given viewer
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given viewer
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
                 type: object
               initProvider:
                 description: |-
@@ -32728,105 +39502,85 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  homeDashboardUid:
+                  adminUser:
                     description: |-
-                      (String) The Organization home dashboard UID. This is only available in Grafana 9.0+.
-                      The Organization home dashboard UID. This is only available in Grafana 9.0+.
+                      (String) The login name of the configured default admin user for the Grafana
+                      installation. If unset, this value defaults to admin, the Grafana default.
+                      Defaults to admin.
+                      The login name of the configured default admin user for the Grafana
+                      installation. If unset, this value defaults to admin, the Grafana default.
+                      Defaults to `admin`.
                     type: string
-                  orgId:
+                  admins:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                    type: string
-                  organizationRef:
-                    description: Reference to a Organization in oss to populate orgId.
-                    properties:
-                      name:
-                        description: Name of the referenced object.
-                        type: string
-                      policy:
-                        description: Policies for referencing.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  organizationSelector:
-                    description: Selector for a Organization in oss to populate orgId.
-                    properties:
-                      matchControllerRef:
-                        description: |-
-                          MatchControllerRef ensures an object with the same controller reference
-                          as the selecting object is selected.
-                        type: boolean
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: MatchLabels ensures an object with matching labels
-                          is selected.
-                        type: object
-                      policy:
-                        description: Policies for selection.
-                        properties:
-                          resolution:
-                            default: Required
-                            description: |-
-                              Resolution specifies whether resolution of this reference is required.
-                              The default is 'Required', which means the reconcile will fail if the
-                              reference cannot be resolved. 'Optional' means this reference will be
-                              a no-op if it cannot be resolved.
-                            enum:
-                            - Required
-                            - Optional
-                            type: string
-                          resolve:
-                            description: |-
-                              Resolve specifies when this reference should be resolved. The default
-                              is 'IfNotPresent', which will attempt to resolve the reference only when
-                              the corresponding field is not present. Use 'Always' to resolve the
-                              reference on every reconcile.
-                            enum:
-                            - Always
-                            - IfNotPresent
-                            type: string
-                        type: object
-                    type: object
-                  theme:
+                      (Set of String) A list of email addresses corresponding to users who should be given admin
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given admin
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  createUsers:
+                    description: |-
+                      (Boolean) Whether or not to create Grafana users specified in the organization's
+                      membership if they don't already exist in Grafana. If unspecified, this
+                      parameter defaults to true, creating placeholder users with the name, login,
+                      and email set to the email of the user, and a random password. Setting this
+                      option to false will cause an error to be thrown for any users that do not
+                      already exist in Grafana.
+                      Defaults to true.
+                      Whether or not to create Grafana users specified in the organization's
+                      membership if they don't already exist in Grafana. If unspecified, this
+                      parameter defaults to true, creating placeholder users with the name, login,
+                      and email set to the email of the user, and a random password. Setting this
+                      option to false will cause an error to be thrown for any users that do not
+                      already exist in Grafana.
+                      Defaults to `true`.
+                    type: boolean
+                  editors:
+                    description: |-
+                      (Set of String) A list of email addresses corresponding to users who should be given editor
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given editor
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  name:
                     description: |-
-                      (String) The Organization theme. Available values are light, dark, system, or an empty string for the default.
-                      The Organization theme. Available values are `light`, `dark`, `system`, or an empty string for the default.
+                      (String) The display name for the Grafana organization created.
+                      The display name for the Grafana organization created.
                     type: string
-                  timezone:
+                  usersWithoutAccess:
                     description: |-
-                      (String) The Organization timezone. Available values are utc, browser, or an empty string for the default.
-                      The Organization timezone. Available values are `utc`, `browser`, or an empty string for the default.
-                    type: string
-                  weekStart:
+                      (Set of String) A list of email addresses corresponding to users who should be given none access to the organization.
+                      Note: users specified here must already exist in Grafana, unless 'create_users' is
+                      set to true. This feature is only available in Grafana 10.2+.
+                      A list of email addresses corresponding to users who should be given none access to the organization.
+                      Note: users specified here must already exist in Grafana, unless 'create_users' is
+                      set to true. This feature is only available in Grafana 10.2+.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  viewers:
                     description: |-
-                      (String) The Organization week start day. Available values are sunday, monday, saturday, or an empty string for the default. Defaults to “.
-                      The Organization week start day. Available values are `sunday`, `monday`, `saturday`, or an empty string for the default. Defaults to “.
-                    type: string
+                      (Set of String) A list of email addresses corresponding to users who should be given viewer
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given viewer
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
                 type: object
               managementPolicies:
                 default:
@@ -32995,40 +39749,103 @@ spec:
             required:
             - forProvider
             type: object
+            x-kubernetes-validations:
+            - message: spec.forProvider.name is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
+                || (has(self.initProvider) && has(self.initProvider.name))'
           status:
-            description: OrganizationPreferencesStatus defines the observed state
-              of OrganizationPreferences.
+            description: OrganizationStatus defines the observed state of Organization.
             properties:
               atProvider:
                 properties:
-                  homeDashboardUid:
+                  adminUser:
                     description: |-
-                      (String) The Organization home dashboard UID. This is only available in Grafana 9.0+.
-                      The Organization home dashboard UID. This is only available in Grafana 9.0+.
+                      (String) The login name of the configured default admin user for the Grafana
+                      installation. If unset, this value defaults to admin, the Grafana default.
+                      Defaults to admin.
+                      The login name of the configured default admin user for the Grafana
+                      installation. If unset, this value defaults to admin, the Grafana default.
+                      Defaults to `admin`.
                     type: string
+                  admins:
+                    description: |-
+                      (Set of String) A list of email addresses corresponding to users who should be given admin
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given admin
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  createUsers:
+                    description: |-
+                      (Boolean) Whether or not to create Grafana users specified in the organization's
+                      membership if they don't already exist in Grafana. If unspecified, this
+                      parameter defaults to true, creating placeholder users with the name, login,
+                      and email set to the email of the user, and a random password. Setting this
+                      option to false will cause an error to be thrown for any users that do not
+                      already exist in Grafana.
+                      Defaults to true.
+                      Whether or not to create Grafana users specified in the organization's
+                      membership if they don't already exist in Grafana. If unspecified, this
+                      parameter defaults to true, creating placeholder users with the name, login,
+                      and email set to the email of the user, and a random password. Setting this
+                      option to false will cause an error to be thrown for any users that do not
+                      already exist in Grafana.
+                      Defaults to `true`.
+                    type: boolean
+                  editors:
+                    description: |-
+                      (Set of String) A list of email addresses corresponding to users who should be given editor
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given editor
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  orgId:
+                  name:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The display name for the Grafana organization created.
+                      The display name for the Grafana organization created.
                     type: string
-                  theme:
+                  orgId:
                     description: |-
-                      (String) The Organization theme. Available values are light, dark, system, or an empty string for the default.
-                      The Organization theme. Available values are `light`, `dark`, `system`, or an empty string for the default.
-                    type: string
-                  timezone:
+                      (Number) The organization id assigned to this organization by Grafana.
+                      The organization id assigned to this organization by Grafana.
+                    type: number
+                  usersWithoutAccess:
                     description: |-
-                      (String) The Organization timezone. Available values are utc, browser, or an empty string for the default.
-                      The Organization timezone. Available values are `utc`, `browser`, or an empty string for the default.
-                    type: string
-                  weekStart:
+                      (Set of String) A list of email addresses corresponding to users who should be given none access to the organization.
+                      Note: users specified here must already exist in Grafana, unless 'create_users' is
+                      set to true. This feature is only available in Grafana 10.2+.
+                      A list of email addresses corresponding to users who should be given none access to the organization.
+                      Note: users specified here must already exist in Grafana, unless 'create_users' is
+                      set to true. This feature is only available in Grafana 10.2+.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
+                  viewers:
                     description: |-
-                      (String) The Organization week start day. Available values are sunday, monday, saturday, or an empty string for the default. Defaults to “.
-                      The Organization week start day. Available values are `sunday`, `monday`, `saturday`, or an empty string for the default. Defaults to “.
-                    type: string
+                      (Set of String) A list of email addresses corresponding to users who should be given viewer
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                      A list of email addresses corresponding to users who should be given viewer
+                      access to the organization. Note: users specified here must already exist in
+                      Grafana unless 'create_users' is set to true.
+                    items:
+                      type: string
+                    type: array
+                    x-kubernetes-list-type: set
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -33097,7 +39914,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: organizations.oss.grafana.crossplane.io
+  name: playlists.oss.grafana.crossplane.io
 spec:
   group: oss.grafana.crossplane.io
   names:
@@ -33105,10 +39922,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: Organization
-    listKind: OrganizationList
-    plural: organizations
-    singular: organization
+    kind: Playlist
+    listKind: PlaylistList
+    plural: playlists
+    singular: playlist
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -33127,13 +39944,9 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Organization is the Schema for the Organizations API. Official
-          documentation https://grafana.com/docs/grafana/latest/administration/organization-management/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/org/ This
-          resource represents an instance-scoped resource and uses Grafana's admin
-          APIs. It does not work with API tokens or service accounts which are org-scoped.
-          You must use basic auth. This resource is also not compatible with Grafana
-          Cloud, as it does not allow basic auth.
+        description: Playlist is the Schema for the Playlists API. Official documentation
+          https://grafana.com/docs/grafana/latest/dashboards/create-manage-playlists/HTTP
+          API https://grafana.com/docs/grafana/latest/developers/http_api/playlist/
         properties:
           apiVersion:
             description: |-
@@ -33153,7 +39966,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: OrganizationSpec defines the desired state of Organization
+            description: PlaylistSpec defines the desired state of Playlist
             properties:
               deletionPolicy:
                 default: Delete
@@ -33171,85 +39984,111 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  adminUser:
-                    description: |-
-                      (String) The login name of the configured default admin user for the Grafana
-                      installation. If unset, this value defaults to admin, the Grafana default.
-                      Defaults to admin.
-                      The login name of the configured default admin user for the Grafana
-                      installation. If unset, this value defaults to admin, the Grafana default.
-                      Defaults to `admin`.
-                    type: string
-                  admins:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given admin
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given admin
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  createUsers:
-                    description: |-
-                      (Boolean) Whether or not to create Grafana users specified in the organization's
-                      membership if they don't already exist in Grafana. If unspecified, this
-                      parameter defaults to true, creating placeholder users with the name, login,
-                      and email set to the email of the user, and a random password. Setting this
-                      option to false will cause an error to be thrown for any users that do not
-                      already exist in Grafana.
-                      Defaults to true.
-                      Whether or not to create Grafana users specified in the organization's
-                      membership if they don't already exist in Grafana. If unspecified, this
-                      parameter defaults to true, creating placeholder users with the name, login,
-                      and email set to the email of the user, and a random password. Setting this
-                      option to false will cause an error to be thrown for any users that do not
-                      already exist in Grafana.
-                      Defaults to `true`.
-                    type: boolean
-                  editors:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given editor
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given editor
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  name:
-                    description: |-
-                      (String) The display name for the Grafana organization created.
-                      The display name for the Grafana organization created.
+                  interval:
+                    description: (String)
                     type: string
-                  usersWithoutAccess:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given none access to the organization.
-                      Note: users specified here must already exist in Grafana, unless 'create_users' is
-                      set to true. This feature is only available in Grafana 10.2+.
-                      A list of email addresses corresponding to users who should be given none access to the organization.
-                      Note: users specified here must already exist in Grafana, unless 'create_users' is
-                      set to true. This feature is only available in Grafana 10.2+.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  viewers:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given viewer
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given viewer
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
+                  item:
+                    description: '(Block Set, Min: 1) (see below for nested schema)'
                     items:
-                      type: string
+                      properties:
+                        order:
+                          description: (Number)
+                          type: number
+                        title:
+                          description: (String)
+                          type: string
+                        type:
+                          description: (String)
+                          type: string
+                        value:
+                          description: (String)
+                          type: string
+                      type: object
                     type: array
-                    x-kubernetes-list-type: set
+                  name:
+                    description: |-
+                      (String) The name of the playlist.
+                      The name of the playlist.
+                    type: string
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
                 type: object
               initProvider:
                 description: |-
@@ -33264,85 +40103,111 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  adminUser:
-                    description: |-
-                      (String) The login name of the configured default admin user for the Grafana
-                      installation. If unset, this value defaults to admin, the Grafana default.
-                      Defaults to admin.
-                      The login name of the configured default admin user for the Grafana
-                      installation. If unset, this value defaults to admin, the Grafana default.
-                      Defaults to `admin`.
+                  interval:
+                    description: (String)
                     type: string
-                  admins:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given admin
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given admin
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  createUsers:
-                    description: |-
-                      (Boolean) Whether or not to create Grafana users specified in the organization's
-                      membership if they don't already exist in Grafana. If unspecified, this
-                      parameter defaults to true, creating placeholder users with the name, login,
-                      and email set to the email of the user, and a random password. Setting this
-                      option to false will cause an error to be thrown for any users that do not
-                      already exist in Grafana.
-                      Defaults to true.
-                      Whether or not to create Grafana users specified in the organization's
-                      membership if they don't already exist in Grafana. If unspecified, this
-                      parameter defaults to true, creating placeholder users with the name, login,
-                      and email set to the email of the user, and a random password. Setting this
-                      option to false will cause an error to be thrown for any users that do not
-                      already exist in Grafana.
-                      Defaults to `true`.
-                    type: boolean
-                  editors:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given editor
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given editor
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
+                  item:
+                    description: '(Block Set, Min: 1) (see below for nested schema)'
                     items:
-                      type: string
+                      properties:
+                        order:
+                          description: (Number)
+                          type: number
+                        title:
+                          description: (String)
+                          type: string
+                        type:
+                          description: (String)
+                          type: string
+                        value:
+                          description: (String)
+                          type: string
+                      type: object
                     type: array
-                    x-kubernetes-list-type: set
                   name:
                     description: |-
-                      (String) The display name for the Grafana organization created.
-                      The display name for the Grafana organization created.
+                      (String) The name of the playlist.
+                      The name of the playlist.
                     type: string
-                  usersWithoutAccess:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given none access to the organization.
-                      Note: users specified here must already exist in Grafana, unless 'create_users' is
-                      set to true. This feature is only available in Grafana 10.2+.
-                      A list of email addresses corresponding to users who should be given none access to the organization.
-                      Note: users specified here must already exist in Grafana, unless 'create_users' is
-                      set to true. This feature is only available in Grafana 10.2+.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  viewers:
+                  orgId:
                     description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given viewer
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given viewer
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
+                  organizationRef:
+                    description: Reference to a Organization in oss to populate orgId.
+                    properties:
+                      name:
+                        description: Name of the referenced object.
+                        type: string
+                      policy:
+                        description: Policies for referencing.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  organizationSelector:
+                    description: Selector for a Organization in oss to populate orgId.
+                    properties:
+                      matchControllerRef:
+                        description: |-
+                          MatchControllerRef ensures an object with the same controller reference
+                          as the selecting object is selected.
+                        type: boolean
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: MatchLabels ensures an object with matching labels
+                          is selected.
+                        type: object
+                      policy:
+                        description: Policies for selection.
+                        properties:
+                          resolution:
+                            default: Required
+                            description: |-
+                              Resolution specifies whether resolution of this reference is required.
+                              The default is 'Required', which means the reconcile will fail if the
+                              reference cannot be resolved. 'Optional' means this reference will be
+                              a no-op if it cannot be resolved.
+                            enum:
+                            - Required
+                            - Optional
+                            type: string
+                          resolve:
+                            description: |-
+                              Resolve specifies when this reference should be resolved. The default
+                              is 'IfNotPresent', which will attempt to resolve the reference only when
+                              the corresponding field is not present. Use 'Always' to resolve the
+                              reference on every reconcile.
+                            enum:
+                            - Always
+                            - IfNotPresent
+                            type: string
+                        type: object
+                    type: object
                 type: object
               managementPolicies:
                 default:
@@ -33512,102 +40377,60 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
+            - message: spec.forProvider.interval is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.interval)
+                || (has(self.initProvider) && has(self.initProvider.interval))'
+            - message: spec.forProvider.item is a required parameter
+              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.item)
+                || (has(self.initProvider) && has(self.initProvider.item))'
             - message: spec.forProvider.name is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
                 || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
                 || (has(self.initProvider) && has(self.initProvider.name))'
           status:
-            description: OrganizationStatus defines the observed state of Organization.
+            description: PlaylistStatus defines the observed state of Playlist.
             properties:
               atProvider:
                 properties:
-                  adminUser:
-                    description: |-
-                      (String) The login name of the configured default admin user for the Grafana
-                      installation. If unset, this value defaults to admin, the Grafana default.
-                      Defaults to admin.
-                      The login name of the configured default admin user for the Grafana
-                      installation. If unset, this value defaults to admin, the Grafana default.
-                      Defaults to `admin`.
-                    type: string
-                  admins:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given admin
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given admin
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  createUsers:
-                    description: |-
-                      (Boolean) Whether or not to create Grafana users specified in the organization's
-                      membership if they don't already exist in Grafana. If unspecified, this
-                      parameter defaults to true, creating placeholder users with the name, login,
-                      and email set to the email of the user, and a random password. Setting this
-                      option to false will cause an error to be thrown for any users that do not
-                      already exist in Grafana.
-                      Defaults to true.
-                      Whether or not to create Grafana users specified in the organization's
-                      membership if they don't already exist in Grafana. If unspecified, this
-                      parameter defaults to true, creating placeholder users with the name, login,
-                      and email set to the email of the user, and a random password. Setting this
-                      option to false will cause an error to be thrown for any users that do not
-                      already exist in Grafana.
-                      Defaults to `true`.
-                    type: boolean
-                  editors:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given editor
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given editor
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
                   id:
                     description: (String) The ID of this resource.
                     type: string
+                  interval:
+                    description: (String)
+                    type: string
+                  item:
+                    description: '(Block Set, Min: 1) (see below for nested schema)'
+                    items:
+                      properties:
+                        id:
+                          description: (String) The ID of this resource.
+                          type: string
+                        order:
+                          description: (Number)
+                          type: number
+                        title:
+                          description: (String)
+                          type: string
+                        type:
+                          description: (String)
+                          type: string
+                        value:
+                          description: (String)
+                          type: string
+                      type: object
+                    type: array
                   name:
                     description: |-
-                      (String) The display name for the Grafana organization created.
-                      The display name for the Grafana organization created.
+                      (String) The name of the playlist.
+                      The name of the playlist.
                     type: string
                   orgId:
                     description: |-
-                      (Number) The organization id assigned to this organization by Grafana.
-                      The organization id assigned to this organization by Grafana.
-                    type: number
-                  usersWithoutAccess:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given none access to the organization.
-                      Note: users specified here must already exist in Grafana, unless 'create_users' is
-                      set to true. This feature is only available in Grafana 10.2+.
-                      A list of email addresses corresponding to users who should be given none access to the organization.
-                      Note: users specified here must already exist in Grafana, unless 'create_users' is
-                      set to true. This feature is only available in Grafana 10.2+.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
-                  viewers:
-                    description: |-
-                      (Set of String) A list of email addresses corresponding to users who should be given viewer
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                      A list of email addresses corresponding to users who should be given viewer
-                      access to the organization. Note: users specified here must already exist in
-                      Grafana unless 'create_users' is set to true.
-                    items:
-                      type: string
-                    type: array
-                    x-kubernetes-list-type: set
+                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                    type: string
                 type: object
               conditions:
                 description: Conditions of the resource.
@@ -33676,7 +40499,7 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.14.0
-  name: playlists.oss.grafana.crossplane.io
+  name: serviceaccountpermissionitems.oss.grafana.crossplane.io
 spec:
   group: oss.grafana.crossplane.io
   names:
@@ -33684,10 +40507,10 @@ spec:
     - crossplane
     - managed
     - grafana
-    kind: Playlist
-    listKind: PlaylistList
-    plural: playlists
-    singular: playlist
+    kind: ServiceAccountPermissionItem
+    listKind: ServiceAccountPermissionItemList
+    plural: serviceaccountpermissionitems
+    singular: serviceaccountpermissionitem
   scope: Cluster
   versions:
   - additionalPrinterColumns:
@@ -33706,9 +40529,10 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Playlist is the Schema for the Playlists API. Official documentation
-          https://grafana.com/docs/grafana/latest/dashboards/create-manage-playlists/HTTP
-          API https://grafana.com/docs/grafana/latest/developers/http_api/playlist/
+        description: ServiceAccountPermissionItem is the Schema for the ServiceAccountPermissionItems
+          API. Manages a single permission item for a service account. Conflicts with
+          the "grafana_service_account_permission" resource which manages the entire
+          set of permissions for a service account. Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/#manage-users-and-teams-permissions-for-a-service-account-in-grafana
         properties:
           apiVersion:
             description: |-
@@ -33728,7 +40552,8 @@ spec:
           metadata:
             type: object
           spec:
-            description: PlaylistSpec defines the desired state of Playlist
+            description: ServiceAccountPermissionItemSpec defines the desired state
+              of ServiceAccountPermissionItem
             properties:
               deletionPolicy:
                 default: Delete
@@ -33746,36 +40571,10 @@ spec:
                 type: string
               forProvider:
                 properties:
-                  interval:
-                    description: (String)
-                    type: string
-                  item:
-                    description: '(Block Set, Min: 1) (see below for nested schema)'
-                    items:
-                      properties:
-                        order:
-                          description: (Number)
-                          type: number
-                        title:
-                          description: (String)
-                          type: string
-                        type:
-                          description: (String)
-                          type: string
-                        value:
-                          description: (String)
-                          type: string
-                      type: object
-                    type: array
-                  name:
-                    description: |-
-                      (String) The name of the playlist.
-                      The name of the playlist.
-                    type: string
                   orgId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
                     type: string
                   organizationRef:
                     description: Reference to a Organization in oss to populate orgId.
@@ -33851,6 +40650,26 @@ spec:
                             type: string
                         type: object
                     type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  serviceAccountId:
+                    description: |-
+                      (String) The ID of the service account.
+                      The ID of the service account.
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
                 type: object
               initProvider:
                 description: |-
@@ -33865,36 +40684,10 @@ spec:
                   for example because of an external controller is managing them, like an
                   autoscaler.
                 properties:
-                  interval:
-                    description: (String)
-                    type: string
-                  item:
-                    description: '(Block Set, Min: 1) (see below for nested schema)'
-                    items:
-                      properties:
-                        order:
-                          description: (Number)
-                          type: number
-                        title:
-                          description: (String)
-                          type: string
-                        type:
-                          description: (String)
-                          type: string
-                        value:
-                          description: (String)
-                          type: string
-                      type: object
-                    type: array
-                  name:
-                    description: |-
-                      (String) The name of the playlist.
-                      The name of the playlist.
-                    type: string
                   orgId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
                     type: string
                   organizationRef:
                     description: Reference to a Organization in oss to populate orgId.
@@ -33970,6 +40763,26 @@ spec:
                             type: string
                         type: object
                     type: object
+                  permission:
+                    description: |-
+                      (String) the permission to be assigned
+                      the permission to be assigned
+                    type: string
+                  serviceAccountId:
+                    description: |-
+                      (String) The ID of the service account.
+                      The ID of the service account.
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
+                    type: string
                 type: object
               managementPolicies:
                 default:
@@ -34139,59 +40952,47 @@ spec:
             - forProvider
             type: object
             x-kubernetes-validations:
-            - message: spec.forProvider.interval is a required parameter
-              rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.interval)
-                || (has(self.initProvider) && has(self.initProvider.interval))'
-            - message: spec.forProvider.item is a required parameter
+            - message: spec.forProvider.permission is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.item)
-                || (has(self.initProvider) && has(self.initProvider.item))'
-            - message: spec.forProvider.name is a required parameter
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.permission)
+                || (has(self.initProvider) && has(self.initProvider.permission))'
+            - message: spec.forProvider.serviceAccountId is a required parameter
               rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies
-                || ''Update'' in self.managementPolicies) || has(self.forProvider.name)
-                || (has(self.initProvider) && has(self.initProvider.name))'
+                || ''Update'' in self.managementPolicies) || has(self.forProvider.serviceAccountId)
+                || (has(self.initProvider) && has(self.initProvider.serviceAccountId))'
           status:
-            description: PlaylistStatus defines the observed state of Playlist.
+            description: ServiceAccountPermissionItemStatus defines the observed state
+              of ServiceAccountPermissionItem.
             properties:
               atProvider:
                 properties:
                   id:
                     description: (String) The ID of this resource.
                     type: string
-                  interval:
-                    description: (String)
+                  orgId:
+                    description: |-
+                      (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                      The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
                     type: string
-                  item:
-                    description: '(Block Set, Min: 1) (see below for nested schema)'
-                    items:
-                      properties:
-                        id:
-                          description: (String) The ID of this resource.
-                          type: string
-                        order:
-                          description: (Number)
-                          type: number
-                        title:
-                          description: (String)
-                          type: string
-                        type:
-                          description: (String)
-                          type: string
-                        value:
-                          description: (String)
-                          type: string
-                      type: object
-                    type: array
-                  name:
+                  permission:
                     description: |-
-                      (String) The name of the playlist.
-                      The name of the playlist.
+                      (String) the permission to be assigned
+                      the permission to be assigned
                     type: string
-                  orgId:
+                  serviceAccountId:
                     description: |-
-                      (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
-                      The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                      (String) The ID of the service account.
+                      The ID of the service account.
+                    type: string
+                  team:
+                    description: |-
+                      (String) the team onto which the permission is to be assigned
+                      the team onto which the permission is to be assigned
+                    type: string
+                  user:
+                    description: |-
+                      (String) the user or service account onto which the permission is to be assigned
+                      the user or service account onto which the permission is to be assigned
                     type: string
                 type: object
               conditions:
diff --git a/grafanaplane/zz/cloud/v1alpha1/main.libsonnet b/grafanaplane/zz/cloud/v1alpha1/main.libsonnet
index 306f1ce..88d46bd 100644
--- a/grafanaplane/zz/cloud/v1alpha1/main.libsonnet
+++ b/grafanaplane/zz/cloud/v1alpha1/main.libsonnet
@@ -1,6 +1,7 @@
 {
   accessPolicy+: import './accessPolicy/main.libsonnet',
   accessPolicyToken+: import './accessPolicyToken/main.libsonnet',
+  orgMember+: import './orgMember/main.libsonnet',
   pluginInstallation+: import './pluginInstallation/main.libsonnet',
   stack+: import './stack/main.libsonnet',
   stackServiceAccount+: import './stackServiceAccount/main.libsonnet',
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/main.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/main.libsonnet
new file mode 100644
index 0000000..2380611
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'orgMember' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'cloud.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'OrgMember',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/metadata/main.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionRef.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionSelector.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/main.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/main.libsonnet
new file mode 100644
index 0000000..736a5c8
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'OrgMemberSpec defines the desired state of OrgMember' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'OrgMemberSpec defines the desired state of OrgMember' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/parameters.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/parameters.libsonnet
new file mode 100644
index 0000000..ea57482
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/parameters.libsonnet
@@ -0,0 +1,475 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withOrg': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The slug or ID of the organization.' } },
+      withOrg(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              org: value,
+            },
+          },
+        },
+      },
+      '#withReceiveBillingEmails': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'Whether the user should receive billing emails.' } },
+      withReceiveBillingEmails(value=true): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              receiveBillingEmails: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The role to assign to the user in the organization.' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: "Username or ID of the user to add to the org's members." } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withOrg': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The slug or ID of the organization.' } },
+      withOrg(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              org: value,
+            },
+          },
+        },
+      },
+      '#withReceiveBillingEmails': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'Whether the user should receive billing emails.' } },
+      withReceiveBillingEmails(value=true): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              receiveBillingEmails: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The role to assign to the user in the organization.' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: "Username or ID of the user to add to the org's members." } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/cloud/v1alpha1/orgMember/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/main.libsonnet b/grafanaplane/zz/cloudprovider/main.libsonnet
new file mode 100644
index 0000000..99cfa8f
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/main.libsonnet
@@ -0,0 +1,4 @@
+{
+  '#': { help: '', name: 'cloudprovider' },
+  v1alpha1+: import './v1alpha1/main.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/main.libsonnet
new file mode 100644
index 0000000..21019d7
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'awsAccount' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'cloudprovider.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'AwsAccount',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/metadata/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionSelector.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/main.libsonnet
new file mode 100644
index 0000000..1e0c88b
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AwsAccountSpec defines the desired state of AwsAccount' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AwsAccountSpec defines the desired state of AwsAccount' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/parameters.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/parameters.libsonnet
new file mode 100644
index 0000000..eeaeec9
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/parameters.libsonnet
@@ -0,0 +1,487 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withRegions': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of regions that this AWS Account resource applies to.\nA set of regions that this AWS Account resource applies to.' } },
+      withRegions(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              regions:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withRegionsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of regions that this AWS Account resource applies to.\nA set of regions that this AWS Account resource applies to.' } },
+      withRegionsMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              regions+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withRoleArn': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) An IAM Role ARN string to represent with this AWS Account resource.\nAn IAM Role ARN string to represent with this AWS Account resource.' } },
+      withRoleArn(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              roleArn: value,
+            },
+          },
+        },
+      },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The StackID of the Grafana Cloud instance.\nThe StackID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withRegions': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of regions that this AWS Account resource applies to.\nA set of regions that this AWS Account resource applies to.' } },
+      withRegions(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              regions:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withRegionsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of regions that this AWS Account resource applies to.\nA set of regions that this AWS Account resource applies to.' } },
+      withRegionsMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              regions+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withRoleArn': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) An IAM Role ARN string to represent with this AWS Account resource.\nAn IAM Role ARN string to represent with this AWS Account resource.' } },
+      withRoleArn(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              roleArn: value,
+            },
+          },
+        },
+      },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The StackID of the Grafana Cloud instance.\nThe StackID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsAccount/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/main.libsonnet
new file mode 100644
index 0000000..fe0cdd1
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'awsCloudwatchScrapeJob' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'cloudprovider.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'AwsCloudwatchScrapeJob',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/metadata/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionSelector.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/main.libsonnet
new file mode 100644
index 0000000..09615e3
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AwsCloudwatchScrapeJobSpec defines the desired state of AwsCloudwatchScrapeJob' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AwsCloudwatchScrapeJobSpec defines the desired state of AwsCloudwatchScrapeJob' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters.libsonnet
new file mode 100644
index 0000000..256bbe4
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/parameters.libsonnet
@@ -0,0 +1,923 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withAwsAccountResourceId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.\nThe ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.' } },
+      withAwsAccountResourceId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              awsAccountResourceId: value,
+            },
+          },
+        },
+      },
+      '#withCustomNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nZero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withCustomNamespace(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              customNamespace:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withCustomNamespaceMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nZero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withCustomNamespaceMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              customNamespace+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      customNamespace+:
+        {
+          '#': { help: '', name: 'customNamespace' },
+          '#withMetric': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetric(value): {
+            metric:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withMetricMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetricMixin(value): {
+            metric+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          metric+:
+            {
+              '#': { help: '', name: 'metric' },
+              '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the metric to scrape.' } },
+              withName(value): {
+                name: value,
+              },
+              '#withStatistics': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatistics(value): {
+                statistics:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+              '#withStatisticsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatisticsMixin(value): {
+                statistics+:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+            },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the custom namespace to scrape.' } },
+          withName(value): {
+            name: value,
+          },
+          '#withScrapeIntervalSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['number'] }], help: '(Number) The interval in seconds to scrape the custom namespace.\nThe interval in seconds to scrape the custom namespace.' } },
+          withScrapeIntervalSeconds(value): {
+            scrapeIntervalSeconds: value,
+          },
+        },
+      '#withEnabled': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: '(Boolean) Whether the CloudWatch Scrape Job is enabled or not.\nWhether the CloudWatch Scrape Job is enabled or not.' } },
+      withEnabled(value=true): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              enabled: value,
+            },
+          },
+        },
+      },
+      '#withExportTags': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: '(Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.\nWhen enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.' } },
+      withExportTags(value=true): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              exportTags: value,
+            },
+          },
+        },
+      },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the CloudWatch Scrape Job.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withRegionsSubsetOverride': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.\nA subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped." } },
+      withRegionsSubsetOverride(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              regionsSubsetOverride:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withRegionsSubsetOverrideMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.\nA subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped." } },
+      withRegionsSubsetOverrideMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              regionsSubsetOverride+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withService': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withService(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              service:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withServiceMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withServiceMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              service+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      service+:
+        {
+          '#': { help: '', name: 'service' },
+          '#withMetric': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetric(value): {
+            metric:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withMetricMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetricMixin(value): {
+            metric+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          metric+:
+            {
+              '#': { help: '', name: 'metric' },
+              '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the metric to scrape.' } },
+              withName(value): {
+                name: value,
+              },
+              '#withStatistics': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatistics(value): {
+                statistics:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+              '#withStatisticsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatisticsMixin(value): {
+                statistics+:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+            },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.' } },
+          withName(value): {
+            name: value,
+          },
+          '#withResourceDiscoveryTagFilter': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.' } },
+          withResourceDiscoveryTagFilter(value): {
+            resourceDiscoveryTagFilter:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withResourceDiscoveryTagFilterMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.' } },
+          withResourceDiscoveryTagFilterMixin(value): {
+            resourceDiscoveryTagFilter+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          resourceDiscoveryTagFilter+:
+            {
+              '#': { help: '', name: 'resourceDiscoveryTagFilter' },
+              '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The key of the tag filter.\nThe key of the tag filter.' } },
+              withKey(value): {
+                key: value,
+              },
+              '#withValue': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The value of the tag filter.\nThe value of the tag filter.' } },
+              withValue(value): {
+                value: value,
+              },
+            },
+          '#withScrapeIntervalSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['number'] }], help: '(Number) The interval in seconds to scrape the custom namespace.\nThe interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.' } },
+          withScrapeIntervalSeconds(value): {
+            scrapeIntervalSeconds: value,
+          },
+          '#withTagsToAddToMetrics': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.\nA set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.' } },
+          withTagsToAddToMetrics(value): {
+            tagsToAddToMetrics:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withTagsToAddToMetricsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.\nA set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.' } },
+          withTagsToAddToMetricsMixin(value): {
+            tagsToAddToMetrics+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+        },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Stack ID of the Grafana Cloud instance.\nThe Stack ID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withAwsAccountResourceId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.\nThe ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.' } },
+      withAwsAccountResourceId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              awsAccountResourceId: value,
+            },
+          },
+        },
+      },
+      '#withCustomNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nZero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withCustomNamespace(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              customNamespace:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withCustomNamespaceMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nZero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withCustomNamespaceMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              customNamespace+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      customNamespace+:
+        {
+          '#': { help: '', name: 'customNamespace' },
+          '#withMetric': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetric(value): {
+            metric:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withMetricMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetricMixin(value): {
+            metric+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          metric+:
+            {
+              '#': { help: '', name: 'metric' },
+              '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the metric to scrape.' } },
+              withName(value): {
+                name: value,
+              },
+              '#withStatistics': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatistics(value): {
+                statistics:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+              '#withStatisticsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatisticsMixin(value): {
+                statistics+:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+            },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the custom namespace to scrape.' } },
+          withName(value): {
+            name: value,
+          },
+          '#withScrapeIntervalSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['number'] }], help: '(Number) The interval in seconds to scrape the custom namespace.\nThe interval in seconds to scrape the custom namespace.' } },
+          withScrapeIntervalSeconds(value): {
+            scrapeIntervalSeconds: value,
+          },
+        },
+      '#withEnabled': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: '(Boolean) Whether the CloudWatch Scrape Job is enabled or not.\nWhether the CloudWatch Scrape Job is enabled or not.' } },
+      withEnabled(value=true): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              enabled: value,
+            },
+          },
+        },
+      },
+      '#withExportTags': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: '(Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.\nWhen enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.' } },
+      withExportTags(value=true): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              exportTags: value,
+            },
+          },
+        },
+      },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the CloudWatch Scrape Job.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withRegionsSubsetOverride': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.\nA subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped." } },
+      withRegionsSubsetOverride(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              regionsSubsetOverride:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withRegionsSubsetOverrideMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "(Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.\nA subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped." } },
+      withRegionsSubsetOverrideMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              regionsSubsetOverride+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withService': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withService(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              service:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withServiceMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.' } },
+      withServiceMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              service+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      service+:
+        {
+          '#': { help: '', name: 'service' },
+          '#withMetric': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetric(value): {
+            metric:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withMetricMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.' } },
+          withMetricMixin(value): {
+            metric+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          metric+:
+            {
+              '#': { help: '', name: 'metric' },
+              '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the metric to scrape.' } },
+              withName(value): {
+                name: value,
+              },
+              '#withStatistics': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatistics(value): {
+                statistics:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+              '#withStatisticsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of statistics to scrape.\nA set of statistics to scrape.' } },
+              withStatisticsMixin(value): {
+                statistics+:
+                  (if std.isArray(value)
+                   then value
+                   else [value]),
+              },
+            },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the CloudWatch Scrape Job.\nThe name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.' } },
+          withName(value): {
+            name: value,
+          },
+          '#withResourceDiscoveryTagFilter': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.' } },
+          withResourceDiscoveryTagFilter(value): {
+            resourceDiscoveryTagFilter:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withResourceDiscoveryTagFilterMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)\nOne or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.' } },
+          withResourceDiscoveryTagFilterMixin(value): {
+            resourceDiscoveryTagFilter+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          resourceDiscoveryTagFilter+:
+            {
+              '#': { help: '', name: 'resourceDiscoveryTagFilter' },
+              '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The key of the tag filter.\nThe key of the tag filter.' } },
+              withKey(value): {
+                key: value,
+              },
+              '#withValue': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The value of the tag filter.\nThe value of the tag filter.' } },
+              withValue(value): {
+                value: value,
+              },
+            },
+          '#withScrapeIntervalSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['number'] }], help: '(Number) The interval in seconds to scrape the custom namespace.\nThe interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.' } },
+          withScrapeIntervalSeconds(value): {
+            scrapeIntervalSeconds: value,
+          },
+          '#withTagsToAddToMetrics': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.\nA set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.' } },
+          withTagsToAddToMetrics(value): {
+            tagsToAddToMetrics:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+          '#withTagsToAddToMetricsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.\nA set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.' } },
+          withTagsToAddToMetricsMixin(value): {
+            tagsToAddToMetrics+:
+              (if std.isArray(value)
+               then value
+               else [value]),
+          },
+        },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Stack ID of the Grafana Cloud instance.\nThe Stack ID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/awsCloudwatchScrapeJob/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/main.libsonnet
new file mode 100644
index 0000000..02ae0c5
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'azureCredential' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'cloudprovider.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'AzureCredential',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/metadata/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionSelector.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/main.libsonnet
new file mode 100644
index 0000000..49a9d7b
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AzureCredentialSpec defines the desired state of AzureCredential' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AzureCredentialSpec defines the desired state of AzureCredential' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/parameters.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/parameters.libsonnet
new file mode 100644
index 0000000..eb1bde2
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/parameters.libsonnet
@@ -0,0 +1,669 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withClientId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The client ID of the Azure Credential.\nThe client ID of the Azure Credential.' } },
+      withClientId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              clientId: value,
+            },
+          },
+        },
+      },
+      '#withClientSecretSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) The client secret of the Azure Credential.\nThe client secret of the Azure Credential.' } },
+      withClientSecretSecretRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              clientSecretSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withClientSecretSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) The client secret of the Azure Credential.\nThe client secret of the Azure Credential.' } },
+      withClientSecretSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              clientSecretSecretRef+: value,
+            },
+          },
+        },
+      },
+      clientSecretSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  clientSecretSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  clientSecretSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  clientSecretSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the Azure Credential.\nThe name of the Azure Credential.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withResourceDiscoveryTagFilter': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) The list of tag filters to apply to resources. (see below for nested schema)\nThe list of tag filters to apply to resources.' } },
+      withResourceDiscoveryTagFilter(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              resourceDiscoveryTagFilter:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withResourceDiscoveryTagFilterMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) The list of tag filters to apply to resources. (see below for nested schema)\nThe list of tag filters to apply to resources.' } },
+      withResourceDiscoveryTagFilterMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              resourceDiscoveryTagFilter+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      resourceDiscoveryTagFilter+:
+        {
+          '#': { help: '', name: 'resourceDiscoveryTagFilter' },
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The key of the tag filter.\nThe key of the tag filter.' } },
+          withKey(value): {
+            key: value,
+          },
+          '#withValue': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The value of the tag filter.\nThe value of the tag filter.' } },
+          withValue(value): {
+            value: value,
+          },
+        },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The StackID of the Grafana Cloud instance.\nThe StackID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+      '#withTenantId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The tenant ID of the Azure Credential.\nThe tenant ID of the Azure Credential.' } },
+      withTenantId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              tenantId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withClientId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The client ID of the Azure Credential.\nThe client ID of the Azure Credential.' } },
+      withClientId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              clientId: value,
+            },
+          },
+        },
+      },
+      '#withClientSecretSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) The client secret of the Azure Credential.\nThe client secret of the Azure Credential.' } },
+      withClientSecretSecretRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              clientSecretSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withClientSecretSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) The client secret of the Azure Credential.\nThe client secret of the Azure Credential.' } },
+      withClientSecretSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              clientSecretSecretRef+: value,
+            },
+          },
+        },
+      },
+      clientSecretSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  clientSecretSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  clientSecretSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  clientSecretSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the Azure Credential.\nThe name of the Azure Credential.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withResourceDiscoveryTagFilter': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) The list of tag filters to apply to resources. (see below for nested schema)\nThe list of tag filters to apply to resources.' } },
+      withResourceDiscoveryTagFilter(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              resourceDiscoveryTagFilter:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      '#withResourceDiscoveryTagFilterMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: '(Block List) The list of tag filters to apply to resources. (see below for nested schema)\nThe list of tag filters to apply to resources.' } },
+      withResourceDiscoveryTagFilterMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              resourceDiscoveryTagFilter+:
+                (if std.isArray(value)
+                 then value
+                 else [value]),
+            },
+          },
+        },
+      },
+      resourceDiscoveryTagFilter+:
+        {
+          '#': { help: '', name: 'resourceDiscoveryTagFilter' },
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The key of the tag filter.\nThe key of the tag filter.' } },
+          withKey(value): {
+            key: value,
+          },
+          '#withValue': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The value of the tag filter.\nThe value of the tag filter.' } },
+          withValue(value): {
+            value: value,
+          },
+        },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The StackID of the Grafana Cloud instance.\nThe StackID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+      '#withTenantId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The tenant ID of the Azure Credential.\nThe tenant ID of the Azure Credential.' } },
+      withTenantId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              tenantId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/azureCredential/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/cloudprovider/v1alpha1/main.libsonnet b/grafanaplane/zz/cloudprovider/v1alpha1/main.libsonnet
new file mode 100644
index 0000000..2845430
--- /dev/null
+++ b/grafanaplane/zz/cloudprovider/v1alpha1/main.libsonnet
@@ -0,0 +1,5 @@
+{
+  awsAccount+: import './awsAccount/main.libsonnet',
+  awsCloudwatchScrapeJob+: import './awsCloudwatchScrapeJob/main.libsonnet',
+  azureCredential+: import './azureCredential/main.libsonnet',
+}
diff --git a/grafanaplane/zz/configurations.libsonnet b/grafanaplane/zz/configurations.libsonnet
index c1f42f4..94a395a 100644
--- a/grafanaplane/zz/configurations.libsonnet
+++ b/grafanaplane/zz/configurations.libsonnet
@@ -9,7 +9,7 @@
       name: 'grafana-namespaced-alerting',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-alerting:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-alerting:0.5.2-0.24.0',
     },
   },
   cloud: {
@@ -22,7 +22,33 @@
       name: 'grafana-namespaced-cloud',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-cloud:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-cloud:0.5.2-0.24.0',
+    },
+  },
+  cloudprovider: {
+    apiVersion: 'pkg.crossplane.io/v1',
+    kind: 'Configuration',
+    metadata: {
+      annotations: {
+        'tanka.dev/namespaced': 'false',
+      },
+      name: 'grafana-namespaced-cloudprovider',
+    },
+    spec: {
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-cloudprovider:0.5.2-0.24.0',
+    },
+  },
+  connections: {
+    apiVersion: 'pkg.crossplane.io/v1',
+    kind: 'Configuration',
+    metadata: {
+      annotations: {
+        'tanka.dev/namespaced': 'false',
+      },
+      name: 'grafana-namespaced-connections',
+    },
+    spec: {
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-connections:0.5.2-0.24.0',
     },
   },
   enterprise: {
@@ -35,7 +61,7 @@
       name: 'grafana-namespaced-enterprise',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-enterprise:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-enterprise:0.5.2-0.24.0',
     },
   },
   ml: {
@@ -48,7 +74,7 @@
       name: 'grafana-namespaced-ml',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-ml:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-ml:0.5.2-0.24.0',
     },
   },
   oncall: {
@@ -61,7 +87,7 @@
       name: 'grafana-namespaced-oncall',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-oncall:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-oncall:0.5.2-0.24.0',
     },
   },
   oss: {
@@ -74,7 +100,7 @@
       name: 'grafana-namespaced-oss',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-oss:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-oss:0.5.2-0.24.0',
     },
   },
   slo: {
@@ -87,7 +113,7 @@
       name: 'grafana-namespaced-slo',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-slo:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-slo:0.5.2-0.24.0',
     },
   },
   sm: {
@@ -100,7 +126,7 @@
       name: 'grafana-namespaced-sm',
     },
     spec: {
-      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-sm:0.5.2-0.22.0',
+      package: 'ghcr.io/grafana/crossplane/grafana-namespaced-sm:0.5.2-0.24.0',
     },
   },
 }
diff --git a/grafanaplane/zz/connections/main.libsonnet b/grafanaplane/zz/connections/main.libsonnet
new file mode 100644
index 0000000..396c4cb
--- /dev/null
+++ b/grafanaplane/zz/connections/main.libsonnet
@@ -0,0 +1,4 @@
+{
+  '#': { help: '', name: 'connections' },
+  v1alpha1+: import './v1alpha1/main.libsonnet',
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/main.libsonnet b/grafanaplane/zz/connections/v1alpha1/main.libsonnet
new file mode 100644
index 0000000..00921e2
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/main.libsonnet
@@ -0,0 +1,3 @@
+{
+  metricsEndpointScrapeJob+: import './metricsEndpointScrapeJob/main.libsonnet',
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/main.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/main.libsonnet
new file mode 100644
index 0000000..40eea16
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'metricsEndpointScrapeJob' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'connections.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'MetricsEndpointScrapeJob',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/metadata/main.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionRef.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionSelector.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/main.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/main.libsonnet
new file mode 100644
index 0000000..f62d694
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MetricsEndpointScrapeJobSpec defines the desired state of MetricsEndpointScrapeJob' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MetricsEndpointScrapeJobSpec defines the desired state of MetricsEndpointScrapeJob' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/parameters.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/parameters.libsonnet
new file mode 100644
index 0000000..5fc4d1e
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/parameters.libsonnet
@@ -0,0 +1,771 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withAuthenticationBasicPasswordSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method\nPassword for basic authentication, use if scrape job is using basic authentication method' } },
+      withAuthenticationBasicPasswordSecretRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              authenticationBasicPasswordSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withAuthenticationBasicPasswordSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method\nPassword for basic authentication, use if scrape job is using basic authentication method' } },
+      withAuthenticationBasicPasswordSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              authenticationBasicPasswordSecretRef+: value,
+            },
+          },
+        },
+      },
+      authenticationBasicPasswordSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  authenticationBasicPasswordSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  authenticationBasicPasswordSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  authenticationBasicPasswordSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withAuthenticationBasicUsername': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Username for basic authentication, use if scrape job is using basic authentication method\nUsername for basic authentication, use if scrape job is using basic authentication method' } },
+      withAuthenticationBasicUsername(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              authenticationBasicUsername: value,
+            },
+          },
+        },
+      },
+      '#withAuthenticationBearerTokenSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method\nBearer token used for authentication, use if scrape job is using bearer authentication method' } },
+      withAuthenticationBearerTokenSecretRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              authenticationBearerTokenSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withAuthenticationBearerTokenSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method\nBearer token used for authentication, use if scrape job is using bearer authentication method' } },
+      withAuthenticationBearerTokenSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              authenticationBearerTokenSecretRef+: value,
+            },
+          },
+        },
+      },
+      authenticationBearerTokenSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  authenticationBearerTokenSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  authenticationBearerTokenSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  authenticationBearerTokenSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withAuthenticationMethod': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Method to pass authentication credentials: basic or bearer.\nMethod to pass authentication credentials: basic or bearer.' } },
+      withAuthenticationMethod(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              authenticationMethod: value,
+            },
+          },
+        },
+      },
+      '#withEnabled': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: '(Boolean) Whether the metrics endpoint scrape job is enabled or not.\nWhether the metrics endpoint scrape job is enabled or not.' } },
+      withEnabled(value=true): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              enabled: value,
+            },
+          },
+        },
+      },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the metrics endpoint scrape job.\nThe name of the metrics endpoint scrape job.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withScrapeIntervalSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['number'] }], help: '(Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.\nFrequency for scraping the metrics endpoint: 30, 60, or 120 seconds.' } },
+      withScrapeIntervalSeconds(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              scrapeIntervalSeconds: value,
+            },
+          },
+        },
+      },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Stack ID of the Grafana Cloud instance.\nThe Stack ID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+      '#withUrl': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The url to scrape metrics from; a valid HTTPs URL is required.\nThe url to scrape metrics from; a valid HTTPs URL is required.' } },
+      withUrl(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              url: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withAuthenticationBasicPasswordSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method\nPassword for basic authentication, use if scrape job is using basic authentication method' } },
+      withAuthenticationBasicPasswordSecretRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              authenticationBasicPasswordSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withAuthenticationBasicPasswordSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method\nPassword for basic authentication, use if scrape job is using basic authentication method' } },
+      withAuthenticationBasicPasswordSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              authenticationBasicPasswordSecretRef+: value,
+            },
+          },
+        },
+      },
+      authenticationBasicPasswordSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  authenticationBasicPasswordSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  authenticationBasicPasswordSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  authenticationBasicPasswordSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withAuthenticationBasicUsername': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Username for basic authentication, use if scrape job is using basic authentication method\nUsername for basic authentication, use if scrape job is using basic authentication method' } },
+      withAuthenticationBasicUsername(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              authenticationBasicUsername: value,
+            },
+          },
+        },
+      },
+      '#withAuthenticationBearerTokenSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method\nBearer token used for authentication, use if scrape job is using bearer authentication method' } },
+      withAuthenticationBearerTokenSecretRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              authenticationBearerTokenSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withAuthenticationBearerTokenSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method\nBearer token used for authentication, use if scrape job is using bearer authentication method' } },
+      withAuthenticationBearerTokenSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              authenticationBearerTokenSecretRef+: value,
+            },
+          },
+        },
+      },
+      authenticationBearerTokenSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  authenticationBearerTokenSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  authenticationBearerTokenSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  authenticationBearerTokenSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withAuthenticationMethod': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Method to pass authentication credentials: basic or bearer.\nMethod to pass authentication credentials: basic or bearer.' } },
+      withAuthenticationMethod(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              authenticationMethod: value,
+            },
+          },
+        },
+      },
+      '#withEnabled': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: '(Boolean) Whether the metrics endpoint scrape job is enabled or not.\nWhether the metrics endpoint scrape job is enabled or not.' } },
+      withEnabled(value=true): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              enabled: value,
+            },
+          },
+        },
+      },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The name of the metrics endpoint scrape job.\nThe name of the metrics endpoint scrape job.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withScrapeIntervalSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['number'] }], help: '(Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.\nFrequency for scraping the metrics endpoint: 30, 60, or 120 seconds.' } },
+      withScrapeIntervalSeconds(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              scrapeIntervalSeconds: value,
+            },
+          },
+        },
+      },
+      '#withStackId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Stack ID of the Grafana Cloud instance.\nThe Stack ID of the Grafana Cloud instance.' } },
+      withStackId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              stackId: value,
+            },
+          },
+        },
+      },
+      '#withUrl': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The url to scrape metrics from; a valid HTTPs URL is required.\nThe url to scrape metrics from; a valid HTTPs URL is required.' } },
+      withUrl(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              url: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/connections/v1alpha1/metricsEndpointScrapeJob/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/main.libsonnet
new file mode 100644
index 0000000..35a51b3
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'dataSourceConfigLbacRules' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'enterprise.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'DataSourceConfigLbacRules',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/metadata/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionSelector.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/main.libsonnet
new file mode 100644
index 0000000..24931bc
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DataSourceConfigLbacRulesSpec defines the desired state of DataSourceConfigLbacRules' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DataSourceConfigLbacRulesSpec defines the desired state of DataSourceConfigLbacRules' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/parameters.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/parameters.libsonnet
new file mode 100644
index 0000000..9af0388
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/parameters.libsonnet
@@ -0,0 +1,435 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withDatasourceUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The UID of the datasource.' } },
+      withDatasourceUid(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              datasourceUid: value,
+            },
+          },
+        },
+      },
+      '#withRules': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'JSON-encoded LBAC rules for the data source. Map of team UIDs to lists of rule strings.' } },
+      withRules(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              rules: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withDatasourceUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The UID of the datasource.' } },
+      withDatasourceUid(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              datasourceUid: value,
+            },
+          },
+        },
+      },
+      '#withRules': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'JSON-encoded LBAC rules for the data source. Map of team UIDs to lists of rule strings.' } },
+      withRules(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              rules: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourceConfigLbacRules/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/main.libsonnet
new file mode 100644
index 0000000..1748b0a
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'dataSourcePermissionItem' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'enterprise.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'DataSourcePermissionItem',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/metadata/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionSelector.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/main.libsonnet
new file mode 100644
index 0000000..189bece
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DataSourcePermissionItemSpec defines the desired state of DataSourcePermissionItem' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DataSourcePermissionItemSpec defines the desired state of DataSourcePermissionItem' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/parameters.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/parameters.libsonnet
new file mode 100644
index 0000000..30adcc8
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/parameters.libsonnet
@@ -0,0 +1,923 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withDatasourceUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The UID of the datasource.\nThe UID of the datasource.' } },
+      withDatasourceUid(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              datasourceUid: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role onto which the permission is to be assigned\nthe role onto which the permission is to be assigned' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withDatasourceUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The UID of the datasource.\nThe UID of the datasource.' } },
+      withDatasourceUid(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              datasourceUid: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role onto which the permission is to be assigned\nthe role onto which the permission is to be assigned' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/dataSourcePermissionItem/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/main.libsonnet
index cb35de5..235a3bf 100644
--- a/grafanaplane/zz/enterprise/v1alpha1/main.libsonnet
+++ b/grafanaplane/zz/enterprise/v1alpha1/main.libsonnet
@@ -1,6 +1,9 @@
 {
+  dataSourceConfigLbacRules+: import './dataSourceConfigLbacRules/main.libsonnet',
+  dataSourcePermissionItem+: import './dataSourcePermissionItem/main.libsonnet',
   dataSourcePermission+: import './dataSourcePermission/main.libsonnet',
   report+: import './report/main.libsonnet',
+  roleAssignmentItem+: import './roleAssignmentItem/main.libsonnet',
   roleAssignment+: import './roleAssignment/main.libsonnet',
   role+: import './role/main.libsonnet',
   teamExternalGroup+: import './teamExternalGroup/main.libsonnet',
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/main.libsonnet
new file mode 100644
index 0000000..176c75e
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'roleAssignmentItem' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'enterprise.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'RoleAssignmentItem',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/metadata/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionSelector.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/main.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/main.libsonnet
new file mode 100644
index 0000000..2cb28e3
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'RoleAssignmentItemSpec defines the desired state of RoleAssignmentItem' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'RoleAssignmentItemSpec defines the desired state of RoleAssignmentItem' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/parameters.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/parameters.libsonnet
new file mode 100644
index 0000000..b36f331
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/parameters.libsonnet
@@ -0,0 +1,903 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withRoleUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role UID onto which to assign an actor\nthe role UID onto which to assign an actor' } },
+      withRoleUid(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              roleUid: value,
+            },
+          },
+        },
+      },
+      '#withServiceAccountId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the service account onto which the role is to be assigned\nthe service account onto which the role is to be assigned' } },
+      withServiceAccountId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              serviceAccountId: value,
+            },
+          },
+        },
+      },
+      '#withTeamId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the role is to be assigned\nthe team onto which the role is to be assigned' } },
+      withTeamId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              teamId: value,
+            },
+          },
+        },
+      },
+      '#withUserId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user onto which the role is to be assigned\nthe user onto which the role is to be assigned' } },
+      withUserId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              userId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withRoleUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role UID onto which to assign an actor\nthe role UID onto which to assign an actor' } },
+      withRoleUid(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              roleUid: value,
+            },
+          },
+        },
+      },
+      '#withServiceAccountId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the service account onto which the role is to be assigned\nthe service account onto which the role is to be assigned' } },
+      withServiceAccountId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              serviceAccountId: value,
+            },
+          },
+        },
+      },
+      '#withTeamId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the role is to be assigned\nthe team onto which the role is to be assigned' } },
+      withTeamId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              teamId: value,
+            },
+          },
+        },
+      },
+      '#withUserId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user onto which the role is to be assigned\nthe user onto which the role is to be assigned' } },
+      withUserId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              userId: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/enterprise/v1alpha1/roleAssignmentItem/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/gvks.libsonnet b/grafanaplane/zz/gvks.libsonnet
index 03efe80..97e3500 100644
--- a/grafanaplane/zz/gvks.libsonnet
+++ b/grafanaplane/zz/gvks.libsonnet
@@ -79,6 +79,12 @@
         plural: 'accesspolicytokens',
         version: 'v1alpha1',
       },
+      {
+        group: 'cloud.grafana.crossplane.io',
+        kind: 'OrgMember',
+        plural: 'orgmembers',
+        version: 'v1alpha1',
+      },
       {
         group: 'cloud.grafana.crossplane.io',
         kind: 'PluginInstallation',
@@ -117,6 +123,12 @@
         plural: 'accesspolicytokens',
         version: 'v1alpha1',
       },
+      {
+        group: 'cloud.grafana.net.namespaced',
+        kind: 'OrgMember',
+        plural: 'orgmembers',
+        version: 'v1alpha1',
+      },
       {
         group: 'cloud.grafana.net.namespaced',
         kind: 'PluginInstallation',
@@ -143,8 +155,80 @@
       },
     ],
   },
+  cloudprovider: {
+    crd: [
+      {
+        group: 'cloudprovider.grafana.crossplane.io',
+        kind: 'AwsAccount',
+        plural: 'awsaccounts',
+        version: 'v1alpha1',
+      },
+      {
+        group: 'cloudprovider.grafana.crossplane.io',
+        kind: 'AwsCloudwatchScrapeJob',
+        plural: 'awscloudwatchscrapejobs',
+        version: 'v1alpha1',
+      },
+      {
+        group: 'cloudprovider.grafana.crossplane.io',
+        kind: 'AzureCredential',
+        plural: 'azurecredentials',
+        version: 'v1alpha1',
+      },
+    ],
+    xrd: [
+      {
+        group: 'cloudprovider.grafana.net.namespaced',
+        kind: 'AwsAccount',
+        plural: 'awsaccounts',
+        version: 'v1alpha1',
+      },
+      {
+        group: 'cloudprovider.grafana.net.namespaced',
+        kind: 'AwsCloudwatchScrapeJob',
+        plural: 'awscloudwatchscrapejobs',
+        version: 'v1alpha1',
+      },
+      {
+        group: 'cloudprovider.grafana.net.namespaced',
+        kind: 'AzureCredential',
+        plural: 'azurecredentials',
+        version: 'v1alpha1',
+      },
+    ],
+  },
+  connections: {
+    crd: [
+      {
+        group: 'connections.grafana.crossplane.io',
+        kind: 'MetricsEndpointScrapeJob',
+        plural: 'metricsendpointscrapejobs',
+        version: 'v1alpha1',
+      },
+    ],
+    xrd: [
+      {
+        group: 'connections.grafana.net.namespaced',
+        kind: 'MetricsEndpointScrapeJob',
+        plural: 'metricsendpointscrapejobs',
+        version: 'v1alpha1',
+      },
+    ],
+  },
   enterprise: {
     crd: [
+      {
+        group: 'enterprise.grafana.crossplane.io',
+        kind: 'DataSourceConfigLbacRules',
+        plural: 'datasourceconfiglbacrules',
+        version: 'v1alpha1',
+      },
+      {
+        group: 'enterprise.grafana.crossplane.io',
+        kind: 'DataSourcePermissionItem',
+        plural: 'datasourcepermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'enterprise.grafana.crossplane.io',
         kind: 'DataSourcePermission',
@@ -157,6 +241,12 @@
         plural: 'reports',
         version: 'v1alpha1',
       },
+      {
+        group: 'enterprise.grafana.crossplane.io',
+        kind: 'RoleAssignmentItem',
+        plural: 'roleassignmentitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'enterprise.grafana.crossplane.io',
         kind: 'RoleAssignment',
@@ -177,6 +267,18 @@
       },
     ],
     xrd: [
+      {
+        group: 'enterprise.grafana.net.namespaced',
+        kind: 'DataSourceConfigLbacRules',
+        plural: 'datasourceconfiglbacrules',
+        version: 'v1alpha1',
+      },
+      {
+        group: 'enterprise.grafana.net.namespaced',
+        kind: 'DataSourcePermissionItem',
+        plural: 'datasourcepermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'enterprise.grafana.net.namespaced',
         kind: 'DataSourcePermission',
@@ -189,6 +291,12 @@
         plural: 'reports',
         version: 'v1alpha1',
       },
+      {
+        group: 'enterprise.grafana.net.namespaced',
+        kind: 'RoleAssignmentItem',
+        plural: 'roleassignmentitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'enterprise.grafana.net.namespaced',
         kind: 'RoleAssignment',
@@ -211,6 +319,12 @@
   },
   ml: {
     crd: [
+      {
+        group: 'ml.grafana.crossplane.io',
+        kind: 'Alert',
+        plural: 'alerts',
+        version: 'v1alpha1',
+      },
       {
         group: 'ml.grafana.crossplane.io',
         kind: 'Holiday',
@@ -231,6 +345,12 @@
       },
     ],
     xrd: [
+      {
+        group: 'ml.grafana.net.namespaced',
+        kind: 'Alert',
+        plural: 'alerts',
+        version: 'v1alpha1',
+      },
       {
         group: 'ml.grafana.net.namespaced',
         kind: 'Holiday',
@@ -361,6 +481,12 @@
         plural: 'annotations',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.crossplane.io',
+        kind: 'DashboardPermissionItem',
+        plural: 'dashboardpermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.crossplane.io',
         kind: 'DashboardPermission',
@@ -379,12 +505,24 @@
         plural: 'dashboards',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.crossplane.io',
+        kind: 'DataSourceConfig',
+        plural: 'datasourceconfigs',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.crossplane.io',
         kind: 'DataSource',
         plural: 'datasources',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.crossplane.io',
+        kind: 'FolderPermissionItem',
+        plural: 'folderpermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.crossplane.io',
         kind: 'FolderPermission',
@@ -421,6 +559,12 @@
         plural: 'playlists',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.crossplane.io',
+        kind: 'ServiceAccountPermissionItem',
+        plural: 'serviceaccountpermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.crossplane.io',
         kind: 'ServiceAccountPermission',
@@ -465,6 +609,12 @@
         plural: 'annotations',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.net.namespaced',
+        kind: 'DashboardPermissionItem',
+        plural: 'dashboardpermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.net.namespaced',
         kind: 'DashboardPermission',
@@ -483,12 +633,24 @@
         plural: 'dashboards',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.net.namespaced',
+        kind: 'DataSourceConfig',
+        plural: 'datasourceconfigs',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.net.namespaced',
         kind: 'DataSource',
         plural: 'datasources',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.net.namespaced',
+        kind: 'FolderPermissionItem',
+        plural: 'folderpermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.net.namespaced',
         kind: 'FolderPermission',
@@ -525,6 +687,12 @@
         plural: 'playlists',
         version: 'v1alpha1',
       },
+      {
+        group: 'oss.grafana.net.namespaced',
+        kind: 'ServiceAccountPermissionItem',
+        plural: 'serviceaccountpermissionitems',
+        version: 'v1alpha1',
+      },
       {
         group: 'oss.grafana.net.namespaced',
         kind: 'ServiceAccountPermission',
diff --git a/grafanaplane/zz/main.libsonnet b/grafanaplane/zz/main.libsonnet
index ad45ccd..c52c110 100644
--- a/grafanaplane/zz/main.libsonnet
+++ b/grafanaplane/zz/main.libsonnet
@@ -1,6 +1,8 @@
 {
   alerting+: import './alerting/main.libsonnet',
   cloud+: import './cloud/main.libsonnet',
+  cloudprovider+: import './cloudprovider/main.libsonnet',
+  connections+: import './connections/main.libsonnet',
   enterprise+: import './enterprise/main.libsonnet',
   ml+: import './ml/main.libsonnet',
   oncall+: import './oncall/main.libsonnet',
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/main.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/main.libsonnet
new file mode 100644
index 0000000..728488f
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'alert' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'ml.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'Alert',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/metadata/main.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionRef.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionSelector.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/spec/main.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/spec/main.libsonnet
new file mode 100644
index 0000000..5735d70
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AlertSpec defines the desired state of Alert' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'AlertSpec defines the desired state of Alert' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/spec/parameters.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/spec/parameters.libsonnet
new file mode 100644
index 0000000..ca7cdf5
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/spec/parameters.libsonnet
@@ -0,0 +1,635 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations to add to the alert generated in Grafana.' } },
+      withAnnotations(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              annotations: value,
+            },
+          },
+        },
+      },
+      '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations to add to the alert generated in Grafana.' } },
+      withAnnotationsMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              annotations+: value,
+            },
+          },
+        },
+      },
+      '#withAnomalyCondition': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The condition for when to consider a point as anomalous.' } },
+      withAnomalyCondition(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              anomalyCondition: value,
+            },
+          },
+        },
+      },
+      '#withFor': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'How long values must be anomalous before firing an alert.' } },
+      withFor(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              'for': value,
+            },
+          },
+        },
+      },
+      '#withJobId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The forecast this alert belongs to.' } },
+      withJobId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              jobId: value,
+            },
+          },
+        },
+      },
+      '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels to add to the alert generated in Grafana.' } },
+      withLabels(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              labels: value,
+            },
+          },
+        },
+      },
+      '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels to add to the alert generated in Grafana.' } },
+      withLabelsMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              labels+: value,
+            },
+          },
+        },
+      },
+      '#withNoDataState': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'How the alert should be processed when no data is returned by the underlying series' } },
+      withNoDataState(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              noDataState: value,
+            },
+          },
+        },
+      },
+      '#withOutlierId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The forecast this alert belongs to.' } },
+      withOutlierId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              outlierId: value,
+            },
+          },
+        },
+      },
+      '#withThreshold': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The threshold of points over the window that need to be anomalous to alert.' } },
+      withThreshold(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              threshold: value,
+            },
+          },
+        },
+      },
+      '#withTitle': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The title of the alert.' } },
+      withTitle(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              title: value,
+            },
+          },
+        },
+      },
+      '#withWindow': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'How much time to average values over' } },
+      withWindow(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              window: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations to add to the alert generated in Grafana.' } },
+      withAnnotations(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              annotations: value,
+            },
+          },
+        },
+      },
+      '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations to add to the alert generated in Grafana.' } },
+      withAnnotationsMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              annotations+: value,
+            },
+          },
+        },
+      },
+      '#withAnomalyCondition': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The condition for when to consider a point as anomalous.' } },
+      withAnomalyCondition(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              anomalyCondition: value,
+            },
+          },
+        },
+      },
+      '#withFor': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'How long values must be anomalous before firing an alert.' } },
+      withFor(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              'for': value,
+            },
+          },
+        },
+      },
+      '#withJobId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The forecast this alert belongs to.' } },
+      withJobId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              jobId: value,
+            },
+          },
+        },
+      },
+      '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels to add to the alert generated in Grafana.' } },
+      withLabels(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              labels: value,
+            },
+          },
+        },
+      },
+      '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels to add to the alert generated in Grafana.' } },
+      withLabelsMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              labels+: value,
+            },
+          },
+        },
+      },
+      '#withNoDataState': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'How the alert should be processed when no data is returned by the underlying series' } },
+      withNoDataState(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              noDataState: value,
+            },
+          },
+        },
+      },
+      '#withOutlierId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The forecast this alert belongs to.' } },
+      withOutlierId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              outlierId: value,
+            },
+          },
+        },
+      },
+      '#withThreshold': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The threshold of points over the window that need to be anomalous to alert.' } },
+      withThreshold(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              threshold: value,
+            },
+          },
+        },
+      },
+      '#withTitle': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The title of the alert.' } },
+      withTitle(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              title: value,
+            },
+          },
+        },
+      },
+      '#withWindow': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'How much time to average values over' } },
+      withWindow(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              window: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/alert/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/ml/v1alpha1/alert/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/ml/v1alpha1/alert/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/ml/v1alpha1/main.libsonnet b/grafanaplane/zz/ml/v1alpha1/main.libsonnet
index 1807c07..839ecd2 100644
--- a/grafanaplane/zz/ml/v1alpha1/main.libsonnet
+++ b/grafanaplane/zz/ml/v1alpha1/main.libsonnet
@@ -1,4 +1,5 @@
 {
+  alert+: import './alert/main.libsonnet',
   holiday+: import './holiday/main.libsonnet',
   job+: import './job/main.libsonnet',
   outlierDetector+: import './outlierDetector/main.libsonnet',
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/main.libsonnet
new file mode 100644
index 0000000..36591ea
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'dashboardPermissionItem' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'oss.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'DashboardPermissionItem',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/metadata/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionSelector.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/main.libsonnet
new file mode 100644
index 0000000..21d81df
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DashboardPermissionItemSpec defines the desired state of DashboardPermissionItem' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DashboardPermissionItemSpec defines the desired state of DashboardPermissionItem' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/parameters.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/parameters.libsonnet
new file mode 100644
index 0000000..8973c07
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/parameters.libsonnet
@@ -0,0 +1,923 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withDashboardUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The UID of the dashboard.\nThe UID of the dashboard.' } },
+      withDashboardUid(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              dashboardUid: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role onto which the permission is to be assigned\nthe role onto which the permission is to be assigned' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withDashboardUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The UID of the dashboard.\nThe UID of the dashboard.' } },
+      withDashboardUid(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              dashboardUid: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role onto which the permission is to be assigned\nthe role onto which the permission is to be assigned' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dashboardPermissionItem/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/main.libsonnet
new file mode 100644
index 0000000..ed4667f
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'dataSourceConfig' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'oss.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'DataSourceConfig',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/metadata/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionSelector.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/main.libsonnet
new file mode 100644
index 0000000..a8f88ed
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DataSourceConfigSpec defines the desired state of DataSourceConfig' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'DataSourceConfigSpec defines the desired state of DataSourceConfig' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/parameters.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/parameters.libsonnet
new file mode 100644
index 0000000..a0e5334
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/parameters.libsonnet
@@ -0,0 +1,1048 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withHttpHeadersSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(Map of String, Sensitive) Custom HTTP headers\nCustom HTTP headers' } },
+      withHttpHeadersSecretRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              httpHeadersSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withHttpHeadersSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(Map of String, Sensitive) Custom HTTP headers\nCustom HTTP headers' } },
+      withHttpHeadersSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              httpHeadersSecretRef+: value,
+            },
+          },
+        },
+      },
+      httpHeadersSecretRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  httpHeadersSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  httpHeadersSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withJsonDataEncoded': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.\nSerialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.' } },
+      withJsonDataEncoded(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              jsonDataEncoded: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the Org ID defined in the provider block will be used.\nThe Organization ID. If not set, the Org ID defined in the provider block will be used.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withSecureJsonDataEncodedSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.\nSerialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.' } },
+      withSecureJsonDataEncodedSecretRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              secureJsonDataEncodedSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withSecureJsonDataEncodedSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.\nSerialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.' } },
+      withSecureJsonDataEncodedSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              secureJsonDataEncodedSecretRef+: value,
+            },
+          },
+        },
+      },
+      secureJsonDataEncodedSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  secureJsonDataEncodedSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  secureJsonDataEncodedSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  secureJsonDataEncodedSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Unique identifier. If unset, this will be automatically generated.\nUnique identifier. If unset, this will be automatically generated.' } },
+      withUid(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              uid: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withHttpHeadersSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+      withHttpHeadersSecretRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              httpHeadersSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withHttpHeadersSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+      withHttpHeadersSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              httpHeadersSecretRef+: value,
+            },
+          },
+        },
+      },
+      '#withJsonDataEncoded': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.\nSerialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.' } },
+      withJsonDataEncoded(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              jsonDataEncoded: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the Org ID defined in the provider block will be used.\nThe Organization ID. If not set, the Org ID defined in the provider block will be used.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withSecureJsonDataEncodedSecretRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.\nSerialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.' } },
+      withSecureJsonDataEncodedSecretRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              secureJsonDataEncodedSecretRef: value,
+            },
+          },
+        },
+      },
+      '#withSecureJsonDataEncodedSecretRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '(String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.\nSerialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.' } },
+      withSecureJsonDataEncodedSecretRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              secureJsonDataEncodedSecretRef+: value,
+            },
+          },
+        },
+      },
+      secureJsonDataEncodedSecretRef+:
+        {
+          '#withKey': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The key to select.' } },
+          withKey(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  secureJsonDataEncodedSecretRef+: {
+                    key: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  secureJsonDataEncodedSecretRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+          withNamespace(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  secureJsonDataEncodedSecretRef+: {
+                    namespace: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) Unique identifier. If unset, this will be automatically generated.\nUnique identifier. If unset, this will be automatically generated.' } },
+      withUid(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              uid: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/dataSourceConfig/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/main.libsonnet
new file mode 100644
index 0000000..55ba285
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'folderPermissionItem' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'oss.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'FolderPermissionItem',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/metadata/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionSelector.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/main.libsonnet
new file mode 100644
index 0000000..be159ea
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'FolderPermissionItemSpec defines the desired state of FolderPermissionItem' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'FolderPermissionItemSpec defines the desired state of FolderPermissionItem' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/parameters.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/parameters.libsonnet
new file mode 100644
index 0000000..d2c28ca
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/parameters.libsonnet
@@ -0,0 +1,923 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withFolderUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The UID of the folder.\nThe UID of the folder.' } },
+      withFolderUid(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              folderUid: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role onto which the permission is to be assigned\nthe role onto which the permission is to be assigned' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withFolderUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The UID of the folder.\nThe UID of the folder.' } },
+      withFolderUid(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              folderUid: value,
+            },
+          },
+        },
+      },
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withRole': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the role onto which the permission is to be assigned\nthe role onto which the permission is to be assigned' } },
+      withRole(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              role: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/folderPermissionItem/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/main.libsonnet
index 396f003..772eda6 100644
--- a/grafanaplane/zz/oss/v1alpha1/main.libsonnet
+++ b/grafanaplane/zz/oss/v1alpha1/main.libsonnet
@@ -1,15 +1,19 @@
 {
   annotation+: import './annotation/main.libsonnet',
+  dashboardPermissionItem+: import './dashboardPermissionItem/main.libsonnet',
   dashboardPermission+: import './dashboardPermission/main.libsonnet',
   dashboardPublic+: import './dashboardPublic/main.libsonnet',
   dashboard+: import './dashboard/main.libsonnet',
+  dataSourceConfig+: import './dataSourceConfig/main.libsonnet',
   dataSource+: import './dataSource/main.libsonnet',
+  folderPermissionItem+: import './folderPermissionItem/main.libsonnet',
   folderPermission+: import './folderPermission/main.libsonnet',
   folder+: import './folder/main.libsonnet',
   libraryPanel+: import './libraryPanel/main.libsonnet',
   organizationPreferences+: import './organizationPreferences/main.libsonnet',
   organization+: import './organization/main.libsonnet',
   playlist+: import './playlist/main.libsonnet',
+  serviceAccountPermissionItem+: import './serviceAccountPermissionItem/main.libsonnet',
   serviceAccountPermission+: import './serviceAccountPermission/main.libsonnet',
   serviceAccount+: import './serviceAccount/main.libsonnet',
   serviceAccountToken+: import './serviceAccountToken/main.libsonnet',
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/main.libsonnet
new file mode 100644
index 0000000..b9398c1
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/main.libsonnet
@@ -0,0 +1,34 @@
+{
+  '#': { help: '', name: 'serviceAccountPermissionItem' },
+  '#new': { 'function': { args: [{ default: null, enums: null, name: 'name', type: 'string' }], help: '`new` creates a new instance' } },
+  new(name):
+    self.withApiVersion()
+    + self.withKind()
+    + self.metadata.withName(name),
+  '#withApiVersion': { 'function': { args: [], help: '' } },
+  withApiVersion(): {
+    apiVersion: 'oss.grafana.net.namespaced/v1alpha1',
+  },
+  '#withKind': { 'function': { args: [], help: '' } },
+  withKind(): {
+    kind: 'ServiceAccountPermissionItem',
+  },
+  '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadata(value): {
+    metadata: value,
+  },
+  '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.' } },
+  withMetadataMixin(value): {
+    metadata+: value,
+  },
+  metadata+: import './metadata/main.libsonnet',
+  '#withSpec': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpec(value): {
+    spec: value,
+  },
+  '#withSpecMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withSpecMixin(value): {
+    spec+: value,
+  },
+  spec+: import './spec/main.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/metadata/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/metadata/main.libsonnet
new file mode 100644
index 0000000..ff4a2c4
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/metadata/main.libsonnet
@@ -0,0 +1,146 @@
+{
+  '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotations(value): {
+    metadata+: {
+      annotations: value,
+    },
+  },
+  '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' } },
+  withAnnotationsMixin(value): {
+    metadata+: {
+      annotations+: value,
+    },
+  },
+  '#withClusterName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' } },
+  withClusterName(value): {
+    metadata+: {
+      clusterName: value,
+    },
+  },
+  '#withCreationTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withCreationTimestamp(value): {
+    metadata+: {
+      creationTimestamp: value,
+    },
+  },
+  '#withDeletionGracePeriodSeconds': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' } },
+  withDeletionGracePeriodSeconds(value): {
+    metadata+: {
+      deletionGracePeriodSeconds: value,
+    },
+  },
+  '#withDeletionTimestamp': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' } },
+  withDeletionTimestamp(value): {
+    metadata+: {
+      deletionTimestamp: value,
+    },
+  },
+  '#withFinalizers': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizers(value): {
+    metadata+: {
+      finalizers:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withFinalizersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' } },
+  withFinalizersMixin(value): {
+    metadata+: {
+      finalizers+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withGenerateName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' } },
+  withGenerateName(value): {
+    metadata+: {
+      generateName: value,
+    },
+  },
+  '#withGeneration': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['integer'] }], help: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' } },
+  withGeneration(value): {
+    metadata+: {
+      generation: value,
+    },
+  },
+  '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabels(value): {
+    metadata+: {
+      labels: value,
+    },
+  },
+  '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' } },
+  withLabelsMixin(value): {
+    metadata+: {
+      labels+: value,
+    },
+  },
+  '#withManagedFields': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFields(value): {
+    metadata+: {
+      managedFields:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withManagedFieldsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object." } },
+  withManagedFieldsMixin(value): {
+    metadata+: {
+      managedFields+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' } },
+  withName(value): {
+    metadata+: {
+      name: value,
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' } },
+  withNamespace(value): {
+    metadata+: {
+      namespace: value,
+    },
+  },
+  '#withOwnerReferences': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferences(value): {
+    metadata+: {
+      ownerReferences:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withOwnerReferencesMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['array'] }], help: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' } },
+  withOwnerReferencesMixin(value): {
+    metadata+: {
+      ownerReferences+:
+        (if std.isArray(value)
+         then value
+         else [value]),
+    },
+  },
+  '#withResourceVersion': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' } },
+  withResourceVersion(value): {
+    metadata+: {
+      resourceVersion: value,
+    },
+  },
+  '#withSelfLink': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' } },
+  withSelfLink(value): {
+    metadata+: {
+      selfLink: value,
+    },
+  },
+  '#withUid': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' } },
+  withUid(value): {
+    metadata+: {
+      uid: value,
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionRef.libsonnet
new file mode 100644
index 0000000..5ae24ad
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionRevisionRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionRevisionRef.libsonnet
new file mode 100644
index 0000000..48b85b3
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionRevisionRef.libsonnet
@@ -0,0 +1,10 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      compositionRevisionRef+: {
+        name: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionSelector.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionSelector.libsonnet
new file mode 100644
index 0000000..df1fb03
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/compositionSelector.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabels(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels: value,
+      },
+    },
+  },
+  '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withMatchLabelsMixin(value): {
+    spec+: {
+      compositionSelector+: {
+        matchLabels+: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/main.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/main.libsonnet
new file mode 100644
index 0000000..43e8e89
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/main.libsonnet
@@ -0,0 +1,73 @@
+{
+  '#withCompositionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRef(value): {
+    spec+: {
+      compositionRef: value,
+    },
+  },
+  '#withCompositionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRefMixin(value): {
+    spec+: {
+      compositionRef+: value,
+    },
+  },
+  compositionRef+: import './compositionRef.libsonnet',
+  '#withCompositionRevisionRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRef(value): {
+    spec+: {
+      compositionRevisionRef: value,
+    },
+  },
+  '#withCompositionRevisionRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionRevisionRefMixin(value): {
+    spec+: {
+      compositionRevisionRef+: value,
+    },
+  },
+  compositionRevisionRef+: import './compositionRevisionRef.libsonnet',
+  '#withCompositionSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelector(value): {
+    spec+: {
+      compositionSelector: value,
+    },
+  },
+  '#withCompositionSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withCompositionSelectorMixin(value): {
+    spec+: {
+      compositionSelector+: value,
+    },
+  },
+  compositionSelector+: import './compositionSelector.libsonnet',
+  '#withCompositionUpdatePolicy': { 'function': { args: [{ default: null, enums: ['Automatic', 'Manual'], name: 'value', type: ['string'] }], help: '' } },
+  withCompositionUpdatePolicy(value): {
+    spec+: {
+      compositionUpdatePolicy: value,
+    },
+  },
+  '#withParameters': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ServiceAccountPermissionItemSpec defines the desired state of ServiceAccountPermissionItem' } },
+  withParameters(value): {
+    spec+: {
+      parameters: value,
+    },
+  },
+  '#withParametersMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'ServiceAccountPermissionItemSpec defines the desired state of ServiceAccountPermissionItem' } },
+  withParametersMixin(value): {
+    spec+: {
+      parameters+: value,
+    },
+  },
+  parameters+: import './parameters.libsonnet',
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      writeConnectionSecretToRef: value,
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      writeConnectionSecretToRef+: value,
+    },
+  },
+  writeConnectionSecretToRef+: import './writeConnectionSecretToRef.libsonnet',
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/parameters.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/parameters.libsonnet
new file mode 100644
index 0000000..bf4cef2
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/parameters.libsonnet
@@ -0,0 +1,903 @@
+{
+  '#withDeletionPolicy': { 'function': { args: [{ default: 'Delete', enums: ['Orphan', 'Delete'], name: 'value', type: ['string'] }], help: 'DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either "Delete" or "Orphan" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' } },
+  withDeletionPolicy(value='Delete'): {
+    spec+: {
+      parameters+: {
+        deletionPolicy: value,
+      },
+    },
+  },
+  '#withExternalName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'The name of the managed resource inside the Provider.\nBy default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.\n\nDocs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources\n' } },
+  withExternalName(value): {
+    spec+: {
+      parameters+: {
+        externalName: value,
+      },
+    },
+  },
+  '#withForProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProvider(value): {
+    spec+: {
+      parameters+: {
+        forProvider: value,
+      },
+    },
+  },
+  '#withForProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: '' } },
+  withForProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        forProvider+: value,
+      },
+    },
+  },
+  forProvider+:
+    {
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                forProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    forProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withServiceAccountId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The ID of the service account.\nThe ID of the service account.' } },
+      withServiceAccountId(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              serviceAccountId: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            forProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withInitProvider': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProvider(value): {
+    spec+: {
+      parameters+: {
+        initProvider: value,
+      },
+    },
+  },
+  '#withInitProviderMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.' } },
+  withInitProviderMixin(value): {
+    spec+: {
+      parameters+: {
+        initProvider+: value,
+      },
+    },
+  },
+  initProvider+:
+    {
+      '#withOrgId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.\nThe Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.' } },
+      withOrgId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              orgId: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRef(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Reference to a Organization in oss to populate orgId.' } },
+      withOrganizationRefMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationRef+: value,
+            },
+          },
+        },
+      },
+      organizationRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withOrganizationSelector': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelector(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector: value,
+            },
+          },
+        },
+      },
+      '#withOrganizationSelectorMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Selector for a Organization in oss to populate orgId.' } },
+      withOrganizationSelectorMixin(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              organizationSelector+: value,
+            },
+          },
+        },
+      },
+      organizationSelector+:
+        {
+          '#withMatchControllerRef': { 'function': { args: [{ default: true, enums: null, name: 'value', type: ['boolean'] }], help: 'MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.' } },
+          withMatchControllerRef(value=true): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchControllerRef: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabels(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withMatchLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'MatchLabels ensures an object with matching labels is selected.' } },
+          withMatchLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    matchLabels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for selection.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                initProvider+: {
+                  organizationSelector+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    initProvider+: {
+                      organizationSelector+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withPermission': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the permission to be assigned\nthe permission to be assigned' } },
+      withPermission(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              permission: value,
+            },
+          },
+        },
+      },
+      '#withServiceAccountId': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) The ID of the service account.\nThe ID of the service account.' } },
+      withServiceAccountId(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              serviceAccountId: value,
+            },
+          },
+        },
+      },
+      '#withTeam': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the team onto which the permission is to be assigned\nthe team onto which the permission is to be assigned' } },
+      withTeam(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              team: value,
+            },
+          },
+        },
+      },
+      '#withUser': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '(String) the user or service account onto which the permission is to be assigned\nthe user or service account onto which the permission is to be assigned' } },
+      withUser(value): {
+        spec+: {
+          parameters+: {
+            initProvider+: {
+              user: value,
+            },
+          },
+        },
+      },
+    },
+  '#withManagementPolicies': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPolicies(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withManagementPoliciesMixin': { 'function': { args: [{ default: ['*'], enums: null, name: 'value', type: ['array'] }], help: 'THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' } },
+  withManagementPoliciesMixin(value): {
+    spec+: {
+      parameters+: {
+        managementPolicies+:
+          (if std.isArray(value)
+           then value
+           else [value]),
+      },
+    },
+  },
+  '#withProviderConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRef(value={ name: 'default' }): {
+    spec+: {
+      parameters+: {
+        providerConfigRef: value,
+      },
+    },
+  },
+  '#withProviderConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.' } },
+  withProviderConfigRefMixin(value): {
+    spec+: {
+      parameters+: {
+        providerConfigRef+: value,
+      },
+    },
+  },
+  providerConfigRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicy(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy: value,
+            },
+          },
+        },
+      },
+      '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+      withPolicyMixin(value): {
+        spec+: {
+          parameters+: {
+            providerConfigRef+: {
+              policy+: value,
+            },
+          },
+        },
+      },
+      policy+:
+        {
+          '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+          withResolution(value='Required'): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolution: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+          withResolve(value): {
+            spec+: {
+              parameters+: {
+                providerConfigRef+: {
+                  policy+: {
+                    resolve: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+    },
+  '#withPublishConnectionDetailsTo': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsTo(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo: value,
+      },
+    },
+  },
+  '#withPublishConnectionDetailsToMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'PublishConnectionDetailsTo specifies the connection secret config which\ncontains a name, metadata and a reference to secret store config to\nwhich any connection details for this managed resource should be written.\nConnection details frequently include the endpoint, username,\nand password required to connect to the managed resource.' } },
+  withPublishConnectionDetailsToMixin(value): {
+    spec+: {
+      parameters+: {
+        publishConnectionDetailsTo+: value,
+      },
+    },
+  },
+  publishConnectionDetailsTo+:
+    {
+      '#withConfigRef': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRef(value={ name: 'default' }): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef: value,
+            },
+          },
+        },
+      },
+      '#withConfigRefMixin': { 'function': { args: [{ default: { name: 'default' }, enums: null, name: 'value', type: ['object'] }], help: 'SecretStoreConfigRef specifies which secret store config should be used\nfor this ConnectionSecret.' } },
+      withConfigRefMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              configRef+: value,
+            },
+          },
+        },
+      },
+      configRef+:
+        {
+          '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the referenced object.' } },
+          withName(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    name: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicy': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicy(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withPolicyMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Policies for referencing.' } },
+          withPolicyMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  configRef+: {
+                    policy+: value,
+                  },
+                },
+              },
+            },
+          },
+          policy+:
+            {
+              '#withResolution': { 'function': { args: [{ default: 'Required', enums: ['Required', 'Optional'], name: 'value', type: ['string'] }], help: "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved." } },
+              withResolution(value='Required'): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolution: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+              '#withResolve': { 'function': { args: [{ default: null, enums: ['Always', 'IfNotPresent'], name: 'value', type: ['string'] }], help: "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile." } },
+              withResolve(value): {
+                spec+: {
+                  parameters+: {
+                    publishConnectionDetailsTo+: {
+                      configRef+: {
+                        policy+: {
+                          resolve: value,
+                        },
+                      },
+                    },
+                  },
+                },
+              },
+            },
+        },
+      '#withMetadata': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadata(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata: value,
+            },
+          },
+        },
+      },
+      '#withMetadataMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Metadata is the metadata for connection secret.' } },
+      withMetadataMixin(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              metadata+: value,
+            },
+          },
+        },
+      },
+      metadata+:
+        {
+          '#withAnnotations': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotations(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withAnnotationsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Annotations are the annotations to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.annotations".\n- It is up to Secret Store implementation for others store types.' } },
+          withAnnotationsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    annotations+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabels': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabels(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withLabelsMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'Labels are the labels/tags to be added to connection secret.\n- For Kubernetes secrets, this will be used as "metadata.labels".\n- It is up to Secret Store implementation for others store types.' } },
+          withLabelsMixin(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    labels+: value,
+                  },
+                },
+              },
+            },
+          },
+          '#withType': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Type is the SecretType for the connection secret.\n- Only valid for Kubernetes Secret Stores.' } },
+          withType(value): {
+            spec+: {
+              parameters+: {
+                publishConnectionDetailsTo+: {
+                  metadata+: {
+                    type: value,
+                  },
+                },
+              },
+            },
+          },
+        },
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name is the name of the connection secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            publishConnectionDetailsTo+: {
+              name: value,
+            },
+          },
+        },
+      },
+    },
+  '#withWriteConnectionSecretToRef': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRef(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef: value,
+      },
+    },
+  },
+  '#withWriteConnectionSecretToRefMixin': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['object'] }], help: 'WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsTo. Currently, both could be set independently\nand connection details would be published to both without affecting\neach other.' } },
+  withWriteConnectionSecretToRefMixin(value): {
+    spec+: {
+      parameters+: {
+        writeConnectionSecretToRef+: value,
+      },
+    },
+  },
+  writeConnectionSecretToRef+:
+    {
+      '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Name of the secret.' } },
+      withName(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              name: value,
+            },
+          },
+        },
+      },
+      '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: 'Namespace of the secret.' } },
+      withNamespace(value): {
+        spec+: {
+          parameters+: {
+            writeConnectionSecretToRef+: {
+              namespace: value,
+            },
+          },
+        },
+      },
+    },
+}
diff --git a/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/writeConnectionSecretToRef.libsonnet b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/writeConnectionSecretToRef.libsonnet
new file mode 100644
index 0000000..7f92726
--- /dev/null
+++ b/grafanaplane/zz/oss/v1alpha1/serviceAccountPermissionItem/spec/writeConnectionSecretToRef.libsonnet
@@ -0,0 +1,18 @@
+{
+  '#withName': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withName(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        name: value,
+      },
+    },
+  },
+  '#withNamespace': { 'function': { args: [{ default: null, enums: null, name: 'value', type: ['string'] }], help: '' } },
+  withNamespace(value): {
+    spec+: {
+      writeConnectionSecretToRef+: {
+        namespace: value,
+      },
+    },
+  },
+}
diff --git a/grafanaplane/zz/version.libsonnet b/grafanaplane/zz/version.libsonnet
index 12b36b5..60e38b6 100644
--- a/grafanaplane/zz/version.libsonnet
+++ b/grafanaplane/zz/version.libsonnet
@@ -1 +1 @@
-'0.5.2-0.22.0'
+'0.5.2-0.24.0'
diff --git a/packages/grafana-namespaced-cloud/CompositeResourceDefinition-OrgMember.yaml b/packages/grafana-namespaced-cloud/CompositeResourceDefinition-OrgMember.yaml
new file mode 100644
index 0000000..8811004
--- /dev/null
+++ b/packages/grafana-namespaced-cloud/CompositeResourceDefinition-OrgMember.yaml
@@ -0,0 +1,272 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xorgmembers.cloud.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: OrgMember
+    plural: orgmembers
+  defaultCompositionRef:
+    name: orgmember-namespaced
+  group: cloud.grafana.net.namespaced
+  names:
+    kind: XOrgMember
+    plural: xorgmembers
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: OrgMemberSpec defines the desired state of OrgMember
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        org:
+                          description: The slug or ID of the organization.
+                          type: string
+                        receiveBillingEmails:
+                          description: Whether the user should receive billing emails.
+                          type: boolean
+                        role:
+                          description: The role to assign to the user in the organization.
+                          type: string
+                        user:
+                          description: "Username or ID of the user to add to the org's members."
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        org:
+                          description: The slug or ID of the organization.
+                          type: string
+                        receiveBillingEmails:
+                          description: Whether the user should receive billing emails.
+                          type: boolean
+                        role:
+                          description: The role to assign to the user in the organization.
+                          type: string
+                        user:
+                          description: "Username or ID of the user to add to the org's members."
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.org is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.org) || (has(self.initProvider) && has(self.initProvider.org))"
+                    - message: spec.forProvider.role is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.role) || (has(self.initProvider) && has(self.initProvider.role))"
+                    - message: spec.forProvider.user is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.user) || (has(self.initProvider) && has(self.initProvider.user))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloud/Composition-OrgMember.yaml b/packages/grafana-namespaced-cloud/Composition-OrgMember.yaml
new file mode 100644
index 0000000..73b9bd7
--- /dev/null
+++ b/packages/grafana-namespaced-cloud/Composition-OrgMember.yaml
@@ -0,0 +1,95 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xorgmembers.cloud.grafana.net.namespaced
+  name: orgmember-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: cloud.grafana.net.namespaced/v1alpha1
+    kind: XOrgMember
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: cloud.grafana.crossplane.io/v1alpha1
+              kind: OrgMember
+            name: orgmember
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.org
+                toFieldPath: spec.forProvider.org
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.receiveBillingEmails
+                toFieldPath: spec.forProvider.receiveBillingEmails
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.role
+                toFieldPath: spec.forProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.user
+                toFieldPath: spec.forProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.org
+                toFieldPath: spec.initProvider.org
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.receiveBillingEmails
+                toFieldPath: spec.initProvider.receiveBillingEmails
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.role
+                toFieldPath: spec.initProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.user
+                toFieldPath: spec.initProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AwsAccount.yaml b/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AwsAccount.yaml
new file mode 100644
index 0000000..ff23691
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AwsAccount.yaml
@@ -0,0 +1,284 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xawsaccounts.cloudprovider.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: AwsAccount
+    plural: awsaccounts
+  defaultCompositionRef:
+    name: awsaccount-namespaced
+  group: cloudprovider.grafana.net.namespaced
+  names:
+    kind: XAwsAccount
+    plural: xawsaccounts
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: AwsAccountSpec defines the desired state of AwsAccount
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        regions:
+                          description: |-
+                            (Set of String) A set of regions that this AWS Account resource applies to.
+                            A set of regions that this AWS Account resource applies to.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
+                        roleArn:
+                          description: |-
+                            (String) An IAM Role ARN string to represent with this AWS Account resource.
+                            An IAM Role ARN string to represent with this AWS Account resource.
+                          type: string
+                        stackId:
+                          description: |-
+                            (String) The StackID of the Grafana Cloud instance.
+                            The StackID of the Grafana Cloud instance.
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        regions:
+                          description: |-
+                            (Set of String) A set of regions that this AWS Account resource applies to.
+                            A set of regions that this AWS Account resource applies to.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
+                        roleArn:
+                          description: |-
+                            (String) An IAM Role ARN string to represent with this AWS Account resource.
+                            An IAM Role ARN string to represent with this AWS Account resource.
+                          type: string
+                        stackId:
+                          description: |-
+                            (String) The StackID of the Grafana Cloud instance.
+                            The StackID of the Grafana Cloud instance.
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.regions is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.regions) || (has(self.initProvider) && has(self.initProvider.regions))"
+                    - message: spec.forProvider.roleArn is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roleArn) || (has(self.initProvider) && has(self.initProvider.roleArn))"
+                    - message: spec.forProvider.stackId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.stackId) || (has(self.initProvider) && has(self.initProvider.stackId))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AwsCloudwatchScrapeJob.yaml b/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AwsCloudwatchScrapeJob.yaml
new file mode 100644
index 0000000..b1d36e9
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AwsCloudwatchScrapeJob.yaml
@@ -0,0 +1,522 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xawscloudwatchscrapejobs.cloudprovider.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: AwsCloudwatchScrapeJob
+    plural: awscloudwatchscrapejobs
+  defaultCompositionRef:
+    name: awscloudwatchscrapejob-namespaced
+  group: cloudprovider.grafana.net.namespaced
+  names:
+    kind: XAwsCloudwatchScrapeJob
+    plural: xawscloudwatchscrapejobs
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: AwsCloudwatchScrapeJobSpec defines the desired state of AwsCloudwatchScrapeJob
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        awsAccountResourceId:
+                          description: |-
+                            (String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+                            The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+                          type: string
+                        customNamespace:
+                          description: |-
+                            (Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              metric:
+                                description: |-
+                                  (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                                  One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                                items:
+                                  properties:
+                                    name:
+                                      description: |-
+                                        (String) The name of the CloudWatch Scrape Job.
+                                        The name of the metric to scrape.
+                                      type: string
+                                    statistics:
+                                      description: |-
+                                        (Set of String) A set of statistics to scrape.
+                                        A set of statistics to scrape.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: set
+                                  type: object
+                                type: array
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the custom namespace to scrape.
+                                type: string
+                              scrapeIntervalSeconds:
+                                description: |-
+                                  (Number) The interval in seconds to scrape the custom namespace.
+                                  The interval in seconds to scrape the custom namespace.
+                                type: number
+                            type: object
+                          type: array
+                        enabled:
+                          description: |-
+                            (Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+                            Whether the CloudWatch Scrape Job is enabled or not.
+                          type: boolean
+                        exportTags:
+                          description: |-
+                            (Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+                            When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
+                          type: boolean
+                        name:
+                          description: |-
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the CloudWatch Scrape Job.
+                          type: string
+                        regionsSubsetOverride:
+                          description: |-
+                            (Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                            A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
+                        service:
+                          description: |-
+                            (Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              metric:
+                                description: |-
+                                  (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                                  One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                                items:
+                                  properties:
+                                    name:
+                                      description: |-
+                                        (String) The name of the CloudWatch Scrape Job.
+                                        The name of the metric to scrape.
+                                      type: string
+                                    statistics:
+                                      description: |-
+                                        (Set of String) A set of statistics to scrape.
+                                        A set of statistics to scrape.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: set
+                                  type: object
+                                type: array
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
+                                type: string
+                              resourceDiscoveryTagFilter:
+                                description: |-
+                                  (Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                                  One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+                                items:
+                                  properties:
+                                    key:
+                                      description: |-
+                                        (String) The key of the tag filter.
+                                        The key of the tag filter.
+                                      type: string
+                                    value:
+                                      description: |-
+                                        (String) The value of the tag filter.
+                                        The value of the tag filter.
+                                      type: string
+                                  type: object
+                                type: array
+                              scrapeIntervalSeconds:
+                                description: |-
+                                  (Number) The interval in seconds to scrape the custom namespace.
+                                  The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+                                type: number
+                              tagsToAddToMetrics:
+                                description: |-
+                                  (Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                                  A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                            type: object
+                          type: array
+                        stackId:
+                          description: |-
+                            (String) The Stack ID of the Grafana Cloud instance.
+                            The Stack ID of the Grafana Cloud instance.
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        awsAccountResourceId:
+                          description: |-
+                            (String) The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the resource_id attribute of the grafana_cloud_provider_aws_account resource.
+                            The ID assigned by the Grafana Cloud Provider API to an AWS Account resource that should be associated with this CloudWatch Scrape Job. This can be provided by the `resource_id` attribute of the `grafana_cloud_provider_aws_account` resource.
+                          type: string
+                        customNamespace:
+                          description: |-
+                            (Block List) Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            Zero or more configuration blocks to configure custom namespaces for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              metric:
+                                description: |-
+                                  (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                                  One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                                items:
+                                  properties:
+                                    name:
+                                      description: |-
+                                        (String) The name of the CloudWatch Scrape Job.
+                                        The name of the metric to scrape.
+                                      type: string
+                                    statistics:
+                                      description: |-
+                                        (Set of String) A set of statistics to scrape.
+                                        A set of statistics to scrape.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: set
+                                  type: object
+                                type: array
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the custom namespace to scrape.
+                                type: string
+                              scrapeIntervalSeconds:
+                                description: |-
+                                  (Number) The interval in seconds to scrape the custom namespace.
+                                  The interval in seconds to scrape the custom namespace.
+                                type: number
+                            type: object
+                          type: array
+                        enabled:
+                          description: |-
+                            (Boolean) Whether the CloudWatch Scrape Job is enabled or not.
+                            Whether the CloudWatch Scrape Job is enabled or not.
+                          type: boolean
+                        exportTags:
+                          description: |-
+                            (Boolean) When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as aws_<service_name>_info.
+                            When enabled, AWS resource tags are exported as Prometheus labels to metrics formatted as `aws_<service_name>_info`.
+                          type: boolean
+                        name:
+                          description: |-
+                            (String) The name of the CloudWatch Scrape Job.
+                            The name of the CloudWatch Scrape Job.
+                          type: string
+                        regionsSubsetOverride:
+                          description: |-
+                            (Set of String) A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                            A subset of the regions that are configured in the associated AWS Account resource to apply to this scrape job. If not set or empty, all of the Account resource's regions are scraped.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: set
+                        service:
+                          description: |-
+                            (Block List) One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct name attribute. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                            One or more configuration blocks to configure AWS services for the CloudWatch Scrape Job to scrape. Each block must have a distinct `name` attribute. When accessing this as an attribute reference, it is a list of objects.
+                          items:
+                            properties:
+                              metric:
+                                description: |-
+                                  (Block List) One or more configuration blocks to configure metrics and their statistics to scrape. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                                  One or more configuration blocks to configure metrics and their statistics to scrape. Please note that AWS metric names must be supplied, and not their PromQL counterparts. Each block must represent a distinct metric name. When accessing this as an attribute reference, it is a list of objects.
+                                items:
+                                  properties:
+                                    name:
+                                      description: |-
+                                        (String) The name of the CloudWatch Scrape Job.
+                                        The name of the metric to scrape.
+                                      type: string
+                                    statistics:
+                                      description: |-
+                                        (Set of String) A set of statistics to scrape.
+                                        A set of statistics to scrape.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: set
+                                  type: object
+                                type: array
+                              name:
+                                description: |-
+                                  (String) The name of the CloudWatch Scrape Job.
+                                  The name of the service to scrape. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported services.
+                                type: string
+                              resourceDiscoveryTagFilter:
+                                description: |-
+                                  (Block List) One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects. (see below for nested schema)
+                                  One or more configuration blocks to configure tag filters applied to discovery of resource entities in the associated AWS account. When accessing this as an attribute reference, it is a list of objects.
+                                items:
+                                  properties:
+                                    key:
+                                      description: |-
+                                        (String) The key of the tag filter.
+                                        The key of the tag filter.
+                                      type: string
+                                    value:
+                                      description: |-
+                                        (String) The value of the tag filter.
+                                        The value of the tag filter.
+                                      type: string
+                                  type: object
+                                type: array
+                              scrapeIntervalSeconds:
+                                description: |-
+                                  (Number) The interval in seconds to scrape the custom namespace.
+                                  The interval in seconds to scrape the service. See https://grafana.com/docs/grafana-cloud/monitor-infrastructure/aws/cloudwatch-metrics/services/ for supported scrape intervals.
+                                type: number
+                              tagsToAddToMetrics:
+                                description: |-
+                                  (Set of String) A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                                  A set of tags to add to all metrics exported by this scrape job, for use in PromQL queries.
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                            type: object
+                          type: array
+                        stackId:
+                          description: |-
+                            (String) The Stack ID of the Grafana Cloud instance.
+                            The Stack ID of the Grafana Cloud instance.
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.awsAccountResourceId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.awsAccountResourceId) || (has(self.initProvider) && has(self.initProvider.awsAccountResourceId))"
+                    - message: spec.forProvider.name is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))"
+                    - message: spec.forProvider.stackId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.stackId) || (has(self.initProvider) && has(self.initProvider.stackId))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AzureCredential.yaml b/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AzureCredential.yaml
new file mode 100644
index 0000000..70e209d
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/CompositeResourceDefinition-AzureCredential.yaml
@@ -0,0 +1,368 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xazurecredentials.cloudprovider.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: AzureCredential
+    plural: azurecredentials
+  defaultCompositionRef:
+    name: azurecredential-namespaced
+  group: cloudprovider.grafana.net.namespaced
+  names:
+    kind: XAzureCredential
+    plural: xazurecredentials
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: AzureCredentialSpec defines the desired state of AzureCredential
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        clientId:
+                          description: |-
+                            (String) The client ID of the Azure Credential.
+                            The client ID of the Azure Credential.
+                          type: string
+                        clientSecretSecretRef:
+                          description: |-
+                            (String, Sensitive) The client secret of the Azure Credential.
+                            The client secret of the Azure Credential.
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        name:
+                          description: |-
+                            (String) The name of the Azure Credential.
+                            The name of the Azure Credential.
+                          type: string
+                        resourceDiscoveryTagFilter:
+                          description: |-
+                            (Block List) The list of tag filters to apply to resources. (see below for nested schema)
+                            The list of tag filters to apply to resources.
+                          items:
+                            properties:
+                              key:
+                                description: |-
+                                  (String) The key of the tag filter.
+                                  The key of the tag filter.
+                                type: string
+                              value:
+                                description: |-
+                                  (String) The value of the tag filter.
+                                  The value of the tag filter.
+                                type: string
+                            type: object
+                          type: array
+                        stackId:
+                          description: |-
+                            (String) The StackID of the Grafana Cloud instance.
+                            The StackID of the Grafana Cloud instance.
+                          type: string
+                        tenantId:
+                          description: |-
+                            (String) The tenant ID of the Azure Credential.
+                            The tenant ID of the Azure Credential.
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        clientId:
+                          description: |-
+                            (String) The client ID of the Azure Credential.
+                            The client ID of the Azure Credential.
+                          type: string
+                        clientSecretSecretRef:
+                          description: |-
+                            (String, Sensitive) The client secret of the Azure Credential.
+                            The client secret of the Azure Credential.
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        name:
+                          description: |-
+                            (String) The name of the Azure Credential.
+                            The name of the Azure Credential.
+                          type: string
+                        resourceDiscoveryTagFilter:
+                          description: |-
+                            (Block List) The list of tag filters to apply to resources. (see below for nested schema)
+                            The list of tag filters to apply to resources.
+                          items:
+                            properties:
+                              key:
+                                description: |-
+                                  (String) The key of the tag filter.
+                                  The key of the tag filter.
+                                type: string
+                              value:
+                                description: |-
+                                  (String) The value of the tag filter.
+                                  The value of the tag filter.
+                                type: string
+                            type: object
+                          type: array
+                        stackId:
+                          description: |-
+                            (String) The StackID of the Grafana Cloud instance.
+                            The StackID of the Grafana Cloud instance.
+                          type: string
+                        tenantId:
+                          description: |-
+                            (String) The tenant ID of the Azure Credential.
+                            The tenant ID of the Azure Credential.
+                          type: string
+                      required:
+                        - clientSecretSecretRef
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.clientId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.clientId) || (has(self.initProvider) && has(self.initProvider.clientId))"
+                    - message: spec.forProvider.clientSecretSecretRef is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.clientSecretSecretRef)"
+                    - message: spec.forProvider.name is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))"
+                    - message: spec.forProvider.stackId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.stackId) || (has(self.initProvider) && has(self.initProvider.stackId))"
+                    - message: spec.forProvider.tenantId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.tenantId) || (has(self.initProvider) && has(self.initProvider.tenantId))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/Composition-AwsAccount.yaml b/packages/grafana-namespaced-cloudprovider/Composition-AwsAccount.yaml
new file mode 100644
index 0000000..8c9e32b
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/Composition-AwsAccount.yaml
@@ -0,0 +1,89 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xawsaccounts.cloudprovider.grafana.net.namespaced
+  name: awsaccount-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: cloudprovider.grafana.net.namespaced/v1alpha1
+    kind: XAwsAccount
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: cloudprovider.grafana.crossplane.io/v1alpha1
+              kind: AwsAccount
+            name: awsaccount
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.regions
+                toFieldPath: spec.forProvider.regions
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.roleArn
+                toFieldPath: spec.forProvider.roleArn
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.stackId
+                toFieldPath: spec.forProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.regions
+                toFieldPath: spec.initProvider.regions
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.roleArn
+                toFieldPath: spec.initProvider.roleArn
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.stackId
+                toFieldPath: spec.initProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/Composition-AwsCloudwatchScrapeJob.yaml b/packages/grafana-namespaced-cloudprovider/Composition-AwsCloudwatchScrapeJob.yaml
new file mode 100644
index 0000000..d9cc805
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/Composition-AwsCloudwatchScrapeJob.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xawscloudwatchscrapejobs.cloudprovider.grafana.net.namespaced
+  name: awscloudwatchscrapejob-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: cloudprovider.grafana.net.namespaced/v1alpha1
+    kind: XAwsCloudwatchScrapeJob
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: cloudprovider.grafana.crossplane.io/v1alpha1
+              kind: AwsCloudwatchScrapeJob
+            name: awscloudwatchscrapejob
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.awsAccountResourceId
+                toFieldPath: spec.forProvider.awsAccountResourceId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.customNamespace
+                toFieldPath: spec.forProvider.customNamespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.enabled
+                toFieldPath: spec.forProvider.enabled
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.exportTags
+                toFieldPath: spec.forProvider.exportTags
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.name
+                toFieldPath: spec.forProvider.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.regionsSubsetOverride
+                toFieldPath: spec.forProvider.regionsSubsetOverride
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.service
+                toFieldPath: spec.forProvider.service
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.stackId
+                toFieldPath: spec.forProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.awsAccountResourceId
+                toFieldPath: spec.initProvider.awsAccountResourceId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.customNamespace
+                toFieldPath: spec.initProvider.customNamespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.enabled
+                toFieldPath: spec.initProvider.enabled
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.exportTags
+                toFieldPath: spec.initProvider.exportTags
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.name
+                toFieldPath: spec.initProvider.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.regionsSubsetOverride
+                toFieldPath: spec.initProvider.regionsSubsetOverride
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.service
+                toFieldPath: spec.initProvider.service
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.stackId
+                toFieldPath: spec.initProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/Composition-AzureCredential.yaml b/packages/grafana-namespaced-cloudprovider/Composition-AzureCredential.yaml
new file mode 100644
index 0000000..f65aca2
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/Composition-AzureCredential.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xazurecredentials.cloudprovider.grafana.net.namespaced
+  name: azurecredential-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: cloudprovider.grafana.net.namespaced/v1alpha1
+    kind: XAzureCredential
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: cloudprovider.grafana.crossplane.io/v1alpha1
+              kind: AzureCredential
+            name: azurecredential
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.clientId
+                toFieldPath: spec.forProvider.clientId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.clientSecretSecretRef.key
+                toFieldPath: spec.forProvider.clientSecretSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.clientSecretSecretRef.name
+                toFieldPath: spec.forProvider.clientSecretSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.clientSecretSecretRef.namespace
+                toFieldPath: spec.forProvider.clientSecretSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.name
+                toFieldPath: spec.forProvider.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.resourceDiscoveryTagFilter
+                toFieldPath: spec.forProvider.resourceDiscoveryTagFilter
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.stackId
+                toFieldPath: spec.forProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.tenantId
+                toFieldPath: spec.forProvider.tenantId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.clientId
+                toFieldPath: spec.initProvider.clientId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.clientSecretSecretRef.key
+                toFieldPath: spec.initProvider.clientSecretSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.clientSecretSecretRef.name
+                toFieldPath: spec.initProvider.clientSecretSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.clientSecretSecretRef.namespace
+                toFieldPath: spec.initProvider.clientSecretSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.name
+                toFieldPath: spec.initProvider.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.resourceDiscoveryTagFilter
+                toFieldPath: spec.initProvider.resourceDiscoveryTagFilter
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.stackId
+                toFieldPath: spec.initProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.tenantId
+                toFieldPath: spec.initProvider.tenantId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-cloudprovider/package.yaml b/packages/grafana-namespaced-cloudprovider/package.yaml
new file mode 100644
index 0000000..f382a25
--- /dev/null
+++ b/packages/grafana-namespaced-cloudprovider/package.yaml
@@ -0,0 +1,15 @@
+apiVersion: meta.pkg.crossplane.io/v1
+kind: Configuration
+metadata:
+  annotations:
+    meta.crossplane.io/description: "This configuration provides Compositions that map 1:1 to the managed resources with the only goal is to provide a namespaced resource of the same managed resource."
+    meta.crossplane.io/license: Apache-2.0
+    meta.crossplane.io/maintainer: Grafana
+    meta.crossplane.io/source: github.com/grafana/grafana-crossplane-libsonnet
+  name: grafana-namespaced-cloudprovider
+spec:
+  crossplane:
+    version: ">=v1.17"
+  dependsOn:
+    - provider: xpkg.upbound.io/grafana/provider-grafana
+      version: ">=v0.21.0"
\ No newline at end of file
diff --git a/packages/grafana-namespaced-connections/CompositeResourceDefinition-MetricsEndpointScrapeJob.yaml b/packages/grafana-namespaced-connections/CompositeResourceDefinition-MetricsEndpointScrapeJob.yaml
new file mode 100644
index 0000000..3430d88
--- /dev/null
+++ b/packages/grafana-namespaced-connections/CompositeResourceDefinition-MetricsEndpointScrapeJob.yaml
@@ -0,0 +1,396 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xmetricsendpointscrapejobs.connections.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: MetricsEndpointScrapeJob
+    plural: metricsendpointscrapejobs
+  defaultCompositionRef:
+    name: metricsendpointscrapejob-namespaced
+  group: connections.grafana.net.namespaced
+  names:
+    kind: XMetricsEndpointScrapeJob
+    plural: xmetricsendpointscrapejobs
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: MetricsEndpointScrapeJobSpec defines the desired state of MetricsEndpointScrapeJob
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        authenticationBasicPasswordSecretRef:
+                          description: |-
+                            (String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+                            Password for basic authentication, use if scrape job is using basic authentication method
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        authenticationBasicUsername:
+                          description: |-
+                            (String) Username for basic authentication, use if scrape job is using basic authentication method
+                            Username for basic authentication, use if scrape job is using basic authentication method
+                          type: string
+                        authenticationBearerTokenSecretRef:
+                          description: |-
+                            (String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+                            Bearer token used for authentication, use if scrape job is using bearer authentication method
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        authenticationMethod:
+                          description: |-
+                            (String) Method to pass authentication credentials: basic or bearer.
+                            Method to pass authentication credentials: basic or bearer.
+                          type: string
+                        enabled:
+                          description: |-
+                            (Boolean) Whether the metrics endpoint scrape job is enabled or not.
+                            Whether the metrics endpoint scrape job is enabled or not.
+                          type: boolean
+                        name:
+                          description: |-
+                            (String) The name of the metrics endpoint scrape job.
+                            The name of the metrics endpoint scrape job.
+                          type: string
+                        scrapeIntervalSeconds:
+                          description: |-
+                            (Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                            Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                          type: number
+                        stackId:
+                          description: |-
+                            (String) The Stack ID of the Grafana Cloud instance.
+                            The Stack ID of the Grafana Cloud instance.
+                          type: string
+                        url:
+                          description: |-
+                            (String) The url to scrape metrics from; a valid HTTPs URL is required.
+                            The url to scrape metrics from; a valid HTTPs URL is required.
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        authenticationBasicPasswordSecretRef:
+                          description: |-
+                            (String, Sensitive) Password for basic authentication, use if scrape job is using basic authentication method
+                            Password for basic authentication, use if scrape job is using basic authentication method
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        authenticationBasicUsername:
+                          description: |-
+                            (String) Username for basic authentication, use if scrape job is using basic authentication method
+                            Username for basic authentication, use if scrape job is using basic authentication method
+                          type: string
+                        authenticationBearerTokenSecretRef:
+                          description: |-
+                            (String, Sensitive) Bearer token used for authentication, use if scrape job is using bearer authentication method
+                            Bearer token used for authentication, use if scrape job is using bearer authentication method
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        authenticationMethod:
+                          description: |-
+                            (String) Method to pass authentication credentials: basic or bearer.
+                            Method to pass authentication credentials: basic or bearer.
+                          type: string
+                        enabled:
+                          description: |-
+                            (Boolean) Whether the metrics endpoint scrape job is enabled or not.
+                            Whether the metrics endpoint scrape job is enabled or not.
+                          type: boolean
+                        name:
+                          description: |-
+                            (String) The name of the metrics endpoint scrape job.
+                            The name of the metrics endpoint scrape job.
+                          type: string
+                        scrapeIntervalSeconds:
+                          description: |-
+                            (Number) Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                            Frequency for scraping the metrics endpoint: 30, 60, or 120 seconds.
+                          type: number
+                        stackId:
+                          description: |-
+                            (String) The Stack ID of the Grafana Cloud instance.
+                            The Stack ID of the Grafana Cloud instance.
+                          type: string
+                        url:
+                          description: |-
+                            (String) The url to scrape metrics from; a valid HTTPs URL is required.
+                            The url to scrape metrics from; a valid HTTPs URL is required.
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.authenticationMethod is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.authenticationMethod) || (has(self.initProvider) && has(self.initProvider.authenticationMethod))"
+                    - message: spec.forProvider.name is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))"
+                    - message: spec.forProvider.stackId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.stackId) || (has(self.initProvider) && has(self.initProvider.stackId))"
+                    - message: spec.forProvider.url is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.url) || (has(self.initProvider) && has(self.initProvider.url))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-connections/Composition-MetricsEndpointScrapeJob.yaml b/packages/grafana-namespaced-connections/Composition-MetricsEndpointScrapeJob.yaml
new file mode 100644
index 0000000..c50b029
--- /dev/null
+++ b/packages/grafana-namespaced-connections/Composition-MetricsEndpointScrapeJob.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xmetricsendpointscrapejobs.connections.grafana.net.namespaced
+  name: metricsendpointscrapejob-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: connections.grafana.net.namespaced/v1alpha1
+    kind: XMetricsEndpointScrapeJob
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: connections.grafana.crossplane.io/v1alpha1
+              kind: MetricsEndpointScrapeJob
+            name: metricsendpointscrapejob
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBasicPasswordSecretRef.key
+                toFieldPath: spec.forProvider.authenticationBasicPasswordSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBasicPasswordSecretRef.name
+                toFieldPath: spec.forProvider.authenticationBasicPasswordSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBasicPasswordSecretRef.namespace
+                toFieldPath: spec.forProvider.authenticationBasicPasswordSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBasicUsername
+                toFieldPath: spec.forProvider.authenticationBasicUsername
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBearerTokenSecretRef.key
+                toFieldPath: spec.forProvider.authenticationBearerTokenSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBearerTokenSecretRef.name
+                toFieldPath: spec.forProvider.authenticationBearerTokenSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationBearerTokenSecretRef.namespace
+                toFieldPath: spec.forProvider.authenticationBearerTokenSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.authenticationMethod
+                toFieldPath: spec.forProvider.authenticationMethod
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.enabled
+                toFieldPath: spec.forProvider.enabled
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.name
+                toFieldPath: spec.forProvider.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.scrapeIntervalSeconds
+                toFieldPath: spec.forProvider.scrapeIntervalSeconds
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.stackId
+                toFieldPath: spec.forProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.url
+                toFieldPath: spec.forProvider.url
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBasicPasswordSecretRef.key
+                toFieldPath: spec.initProvider.authenticationBasicPasswordSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBasicPasswordSecretRef.name
+                toFieldPath: spec.initProvider.authenticationBasicPasswordSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBasicPasswordSecretRef.namespace
+                toFieldPath: spec.initProvider.authenticationBasicPasswordSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBasicUsername
+                toFieldPath: spec.initProvider.authenticationBasicUsername
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBearerTokenSecretRef.key
+                toFieldPath: spec.initProvider.authenticationBearerTokenSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBearerTokenSecretRef.name
+                toFieldPath: spec.initProvider.authenticationBearerTokenSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationBearerTokenSecretRef.namespace
+                toFieldPath: spec.initProvider.authenticationBearerTokenSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.authenticationMethod
+                toFieldPath: spec.initProvider.authenticationMethod
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.enabled
+                toFieldPath: spec.initProvider.enabled
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.name
+                toFieldPath: spec.initProvider.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.scrapeIntervalSeconds
+                toFieldPath: spec.initProvider.scrapeIntervalSeconds
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.stackId
+                toFieldPath: spec.initProvider.stackId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.url
+                toFieldPath: spec.initProvider.url
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-connections/package.yaml b/packages/grafana-namespaced-connections/package.yaml
new file mode 100644
index 0000000..3778188
--- /dev/null
+++ b/packages/grafana-namespaced-connections/package.yaml
@@ -0,0 +1,15 @@
+apiVersion: meta.pkg.crossplane.io/v1
+kind: Configuration
+metadata:
+  annotations:
+    meta.crossplane.io/description: "This configuration provides Compositions that map 1:1 to the managed resources with the only goal is to provide a namespaced resource of the same managed resource."
+    meta.crossplane.io/license: Apache-2.0
+    meta.crossplane.io/maintainer: Grafana
+    meta.crossplane.io/source: github.com/grafana/grafana-crossplane-libsonnet
+  name: grafana-namespaced-connections
+spec:
+  crossplane:
+    version: ">=v1.17"
+  dependsOn:
+    - provider: xpkg.upbound.io/grafana/provider-grafana
+      version: ">=v0.21.0"
\ No newline at end of file
diff --git a/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-DataSourceConfigLbacRules.yaml b/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-DataSourceConfigLbacRules.yaml
new file mode 100644
index 0000000..41c07a7
--- /dev/null
+++ b/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-DataSourceConfigLbacRules.yaml
@@ -0,0 +1,258 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xdatasourceconfiglbacrules.enterprise.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: DataSourceConfigLbacRules
+    plural: datasourceconfiglbacrules
+  defaultCompositionRef:
+    name: datasourceconfiglbacrules-namespaced
+  group: enterprise.grafana.net.namespaced
+  names:
+    kind: XDataSourceConfigLbacRules
+    plural: xdatasourceconfiglbacrules
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: DataSourceConfigLbacRulesSpec defines the desired state of DataSourceConfigLbacRules
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        datasourceUid:
+                          description: The UID of the datasource.
+                          type: string
+                        rules:
+                          description: JSON-encoded LBAC rules for the data source. Map of team UIDs to lists of rule strings.
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        datasourceUid:
+                          description: The UID of the datasource.
+                          type: string
+                        rules:
+                          description: JSON-encoded LBAC rules for the data source. Map of team UIDs to lists of rule strings.
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.datasourceUid is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.datasourceUid) || (has(self.initProvider) && has(self.initProvider.datasourceUid))"
+                    - message: spec.forProvider.rules is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.rules) || (has(self.initProvider) && has(self.initProvider.rules))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-DataSourcePermissionItem.yaml b/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-DataSourcePermissionItem.yaml
new file mode 100644
index 0000000..81a0c1a
--- /dev/null
+++ b/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-DataSourcePermissionItem.yaml
@@ -0,0 +1,452 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xdatasourcepermissionitems.enterprise.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: DataSourcePermissionItem
+    plural: datasourcepermissionitems
+  defaultCompositionRef:
+    name: datasourcepermissionitem-namespaced
+  group: enterprise.grafana.net.namespaced
+  names:
+    kind: XDataSourcePermissionItem
+    plural: xdatasourcepermissionitems
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: DataSourcePermissionItemSpec defines the desired state of DataSourcePermissionItem
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        datasourceUid:
+                          description: |-
+                            (String) The UID of the datasource.
+                            The UID of the datasource.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        role:
+                          description: |-
+                            (String) the role onto which the permission is to be assigned
+                            the role onto which the permission is to be assigned
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        datasourceUid:
+                          description: |-
+                            (String) The UID of the datasource.
+                            The UID of the datasource.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        role:
+                          description: |-
+                            (String) the role onto which the permission is to be assigned
+                            the role onto which the permission is to be assigned
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.datasourceUid is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.datasourceUid) || (has(self.initProvider) && has(self.initProvider.datasourceUid))"
+                    - message: spec.forProvider.permission is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permission) || (has(self.initProvider) && has(self.initProvider.permission))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-RoleAssignmentItem.yaml b/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-RoleAssignmentItem.yaml
new file mode 100644
index 0000000..4dc03b7
--- /dev/null
+++ b/packages/grafana-namespaced-enterprise/CompositeResourceDefinition-RoleAssignmentItem.yaml
@@ -0,0 +1,440 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xroleassignmentitems.enterprise.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: RoleAssignmentItem
+    plural: roleassignmentitems
+  defaultCompositionRef:
+    name: roleassignmentitem-namespaced
+  group: enterprise.grafana.net.namespaced
+  names:
+    kind: XRoleAssignmentItem
+    plural: xroleassignmentitems
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: RoleAssignmentItemSpec defines the desired state of RoleAssignmentItem
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        roleUid:
+                          description: |-
+                            (String) the role UID onto which to assign an actor
+                            the role UID onto which to assign an actor
+                          type: string
+                        serviceAccountId:
+                          description: |-
+                            (String) the service account onto which the role is to be assigned
+                            the service account onto which the role is to be assigned
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) the team onto which the role is to be assigned
+                            the team onto which the role is to be assigned
+                          type: string
+                        userId:
+                          description: |-
+                            (String) the user onto which the role is to be assigned
+                            the user onto which the role is to be assigned
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        roleUid:
+                          description: |-
+                            (String) the role UID onto which to assign an actor
+                            the role UID onto which to assign an actor
+                          type: string
+                        serviceAccountId:
+                          description: |-
+                            (String) the service account onto which the role is to be assigned
+                            the service account onto which the role is to be assigned
+                          type: string
+                        teamId:
+                          description: |-
+                            (String) the team onto which the role is to be assigned
+                            the team onto which the role is to be assigned
+                          type: string
+                        userId:
+                          description: |-
+                            (String) the user onto which the role is to be assigned
+                            the user onto which the role is to be assigned
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.roleUid is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roleUid) || (has(self.initProvider) && has(self.initProvider.roleUid))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-enterprise/Composition-DataSourceConfigLbacRules.yaml b/packages/grafana-namespaced-enterprise/Composition-DataSourceConfigLbacRules.yaml
new file mode 100644
index 0000000..cb18081
--- /dev/null
+++ b/packages/grafana-namespaced-enterprise/Composition-DataSourceConfigLbacRules.yaml
@@ -0,0 +1,83 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xdatasourceconfiglbacrules.enterprise.grafana.net.namespaced
+  name: datasourceconfiglbacrules-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: enterprise.grafana.net.namespaced/v1alpha1
+    kind: XDataSourceConfigLbacRules
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: enterprise.grafana.crossplane.io/v1alpha1
+              kind: DataSourceConfigLbacRules
+            name: datasourceconfiglbacrules
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.datasourceUid
+                toFieldPath: spec.forProvider.datasourceUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.rules
+                toFieldPath: spec.forProvider.rules
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.datasourceUid
+                toFieldPath: spec.initProvider.datasourceUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.rules
+                toFieldPath: spec.initProvider.rules
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-enterprise/Composition-DataSourcePermissionItem.yaml b/packages/grafana-namespaced-enterprise/Composition-DataSourcePermissionItem.yaml
new file mode 100644
index 0000000..2d8511c
--- /dev/null
+++ b/packages/grafana-namespaced-enterprise/Composition-DataSourcePermissionItem.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xdatasourcepermissionitems.enterprise.grafana.net.namespaced
+  name: datasourcepermissionitem-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: enterprise.grafana.net.namespaced/v1alpha1
+    kind: XDataSourcePermissionItem
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: enterprise.grafana.crossplane.io/v1alpha1
+              kind: DataSourcePermissionItem
+            name: datasourcepermissionitem
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.datasourceUid
+                toFieldPath: spec.forProvider.datasourceUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.orgId
+                toFieldPath: spec.forProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.name
+                toFieldPath: spec.forProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolution
+                toFieldPath: spec.forProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolve
+                toFieldPath: spec.forProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.forProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchLabels
+                toFieldPath: spec.forProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.permission
+                toFieldPath: spec.forProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.role
+                toFieldPath: spec.forProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.team
+                toFieldPath: spec.forProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.user
+                toFieldPath: spec.forProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.datasourceUid
+                toFieldPath: spec.initProvider.datasourceUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.orgId
+                toFieldPath: spec.initProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.name
+                toFieldPath: spec.initProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolution
+                toFieldPath: spec.initProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolve
+                toFieldPath: spec.initProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.initProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchLabels
+                toFieldPath: spec.initProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.permission
+                toFieldPath: spec.initProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.role
+                toFieldPath: spec.initProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.team
+                toFieldPath: spec.initProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.user
+                toFieldPath: spec.initProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-enterprise/Composition-RoleAssignmentItem.yaml b/packages/grafana-namespaced-enterprise/Composition-RoleAssignmentItem.yaml
new file mode 100644
index 0000000..76f04d6
--- /dev/null
+++ b/packages/grafana-namespaced-enterprise/Composition-RoleAssignmentItem.yaml
@@ -0,0 +1,143 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xroleassignmentitems.enterprise.grafana.net.namespaced
+  name: roleassignmentitem-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: enterprise.grafana.net.namespaced/v1alpha1
+    kind: XRoleAssignmentItem
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: enterprise.grafana.crossplane.io/v1alpha1
+              kind: RoleAssignmentItem
+            name: roleassignmentitem
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.orgId
+                toFieldPath: spec.forProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.name
+                toFieldPath: spec.forProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolution
+                toFieldPath: spec.forProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolve
+                toFieldPath: spec.forProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.forProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchLabels
+                toFieldPath: spec.forProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.roleUid
+                toFieldPath: spec.forProvider.roleUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.serviceAccountId
+                toFieldPath: spec.forProvider.serviceAccountId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.teamId
+                toFieldPath: spec.forProvider.teamId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.userId
+                toFieldPath: spec.forProvider.userId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.orgId
+                toFieldPath: spec.initProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.name
+                toFieldPath: spec.initProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolution
+                toFieldPath: spec.initProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolve
+                toFieldPath: spec.initProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.initProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchLabels
+                toFieldPath: spec.initProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.roleUid
+                toFieldPath: spec.initProvider.roleUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.serviceAccountId
+                toFieldPath: spec.initProvider.serviceAccountId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.teamId
+                toFieldPath: spec.initProvider.teamId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.userId
+                toFieldPath: spec.initProvider.userId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-ml/CompositeResourceDefinition-Alert.yaml b/packages/grafana-namespaced-ml/CompositeResourceDefinition-Alert.yaml
new file mode 100644
index 0000000..9b45c3c
--- /dev/null
+++ b/packages/grafana-namespaced-ml/CompositeResourceDefinition-Alert.yaml
@@ -0,0 +1,316 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xalerts.ml.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: Alert
+    plural: alerts
+  defaultCompositionRef:
+    name: alert-namespaced
+  group: ml.grafana.net.namespaced
+  names:
+    kind: XAlert
+    plural: xalerts
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: AlertSpec defines the desired state of Alert
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: Annotations to add to the alert generated in Grafana.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        anomalyCondition:
+                          description: The condition for when to consider a point as anomalous.
+                          type: string
+                        for:
+                          description: How long values must be anomalous before firing an alert.
+                          type: string
+                        jobId:
+                          description: The forecast this alert belongs to.
+                          type: string
+                        labels:
+                          additionalProperties:
+                            type: string
+                          description: Labels to add to the alert generated in Grafana.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        noDataState:
+                          description: How the alert should be processed when no data is returned by the underlying series
+                          type: string
+                        outlierId:
+                          description: The forecast this alert belongs to.
+                          type: string
+                        threshold:
+                          description: The threshold of points over the window that need to be anomalous to alert.
+                          type: string
+                        title:
+                          description: The title of the alert.
+                          type: string
+                        window:
+                          description: How much time to average values over
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          description: Annotations to add to the alert generated in Grafana.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        anomalyCondition:
+                          description: The condition for when to consider a point as anomalous.
+                          type: string
+                        for:
+                          description: How long values must be anomalous before firing an alert.
+                          type: string
+                        jobId:
+                          description: The forecast this alert belongs to.
+                          type: string
+                        labels:
+                          additionalProperties:
+                            type: string
+                          description: Labels to add to the alert generated in Grafana.
+                          type: object
+                          x-kubernetes-map-type: granular
+                        noDataState:
+                          description: How the alert should be processed when no data is returned by the underlying series
+                          type: string
+                        outlierId:
+                          description: The forecast this alert belongs to.
+                          type: string
+                        threshold:
+                          description: The threshold of points over the window that need to be anomalous to alert.
+                          type: string
+                        title:
+                          description: The title of the alert.
+                          type: string
+                        window:
+                          description: How much time to average values over
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.title is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.title) || (has(self.initProvider) && has(self.initProvider.title))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-ml/Composition-Alert.yaml b/packages/grafana-namespaced-ml/Composition-Alert.yaml
new file mode 100644
index 0000000..0659feb
--- /dev/null
+++ b/packages/grafana-namespaced-ml/Composition-Alert.yaml
@@ -0,0 +1,131 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xalerts.ml.grafana.net.namespaced
+  name: alert-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: ml.grafana.net.namespaced/v1alpha1
+    kind: XAlert
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: ml.grafana.crossplane.io/v1alpha1
+              kind: Alert
+            name: alert
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.annotations
+                toFieldPath: spec.forProvider.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.anomalyCondition
+                toFieldPath: spec.forProvider.anomalyCondition
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.for
+                toFieldPath: spec.forProvider.for
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.jobId
+                toFieldPath: spec.forProvider.jobId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.labels
+                toFieldPath: spec.forProvider.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.noDataState
+                toFieldPath: spec.forProvider.noDataState
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.outlierId
+                toFieldPath: spec.forProvider.outlierId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.threshold
+                toFieldPath: spec.forProvider.threshold
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.title
+                toFieldPath: spec.forProvider.title
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.window
+                toFieldPath: spec.forProvider.window
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.annotations
+                toFieldPath: spec.initProvider.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.anomalyCondition
+                toFieldPath: spec.initProvider.anomalyCondition
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.for
+                toFieldPath: spec.initProvider.for
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.jobId
+                toFieldPath: spec.initProvider.jobId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.labels
+                toFieldPath: spec.initProvider.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.noDataState
+                toFieldPath: spec.initProvider.noDataState
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.outlierId
+                toFieldPath: spec.initProvider.outlierId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.threshold
+                toFieldPath: spec.initProvider.threshold
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.title
+                toFieldPath: spec.initProvider.title
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.window
+                toFieldPath: spec.initProvider.window
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/CompositeResourceDefinition-DashboardPermissionItem.yaml b/packages/grafana-namespaced-oss/CompositeResourceDefinition-DashboardPermissionItem.yaml
new file mode 100644
index 0000000..58651ca
--- /dev/null
+++ b/packages/grafana-namespaced-oss/CompositeResourceDefinition-DashboardPermissionItem.yaml
@@ -0,0 +1,452 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xdashboardpermissionitems.oss.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: DashboardPermissionItem
+    plural: dashboardpermissionitems
+  defaultCompositionRef:
+    name: dashboardpermissionitem-namespaced
+  group: oss.grafana.net.namespaced
+  names:
+    kind: XDashboardPermissionItem
+    plural: xdashboardpermissionitems
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: DashboardPermissionItemSpec defines the desired state of DashboardPermissionItem
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        dashboardUid:
+                          description: |-
+                            (String) The UID of the dashboard.
+                            The UID of the dashboard.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        role:
+                          description: |-
+                            (String) the role onto which the permission is to be assigned
+                            the role onto which the permission is to be assigned
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        dashboardUid:
+                          description: |-
+                            (String) The UID of the dashboard.
+                            The UID of the dashboard.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        role:
+                          description: |-
+                            (String) the role onto which the permission is to be assigned
+                            the role onto which the permission is to be assigned
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.dashboardUid is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.dashboardUid) || (has(self.initProvider) && has(self.initProvider.dashboardUid))"
+                    - message: spec.forProvider.permission is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permission) || (has(self.initProvider) && has(self.initProvider.permission))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/CompositeResourceDefinition-DataSourceConfig.yaml b/packages/grafana-namespaced-oss/CompositeResourceDefinition-DataSourceConfig.yaml
new file mode 100644
index 0000000..73d57d0
--- /dev/null
+++ b/packages/grafana-namespaced-oss/CompositeResourceDefinition-DataSourceConfig.yaml
@@ -0,0 +1,474 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xdatasourceconfigs.oss.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: DataSourceConfig
+    plural: datasourceconfigs
+  defaultCompositionRef:
+    name: datasourceconfig-namespaced
+  group: oss.grafana.net.namespaced
+  names:
+    kind: XDataSourceConfig
+    plural: xdatasourceconfigs
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: DataSourceConfigSpec defines the desired state of DataSourceConfig
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        httpHeadersSecretRef:
+                          description: |-
+                            (Map of String, Sensitive) Custom HTTP headers
+                            Custom HTTP headers
+                          properties:
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - name
+                            - namespace
+                          type: object
+                        jsonDataEncoded:
+                          description: |-
+                            (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                            Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                            The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        secureJsonDataEncodedSecretRef:
+                          description: |-
+                            (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                            Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        uid:
+                          description: |-
+                            (String) Unique identifier. If unset, this will be automatically generated.
+                            Unique identifier. If unset, this will be automatically generated.
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        httpHeadersSecretRef:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        jsonDataEncoded:
+                          description: |-
+                            (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                            Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                            The Organization ID. If not set, the Org ID defined in the provider block will be used.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        secureJsonDataEncodedSecretRef:
+                          description: |-
+                            (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                            Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+                          properties:
+                            key:
+                              description: The key to select.
+                              type: string
+                            name:
+                              description: Name of the secret.
+                              type: string
+                            namespace:
+                              description: Namespace of the secret.
+                              type: string
+                          required:
+                            - key
+                            - name
+                            - namespace
+                          type: object
+                        uid:
+                          description: |-
+                            (String) Unique identifier. If unset, this will be automatically generated.
+                            Unique identifier. If unset, this will be automatically generated.
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/CompositeResourceDefinition-FolderPermissionItem.yaml b/packages/grafana-namespaced-oss/CompositeResourceDefinition-FolderPermissionItem.yaml
new file mode 100644
index 0000000..5d9dd69
--- /dev/null
+++ b/packages/grafana-namespaced-oss/CompositeResourceDefinition-FolderPermissionItem.yaml
@@ -0,0 +1,452 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xfolderpermissionitems.oss.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: FolderPermissionItem
+    plural: folderpermissionitems
+  defaultCompositionRef:
+    name: folderpermissionitem-namespaced
+  group: oss.grafana.net.namespaced
+  names:
+    kind: XFolderPermissionItem
+    plural: xfolderpermissionitems
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: FolderPermissionItemSpec defines the desired state of FolderPermissionItem
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        folderUid:
+                          description: |-
+                            (String) The UID of the folder.
+                            The UID of the folder.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        role:
+                          description: |-
+                            (String) the role onto which the permission is to be assigned
+                            the role onto which the permission is to be assigned
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        folderUid:
+                          description: |-
+                            (String) The UID of the folder.
+                            The UID of the folder.
+                          type: string
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        role:
+                          description: |-
+                            (String) the role onto which the permission is to be assigned
+                            the role onto which the permission is to be assigned
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.folderUid is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.folderUid) || (has(self.initProvider) && has(self.initProvider.folderUid))"
+                    - message: spec.forProvider.permission is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permission) || (has(self.initProvider) && has(self.initProvider.permission))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/CompositeResourceDefinition-ServiceAccountPermissionItem.yaml b/packages/grafana-namespaced-oss/CompositeResourceDefinition-ServiceAccountPermissionItem.yaml
new file mode 100644
index 0000000..9b79685
--- /dev/null
+++ b/packages/grafana-namespaced-oss/CompositeResourceDefinition-ServiceAccountPermissionItem.yaml
@@ -0,0 +1,442 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  name: xserviceaccountpermissionitems.oss.grafana.net.namespaced
+spec:
+  claimNames:
+    kind: ServiceAccountPermissionItem
+    plural: serviceaccountpermissionitems
+  defaultCompositionRef:
+    name: serviceaccountpermissionitem-namespaced
+  group: oss.grafana.net.namespaced
+  names:
+    kind: XServiceAccountPermissionItem
+    plural: xserviceaccountpermissionitems
+  versions:
+    - name: v1alpha1
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                parameters:
+                  description: ServiceAccountPermissionItemSpec defines the desired state of ServiceAccountPermissionItem
+                  properties:
+                    deletionPolicy:
+                      default: Delete
+                      description: |-
+                        DeletionPolicy specifies what will happen to the underlying external
+                        when this managed resource is deleted - either "Delete" or "Orphan" the
+                        external resource.
+                        This field is planned to be deprecated in favor of the ManagementPolicies
+                        field in a future release. Currently, both could be set independently and
+                        non-default values would be honored if the feature flag is enabled.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                      enum:
+                        - Orphan
+                        - Delete
+                      type: string
+                    externalName:
+                      description: |
+                        The name of the managed resource inside the Provider.
+                        By default Providers give external resources the same name as the Kubernetes object. A provider uses the external name to lookup a managed resource in an external system. The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.
+                        
+                        Docs: https://docs.crossplane.io/latest/concepts/managed-resources/#naming-external-resources
+                      type: string
+                    forProvider:
+                      properties:
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        serviceAccountId:
+                          description: |-
+                            (String) The ID of the service account.
+                            The ID of the service account.
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    initProvider:
+                      description: |-
+                        THIS IS A BETA FIELD. It will be honored
+                        unless the Management Policies feature flag is disabled.
+                        InitProvider holds the same fields as ForProvider, with the exception
+                        of Identifier and other resource reference fields. The fields that are
+                        in InitProvider are merged into ForProvider when the resource is created.
+                        The same fields are also added to the terraform ignore_changes hook, to
+                        avoid updating them after creation. This is useful for fields that are
+                        required on creation, but we do not desire to update them after creation,
+                        for example because of an external controller is managing them, like an
+                        autoscaler.
+                      properties:
+                        orgId:
+                          description: |-
+                            (String) The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                            The Organization ID. If not set, the default organization is used for basic authentication, or the one that owns your service account for token authentication.
+                          type: string
+                        organizationRef:
+                          description: Reference to a Organization in oss to populate orgId.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        organizationSelector:
+                          description: Selector for a Organization in oss to populate orgId.
+                          properties:
+                            matchControllerRef:
+                              description: |-
+                                MatchControllerRef ensures an object with the same controller reference
+                                as the selecting object is selected.
+                              type: boolean
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: MatchLabels ensures an object with matching labels is selected.
+                              type: object
+                            policy:
+                              description: Policies for selection.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          type: object
+                        permission:
+                          description: |-
+                            (String) the permission to be assigned
+                            the permission to be assigned
+                          type: string
+                        serviceAccountId:
+                          description: |-
+                            (String) The ID of the service account.
+                            The ID of the service account.
+                          type: string
+                        team:
+                          description: |-
+                            (String) the team onto which the permission is to be assigned
+                            the team onto which the permission is to be assigned
+                          type: string
+                        user:
+                          description: |-
+                            (String) the user or service account onto which the permission is to be assigned
+                            the user or service account onto which the permission is to be assigned
+                          type: string
+                      type: object
+                    managementPolicies:
+                      default:
+                        - "*"
+                      description: |-
+                        THIS IS A BETA FIELD. It is on by default but can be opted out
+                        through a Crossplane feature flag.
+                        ManagementPolicies specify the array of actions Crossplane is allowed to
+                        take on the managed and external resources.
+                        This field is planned to replace the DeletionPolicy field in a future
+                        release. Currently, both could be set independently and non-default
+                        values would be honored if the feature flag is enabled. If both are
+                        custom, the DeletionPolicy field will be ignored.
+                        See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
+                        and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
+                      items:
+                        description: |-
+                          A ManagementAction represents an action that the Crossplane controllers
+                          can take on an external resource.
+                        enum:
+                          - Observe
+                          - Create
+                          - Update
+                          - Delete
+                          - LateInitialize
+                          - "*"
+                        type: string
+                      type: array
+                    providerConfigRef:
+                      default:
+                        name: default
+                      description: |-
+                        ProviderConfigReference specifies how the provider that will be used to
+                        create, observe, update, and delete this managed resource should be
+                        configured.
+                      properties:
+                        name:
+                          description: Name of the referenced object.
+                          type: string
+                        policy:
+                          description: Policies for referencing.
+                          properties:
+                            resolution:
+                              default: Required
+                              description: |-
+                                Resolution specifies whether resolution of this reference is required.
+                                The default is 'Required', which means the reconcile will fail if the
+                                reference cannot be resolved. 'Optional' means this reference will be
+                                a no-op if it cannot be resolved.
+                              enum:
+                                - Required
+                                - Optional
+                              type: string
+                            resolve:
+                              description: |-
+                                Resolve specifies when this reference should be resolved. The default
+                                is 'IfNotPresent', which will attempt to resolve the reference only when
+                                the corresponding field is not present. Use 'Always' to resolve the
+                                reference on every reconcile.
+                              enum:
+                                - Always
+                                - IfNotPresent
+                              type: string
+                          type: object
+                      required:
+                        - name
+                      type: object
+                    publishConnectionDetailsTo:
+                      description: |-
+                        PublishConnectionDetailsTo specifies the connection secret config which
+                        contains a name, metadata and a reference to secret store config to
+                        which any connection details for this managed resource should be written.
+                        Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                      properties:
+                        configRef:
+                          default:
+                            name: default
+                          description: |-
+                            SecretStoreConfigRef specifies which secret store config should be used
+                            for this ConnectionSecret.
+                          properties:
+                            name:
+                              description: Name of the referenced object.
+                              type: string
+                            policy:
+                              description: Policies for referencing.
+                              properties:
+                                resolution:
+                                  default: Required
+                                  description: |-
+                                    Resolution specifies whether resolution of this reference is required.
+                                    The default is 'Required', which means the reconcile will fail if the
+                                    reference cannot be resolved. 'Optional' means this reference will be
+                                    a no-op if it cannot be resolved.
+                                  enum:
+                                    - Required
+                                    - Optional
+                                  type: string
+                                resolve:
+                                  description: |-
+                                    Resolve specifies when this reference should be resolved. The default
+                                    is 'IfNotPresent', which will attempt to resolve the reference only when
+                                    the corresponding field is not present. Use 'Always' to resolve the
+                                    reference on every reconcile.
+                                  enum:
+                                    - Always
+                                    - IfNotPresent
+                                  type: string
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        metadata:
+                          description: Metadata is the metadata for connection secret.
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Annotations are the annotations to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.annotations".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            labels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                Labels are the labels/tags to be added to connection secret.
+                                - For Kubernetes secrets, this will be used as "metadata.labels".
+                                - It is up to Secret Store implementation for others store types.
+                              type: object
+                            type:
+                              description: |-
+                                Type is the SecretType for the connection secret.
+                                - Only valid for Kubernetes Secret Stores.
+                              type: string
+                          type: object
+                        name:
+                          description: Name is the name of the connection secret.
+                          type: string
+                      required:
+                        - name
+                      type: object
+                    writeConnectionSecretToRef:
+                      description: |-
+                        WriteConnectionSecretToReference specifies the namespace and name of a
+                        Secret to which any connection details for this managed resource should
+                        be written. Connection details frequently include the endpoint, username,
+                        and password required to connect to the managed resource.
+                        This field is planned to be replaced in a future release in favor of
+                        PublishConnectionDetailsTo. Currently, both could be set independently
+                        and connection details would be published to both without affecting
+                        each other.
+                      properties:
+                        name:
+                          description: Name of the secret.
+                          type: string
+                        namespace:
+                          description: Namespace of the secret.
+                          type: string
+                      required:
+                        - name
+                        - namespace
+                      type: object
+                  required:
+                    - forProvider
+                  type: object
+                  x-kubernetes-validations:
+                    - message: spec.forProvider.permission is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.permission) || (has(self.initProvider) && has(self.initProvider.permission))"
+                    - message: spec.forProvider.serviceAccountId is a required parameter
+                      rule: "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.serviceAccountId) || (has(self.initProvider) && has(self.initProvider.serviceAccountId))"
+              type: object
+          type: object
+      served: true
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/Composition-DashboardPermissionItem.yaml b/packages/grafana-namespaced-oss/Composition-DashboardPermissionItem.yaml
new file mode 100644
index 0000000..3e6326a
--- /dev/null
+++ b/packages/grafana-namespaced-oss/Composition-DashboardPermissionItem.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xdashboardpermissionitems.oss.grafana.net.namespaced
+  name: dashboardpermissionitem-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: oss.grafana.net.namespaced/v1alpha1
+    kind: XDashboardPermissionItem
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: oss.grafana.crossplane.io/v1alpha1
+              kind: DashboardPermissionItem
+            name: dashboardpermissionitem
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.dashboardUid
+                toFieldPath: spec.forProvider.dashboardUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.orgId
+                toFieldPath: spec.forProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.name
+                toFieldPath: spec.forProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolution
+                toFieldPath: spec.forProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolve
+                toFieldPath: spec.forProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.forProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchLabels
+                toFieldPath: spec.forProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.permission
+                toFieldPath: spec.forProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.role
+                toFieldPath: spec.forProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.team
+                toFieldPath: spec.forProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.user
+                toFieldPath: spec.forProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.dashboardUid
+                toFieldPath: spec.initProvider.dashboardUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.orgId
+                toFieldPath: spec.initProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.name
+                toFieldPath: spec.initProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolution
+                toFieldPath: spec.initProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolve
+                toFieldPath: spec.initProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.initProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchLabels
+                toFieldPath: spec.initProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.permission
+                toFieldPath: spec.initProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.role
+                toFieldPath: spec.initProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.team
+                toFieldPath: spec.initProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.user
+                toFieldPath: spec.initProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/Composition-DataSourceConfig.yaml b/packages/grafana-namespaced-oss/Composition-DataSourceConfig.yaml
new file mode 100644
index 0000000..2e940ec
--- /dev/null
+++ b/packages/grafana-namespaced-oss/Composition-DataSourceConfig.yaml
@@ -0,0 +1,158 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xdatasourceconfigs.oss.grafana.net.namespaced
+  name: datasourceconfig-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: oss.grafana.net.namespaced/v1alpha1
+    kind: XDataSourceConfig
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: oss.grafana.crossplane.io/v1alpha1
+              kind: DataSourceConfig
+            name: datasourceconfig
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.httpHeadersSecretRef.name
+                toFieldPath: spec.forProvider.httpHeadersSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.httpHeadersSecretRef.namespace
+                toFieldPath: spec.forProvider.httpHeadersSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.jsonDataEncoded
+                toFieldPath: spec.forProvider.jsonDataEncoded
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.orgId
+                toFieldPath: spec.forProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.name
+                toFieldPath: spec.forProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolution
+                toFieldPath: spec.forProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolve
+                toFieldPath: spec.forProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.forProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchLabels
+                toFieldPath: spec.forProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.secureJsonDataEncodedSecretRef.key
+                toFieldPath: spec.forProvider.secureJsonDataEncodedSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.secureJsonDataEncodedSecretRef.name
+                toFieldPath: spec.forProvider.secureJsonDataEncodedSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.secureJsonDataEncodedSecretRef.namespace
+                toFieldPath: spec.forProvider.secureJsonDataEncodedSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.uid
+                toFieldPath: spec.forProvider.uid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.httpHeadersSecretRef
+                toFieldPath: spec.initProvider.httpHeadersSecretRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.jsonDataEncoded
+                toFieldPath: spec.initProvider.jsonDataEncoded
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.orgId
+                toFieldPath: spec.initProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.name
+                toFieldPath: spec.initProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolution
+                toFieldPath: spec.initProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolve
+                toFieldPath: spec.initProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.initProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchLabels
+                toFieldPath: spec.initProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.secureJsonDataEncodedSecretRef.key
+                toFieldPath: spec.initProvider.secureJsonDataEncodedSecretRef.key
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.secureJsonDataEncodedSecretRef.name
+                toFieldPath: spec.initProvider.secureJsonDataEncodedSecretRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.secureJsonDataEncodedSecretRef.namespace
+                toFieldPath: spec.initProvider.secureJsonDataEncodedSecretRef.namespace
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.uid
+                toFieldPath: spec.initProvider.uid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/Composition-FolderPermissionItem.yaml b/packages/grafana-namespaced-oss/Composition-FolderPermissionItem.yaml
new file mode 100644
index 0000000..b12ca0f
--- /dev/null
+++ b/packages/grafana-namespaced-oss/Composition-FolderPermissionItem.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xfolderpermissionitems.oss.grafana.net.namespaced
+  name: folderpermissionitem-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: oss.grafana.net.namespaced/v1alpha1
+    kind: XFolderPermissionItem
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: oss.grafana.crossplane.io/v1alpha1
+              kind: FolderPermissionItem
+            name: folderpermissionitem
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.folderUid
+                toFieldPath: spec.forProvider.folderUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.orgId
+                toFieldPath: spec.forProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.name
+                toFieldPath: spec.forProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolution
+                toFieldPath: spec.forProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolve
+                toFieldPath: spec.forProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.forProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchLabels
+                toFieldPath: spec.forProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.permission
+                toFieldPath: spec.forProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.role
+                toFieldPath: spec.forProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.team
+                toFieldPath: spec.forProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.user
+                toFieldPath: spec.forProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.folderUid
+                toFieldPath: spec.initProvider.folderUid
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.orgId
+                toFieldPath: spec.initProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.name
+                toFieldPath: spec.initProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolution
+                toFieldPath: spec.initProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolve
+                toFieldPath: spec.initProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.initProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchLabels
+                toFieldPath: spec.initProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.permission
+                toFieldPath: spec.initProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.role
+                toFieldPath: spec.initProvider.role
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.team
+                toFieldPath: spec.initProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.user
+                toFieldPath: spec.initProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file
diff --git a/packages/grafana-namespaced-oss/Composition-ServiceAccountPermissionItem.yaml b/packages/grafana-namespaced-oss/Composition-ServiceAccountPermissionItem.yaml
new file mode 100644
index 0000000..83f65c3
--- /dev/null
+++ b/packages/grafana-namespaced-oss/Composition-ServiceAccountPermissionItem.yaml
@@ -0,0 +1,143 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+    tanka.dev/namespaced: "false"
+  labels:
+    crossplane.io/xrd: xserviceaccountpermissionitems.oss.grafana.net.namespaced
+  name: serviceaccountpermissionitem-namespaced
+spec:
+  compositeTypeRef:
+    apiVersion: oss.grafana.net.namespaced/v1alpha1
+    kind: XServiceAccountPermissionItem
+  mode: Pipeline
+  pipeline:
+    - functionRef:
+        name: function-patch-and-transform
+      input:
+        apiVersion: pt.fn.crossplane.io/v1beta1
+        kind: Resources
+        resources:
+          - base:
+              apiVersion: oss.grafana.crossplane.io/v1alpha1
+              kind: ServiceAccountPermissionItem
+            name: serviceaccountpermissionitem
+            patches:
+              - fromFieldPath: spec.parameters.externalName
+                toFieldPath: "metadata.annotations[\"crossplane.io/external-name\"]"
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.deletionPolicy
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.orgId
+                toFieldPath: spec.forProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.name
+                toFieldPath: spec.forProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolution
+                toFieldPath: spec.forProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationRef.policy.resolve
+                toFieldPath: spec.forProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.forProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.matchLabels
+                toFieldPath: spec.forProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.forProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.permission
+                toFieldPath: spec.forProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.serviceAccountId
+                toFieldPath: spec.forProvider.serviceAccountId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.team
+                toFieldPath: spec.forProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.forProvider.user
+                toFieldPath: spec.forProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.orgId
+                toFieldPath: spec.initProvider.orgId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.name
+                toFieldPath: spec.initProvider.organizationRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolution
+                toFieldPath: spec.initProvider.organizationRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationRef.policy.resolve
+                toFieldPath: spec.initProvider.organizationRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchControllerRef
+                toFieldPath: spec.initProvider.organizationSelector.matchControllerRef
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.matchLabels
+                toFieldPath: spec.initProvider.organizationSelector.matchLabels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolution
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.organizationSelector.policy.resolve
+                toFieldPath: spec.initProvider.organizationSelector.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.permission
+                toFieldPath: spec.initProvider.permission
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.serviceAccountId
+                toFieldPath: spec.initProvider.serviceAccountId
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.team
+                toFieldPath: spec.initProvider.team
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.initProvider.user
+                toFieldPath: spec.initProvider.user
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.managementPolicies
+                toFieldPath: spec.managementPolicies
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.name
+                toFieldPath: spec.providerConfigRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolution
+                toFieldPath: spec.providerConfigRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.providerConfigRef.policy.resolve
+                toFieldPath: spec.providerConfigRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.name
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolution
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolution
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.configRef.policy.resolve
+                toFieldPath: spec.publishConnectionDetailsTo.configRef.policy.resolve
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.annotations
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.annotations
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.labels
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.labels
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.metadata.type
+                toFieldPath: spec.publishConnectionDetailsTo.metadata.type
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.publishConnectionDetailsTo.name
+                toFieldPath: spec.publishConnectionDetailsTo.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.name
+                toFieldPath: spec.writeConnectionSecretToRef.name
+                type: FromCompositeFieldPath
+              - fromFieldPath: spec.parameters.writeConnectionSecretToRef.namespace
+                toFieldPath: spec.writeConnectionSecretToRef.namespace
+                type: FromCompositeFieldPath
+      step: patch-and-transform
\ No newline at end of file