diff --git a/go.mod b/go.mod index aab1676d03..a42f7b8f48 100644 --- a/go.mod +++ b/go.mod @@ -7,24 +7,24 @@ go 1.25.1 require ( github.com/Masterminds/semver/v3 v3.4.0 github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2 - github.com/aws/aws-sdk-go-v2 v1.41.1 + github.com/aws/aws-sdk-go-v2 v1.41.2 github.com/aws/aws-sdk-go-v2/config v1.32.7 github.com/aws/aws-sdk-go-v2/credentials v1.19.7 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.0 - github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.5 - github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.5 - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.1 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.1 + github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.6 + github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.6 + github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.2 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.289.0 - github.com/aws/aws-sdk-go-v2/service/eks v1.80.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.19 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.6 - github.com/aws/aws-sdk-go-v2/service/iam v1.53.2 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.291.0 + github.com/aws/aws-sdk-go-v2/service/eks v1.80.1 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.20 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.7 + github.com/aws/aws-sdk-go-v2/service/iam v1.53.3 github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 - github.com/aws/aws-sdk-go-v2/service/outposts v1.57.11 - github.com/aws/aws-sdk-go-v2/service/ssm v1.67.8 + github.com/aws/aws-sdk-go-v2/service/outposts v1.57.12 + github.com/aws/aws-sdk-go-v2/service/ssm v1.68.1 github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 - github.com/aws/smithy-go v1.24.0 + github.com/aws/smithy-go v1.24.1 github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20260213141146-147b13ea3f4a github.com/benjamintf1/unmarshalledmatchers v1.0.0 github.com/blang/semver/v4 v4.0.0 @@ -134,16 +134,16 @@ require ( github.com/ashanbrown/forbidigo/v2 v2.3.0 // indirect github.com/ashanbrown/makezero/v2 v2.1.0 // indirect github.com/atotto/clipboard v0.1.4 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.5 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 // indirect github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 // indirect github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3 // indirect github.com/aws/aws-sdk-go-v2/service/route53 v1.52.2 // indirect diff --git a/go.sum b/go.sum index 60d3489e0c..a97603660e 100644 --- a/go.sum +++ b/go.sum @@ -108,58 +108,58 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2 h1:F8GBspJo+RmR4rYyw75XywEEQHQxBbF7QYKaMMnYREc= github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2/go.mod h1:wdlMRtz9G4IO6H1yZPsqfGBxR8E6B/bdxHlGkls4kGQ= -github.com/aws/aws-sdk-go-v2 v1.41.1 h1:ABlyEARCDLN034NhxlRUSZr4l71mh+T5KAeGh6cerhU= -github.com/aws/aws-sdk-go-v2 v1.41.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= +github.com/aws/aws-sdk-go-v2 v1.41.2 h1:LuT2rzqNQsauaGkPK/7813XxcZ3o3yePY0Iy891T2ls= +github.com/aws/aws-sdk-go-v2 v1.41.2/go.mod h1:IvvlAZQXvTXznUPfRVfryiG1fbzE2NGK6m9u39YQ+S4= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.5 h1:zWFmPmgw4sveAYi1mRqG+E/g0461cJ5M4bJ8/nc6d3Q= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.5/go.mod h1:nVUlMLVV8ycXSb7mSkcNu9e3v/1TJq2RTlrPwhYWr5c= github.com/aws/aws-sdk-go-v2/config v1.32.7 h1:vxUyWGUwmkQ2g19n7JY/9YL8MfAIl7bTesIUykECXmY= github.com/aws/aws-sdk-go-v2/config v1.32.7/go.mod h1:2/Qm5vKUU/r7Y+zUk/Ptt2MDAEKAfUtKc1+3U1Mo3oY= github.com/aws/aws-sdk-go-v2/credentials v1.19.7 h1:tHK47VqqtJxOymRrNtUXN5SP/zUTvZKeLx4tH6PGQc8= github.com/aws/aws-sdk-go-v2/credentials v1.19.7/go.mod h1:qOZk8sPDrxhf+4Wf4oT2urYJrYt3RejHSzgAquYeppw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 h1:I0GyV8wiYrP8XpA70g1HBcQO1JlQxCMTW9npl5UbDHY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17/go.mod h1:tyw7BOl5bBe/oqvoIeECFJjMdzXoa/dfVz3QQ5lgHGA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 h1:xOLELNKGp2vsiteLsvLPwxC+mYmO6OZ8PYgiuPJzF8U= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17/go.mod h1:5M5CI3D12dNOtH3/mk6minaRwI2/37ifCURZISxA/IQ= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 h1:WWLqlh79iO48yLkj1v3ISRNiv+3KdQoZ6JWyfcsyQik= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17/go.mod h1:EhG22vHRrvF8oXSTYStZhJc1aUgKtnJe+aOiFEV90cM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18 h1:F43zk1vemYIqPAwhjTjYIz0irU2EY7sOb/F5eJ3HuyM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18/go.mod h1:w1jdlZXrGKaJcNoL+Nnrj+k5wlpGXqnNrKoP22HvAug= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18 h1:xCeWVjj0ki0l3nruoyP2slHsGArMxeiiaoPN5QZH6YQ= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18/go.mod h1:r/eLGuGCBw6l36ZRWiw6PaZwPXb6YOj+i/7MizNl5/k= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 h1:ITi7qiDSv/mSGDSWNpZ4k4Ve0DQR6Ug2SJQ8zEHoDXg= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14/go.mod h1:k1xtME53H1b6YpZt74YmwlONMWf4ecM+lut1WQLAF/U= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.0 h1:s92jPptCu97RNwU1yF3jD4ahLZrQ0QkUIvrn464rQ2A= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.0/go.mod h1:8O5Pj92iNpfw/Fa7WdHbn6YiEjDoVdutz+9PGRNoP3Y= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.5 h1:UNllAzfiRvz9il9s0yHJkySMJbxWqEVDfyLdDblnuT4= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.5/go.mod h1:d6XSvIZM3pSKyXNbezwYT3nAcJeUzsJIXtZMNuQ9K2k= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.5 h1:sSgqtZi6Kp4Pc1V4turyaux7xUXxC1JwbEF6MzTQ9oE= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.5/go.mod h1:zweZsRPub5YhgUjoMGOeRWuXOOORt6YFiA51hpmNB4c= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.1 h1:l65dmgr7tO26EcHe6WMdseRnFLoJ2nqdkPz1nJdXfaw= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.1/go.mod h1:wvnXh1w1pGS2UpEvPTKSjXYuxiXhuvob/IMaK2AWvek= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.1 h1:3eD5+Hg+h7XTwmix7vWf5oSIBp/1+KWync+JVsgfWsg= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.1/go.mod h1:c7Rb5WS2TW1nY+Mz60fPTdMAdkpZWCIzHz7HrNdKft8= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.6 h1:3Rzut9v4ULIX3kjA6w3/Zaq2g8wBx6qJXB4BhQhIgjs= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.6/go.mod h1:skaILkh1I1KNecsZHyNL4c6hdHop7apjt6YzAhezMkc= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.6 h1:I/7eKwGn6VLi+Uj0evnV9ivdck2DG0GFNzhRJtBGt4U= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.6/go.mod h1:KD0ez/ci26xygH+Cd8KdrAQN0BsTDhLmwnpZH7CzZQY= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.2 h1:9Zc/otv2WzK7gbhXIbDfzV5aWUoaFDV7WHPcpvp4B8o= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.2/go.mod h1:dvfInk3WN/sz8is2m5iN5EFYQzIXcQLaT2UnauE8uL4= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7 h1:1LPBlVrceFenrbWOZBGu8KTmX8TTMpZfRxX0HCnSjz0= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7/go.mod h1:l8KDrD4EZQwTuM69YK3LFZ4c9VbNHrzaQJjJsoIFqfo= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.289.0 h1:Ftj1M28RtAjgHpycBeQaFhfGx+aQ/swYEz+tBtIh9nE= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.289.0/go.mod h1:Uy+C+Sc58jozdoL1McQr8bDsEvNFx+/nBY+vpO1HVUY= -github.com/aws/aws-sdk-go-v2/service/eks v1.80.0 h1:moQGV8cPbVTN7r2Xte1Mybku35QDePSJEd3onYVmBtY= -github.com/aws/aws-sdk-go-v2/service/eks v1.80.0/go.mod h1:Qg678m+87sCuJhcsZojenz8mblYG+Tq86V4m3hjVz0s= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.19 h1:ybEda2mkkX2o8NadXZBtcO9tgmW9cTQgeVSjypNsAy0= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.19/go.mod h1:RiMytGvN4azx4yLM0Kn3bX/XO9dLxj+eG72Smy+vNzI= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.6 h1:fQR1aeZKaiPkNPya0JMy2nhsoqoSgIWc3/QTiTiL1K0= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.6/go.mod h1:oJRLDix51wqBDlP9dv+blFkvvf7HESolQz5cdhdmV4A= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.291.0 h1:E0/zdPeHKCpXVRAImhnHJYgpfZnTCjnr6i75gZIhwHs= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.291.0/go.mod h1:2dMnUs1QzlGzsm46i9oBHAxVHQp7b6qF7PljWcgVEVE= +github.com/aws/aws-sdk-go-v2/service/eks v1.80.1 h1:Aivj88+23MYkW/B507eqsnLHTMmj4A/Us2AxKz+PDkM= +github.com/aws/aws-sdk-go-v2/service/eks v1.80.1/go.mod h1:p30UgulgoiPvwWGGfVeiaCbOzD1PTObBVYn6MmCPHVg= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.20 h1:kHQywC96ZviLmJJmgWKm6NTGX1BR3hEv52Gl82ik0i0= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.20/go.mod h1:bsLJBZhd8V2OqgNFn61nVh6PTluA4JZh+/DIneIntw4= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.7 h1:txeoy+BxL/Xef6Cl8zAq4ZewY7c+KnQ3gPSMSTTkTt4= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.7/go.mod h1:tv2v97S1V5kkp/1vneSYad5Cnrbo+4vfiNNAKCWNKIk= github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3 h1:T6L7fsONflMeXuvsT8qZ247hA8ShBB0jF9yUEhW4JqI= github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3/go.mod h1:sIrUII6Z+hAVAgcpmsc2e9HvEr++m/v8aBPT7s4ZYUk= -github.com/aws/aws-sdk-go-v2/service/iam v1.53.2 h1:62G6btFUwAa5uR5iPlnlNVAM0zJSLbWgDfKOfUC7oW4= -github.com/aws/aws-sdk-go-v2/service/iam v1.53.2/go.mod h1:av9clChrbZbJ5E21msSsiT2oghl2BJHfQGhCkXmhyu8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.3 h1:boKZv8dNdHznhAA68hb/dqFz5pxoWmRAOJr9LtscVCI= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.3/go.mod h1:E0QHh3aEwxYb7xshjvxYDELiOda7KBYJ77e/TvGhpcM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5 h1:CeY9LUdur+Dxoeldqoun6y4WtJ3RQtzk0JMP2gfUay0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5/go.mod h1:AZLZf2fMaahW5s/wMRciu1sYbdsikT/UHwbUjOdEVTc= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 h1:Hjkh7kE6D81PgrHlE/m9gx+4TyyeLHuY8xJs7yXN5C4= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5/go.mod h1:nPRXgyCfAurhyaTMoBMwRBYBhaHI4lNPAnJmjM0Tslc= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 h1:RuNSMoozM8oXlgLG/n6WLaFGoea7/CddrCfIiSA+xdY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17/go.mod h1:F2xxQ9TZz5gDWsclCtPQscGpP0VUOc8RqgFM3vDENmU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18 h1:LTRCYFlnnKFlKsyIQxKhJuDuA3ZkrDQMRYm6rXiHlLY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18/go.mod h1:XhwkgGG6bHSd00nO/mexWTcTjgd6PjuvWQMqSn2UaEk= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 h1:FzQE21lNtUor0Fb7QNgnEyiRCBlolLTX/Z1j65S7teM= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14/go.mod h1:s1ydyWG9pm3ZwmmYN21HKyG9WzAZhYVW85wMHs5FV6w= github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 h1:6+C0RoGF4HJQALrsecOXN7cm/l5rgNHCw2xbcvFgpH4= github.com/aws/aws-sdk-go-v2/service/kms v1.47.1/go.mod h1:VJcNH6BLr+3VJwinRKdotLOMglHO8mIKlD3ea5c7hbw= -github.com/aws/aws-sdk-go-v2/service/outposts v1.57.11 h1:pTBv1tqYHwSFkXSxpXrfAY83kBIec5YtVEZJaXcu7es= -github.com/aws/aws-sdk-go-v2/service/outposts v1.57.11/go.mod h1:TcrxIboCEZ2fBS0g66qoDvJ4+MfRGf8Xnf6iDR84nAo= +github.com/aws/aws-sdk-go-v2/service/outposts v1.57.12 h1:WKhrnkrXnuMunZlzyvCIuM8mP7hE3eW0vu+kkPQhnlY= +github.com/aws/aws-sdk-go-v2/service/outposts v1.57.12/go.mod h1:SzuukjKn9dAz2nrgRz2jXDeii4BEACa9jFzuVJKjalc= github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3 h1:vAv0hi3SWcc8cotkWRP4mPkmRbp/XqWKFyPW4Nwpzv0= github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3/go.mod h1:giTP9ufzBQJRB6bc7P30PO8s35hCp6au5uM70zkohU4= github.com/aws/aws-sdk-go-v2/service/route53 v1.52.2 h1:dXHWVVPx2W2fq2PTugj8QXpJ0YTRAGx0KLPKhMBmcsY= @@ -170,16 +170,16 @@ github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 h1:VrhDvQib/i0lxvr3zqlUwLwJP4 github.com/aws/aws-sdk-go-v2/service/signin v1.0.5/go.mod h1:k029+U8SY30/3/ras4G/Fnv/b88N4mAfliNn08Dem4M= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8 h1:80dpSqWMwx2dAm30Ib7J6ucz1ZHfiv5OCRwN/EnCOXQ= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8/go.mod h1:IzNt/udsXlETCdvBOL0nmyMe2t9cGmXmZgsdoZGYYhI= -github.com/aws/aws-sdk-go-v2/service/ssm v1.67.8 h1:31Llf5VfrZ78YvYs7sWcS7L2m3waikzRc6q1nYenVS4= -github.com/aws/aws-sdk-go-v2/service/ssm v1.67.8/go.mod h1:/jgaDlU1UImoxTxhRNxXHvBAPqPZQ8oCjcPbbkR6kac= +github.com/aws/aws-sdk-go-v2/service/ssm v1.68.1 h1:kDgdZuYBWSsh3U/jZOXwcqfX6UsSzFcmtgKx7C0c5/E= +github.com/aws/aws-sdk-go-v2/service/ssm v1.68.1/go.mod h1:xyao5chroDlX/9q/rKBxRKZPv9NdG5Pm9W5zS+wQJ84= github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 h1:v6EiMvhEYBoHABfbGB4alOYmCIrcgyPPiBE1wZAEbqk= github.com/aws/aws-sdk-go-v2/service/sso v1.30.9/go.mod h1:yifAsgBxgJWn3ggx70A3urX2AN49Y5sJTD1UQFlfqBw= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 h1:gd84Omyu9JLriJVCbGApcLzVR3XtmC4ZDPcAI6Ftvds= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13/go.mod h1:sTGThjphYE4Ohw8vJiRStAcu3rbjtXRsdNB0TvZ5wwo= github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 h1:5fFjR/ToSOzB2OQ/XqWpZBmNvmP/pJ1jOWYlFDJTjRQ= github.com/aws/aws-sdk-go-v2/service/sts v1.41.6/go.mod h1:qgFDZQSD/Kys7nJnVqYlWKnh0SSdMjAi0uSwON4wgYQ= -github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= -github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/aws/smithy-go v1.24.1 h1:VbyeNfmYkWoxMVpGUAbQumkODcYmfMRfZ8yQiH30SK0= +github.com/aws/smithy-go v1.24.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20260213141146-147b13ea3f4a h1:xGY9gNZ4pGlqZti3DlsR8WiHz9sjjfaofG0KH0UgAhg= github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20260213141146-147b13ea3f4a/go.mod h1:JndTvVCUQsR9TiNZ6g9J5V2LGQkuhhgUGuxzWhNZLA0= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= diff --git a/pkg/actions/karpenter/create.go b/pkg/actions/karpenter/create.go index ed40379b09..518d8ec897 100644 --- a/pkg/actions/karpenter/create.go +++ b/pkg/actions/karpenter/create.go @@ -9,6 +9,10 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + awseks "github.com/aws/aws-sdk-go-v2/service/eks" + api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5" "github.com/weaveworks/eksctl/pkg/authconfigmap" "github.com/weaveworks/eksctl/pkg/cfn/builder" @@ -81,6 +85,32 @@ func (i *Installer) Create(ctx context.Context) error { return fmt.Errorf("failed to save the identity config: %w", err) } + // Tag the cluster security group with karpenter.sh/discovery if the tag is configured. + // EKS does not propagate cluster tags to the cluster security group, so we need to do this explicitly. + if discoveryValue, ok := i.Config.Metadata.Tags["karpenter.sh/discovery"]; ok { + describeOutput, err := i.CTL.AWSProvider.EKS().DescribeCluster(ctx, &awseks.DescribeClusterInput{ + Name: aws.String(i.Config.Metadata.Name), + }) + if err != nil { + return fmt.Errorf("failed to describe cluster to get security group: %w", err) + } + clusterSGID := aws.ToString(describeOutput.Cluster.ResourcesVpcConfig.ClusterSecurityGroupId) + if clusterSGID != "" { + logger.Info("tagging cluster security group %s with karpenter.sh/discovery=%s", clusterSGID, discoveryValue) + if _, err := i.CTL.AWSProvider.EC2().CreateTags(ctx, &ec2.CreateTagsInput{ + Resources: []string{clusterSGID}, + Tags: []ec2types.Tag{ + { + Key: aws.String("karpenter.sh/discovery"), + Value: aws.String(discoveryValue), + }, + }, + }); err != nil { + return fmt.Errorf("failed to tag cluster security group: %w", err) + } + } + } + // Install Karpenter return i.KarpenterInstaller.Install(context.Background(), roleARN, instanceProfileName) } diff --git a/pkg/actions/karpenter/create_test.go b/pkg/actions/karpenter/create_test.go index 8a90e8941b..e3fe4c0a68 100644 --- a/pkg/actions/karpenter/create_test.go +++ b/pkg/actions/karpenter/create_test.go @@ -7,6 +7,7 @@ import ( "fmt" "net" + awseks "github.com/aws/aws-sdk-go-v2/service/eks" ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types" "github.com/aws/aws-sdk-go-v2/service/ec2" @@ -376,6 +377,100 @@ var _ = Describe("Create", func() { Expect(instanceProfile).To(Equal("profile")) }) }) + When("karpenter.sh/discovery tag is set in metadata.tags", func() { + BeforeEach(func() { + cfg.Metadata.Tags = map[string]string{ + "karpenter.sh/discovery": clusterName, + } + fakeCluster := testutils.NewFakeCluster(clusterName, ekstypes.ClusterStatusActive) + fakeCluster.ResourcesVpcConfig.ClusterSecurityGroupId = aws.String("sg-cluster-1234") + p.MockEKS().On("DescribeCluster", mock.Anything, mock.MatchedBy(func(input *awseks.DescribeClusterInput) bool { + return *input.Name == clusterName + })).Return(&awseks.DescribeClusterOutput{ + Cluster: fakeCluster, + }, nil) + }) + It("should tag the cluster security group with karpenter.sh/discovery", func() { + fakeKarpenterInstaller.InstallReturns(nil) + p.MockEC2().On("CreateTags", mock.Anything, &ec2.CreateTagsInput{ + Resources: []string{"sg-cluster-1234"}, + Tags: []ec2types.Tag{ + { + Key: aws.String("karpenter.sh/discovery"), + Value: aws.String(clusterName), + }, + }, + }).Return(&ec2.CreateTagsOutput{}, nil) + install := &karpenteractions.Installer{ + StackManager: fakeStackManager, + CTL: ctl, + Config: cfg, + KarpenterInstaller: fakeKarpenterInstaller, + ClientSet: fakeClientSet, + } + Expect(install.Create(context.Background())).To(Succeed()) + p.MockEC2().AssertCalled(GinkgoT(), "CreateTags", mock.Anything, &ec2.CreateTagsInput{ + Resources: []string{"sg-cluster-1234"}, + Tags: []ec2types.Tag{ + { + Key: aws.String("karpenter.sh/discovery"), + Value: aws.String(clusterName), + }, + }, + }) + }) + }) + When("karpenter.sh/discovery tag is set but DescribeCluster fails", func() { + BeforeEach(func() { + cfg.Metadata.Tags = map[string]string{ + "karpenter.sh/discovery": clusterName, + } + p.MockEKS().On("DescribeCluster", mock.Anything, mock.Anything).Return(nil, errors.New("describe failed")) + }) + It("errors", func() { + install := &karpenteractions.Installer{ + StackManager: fakeStackManager, + CTL: ctl, + Config: cfg, + KarpenterInstaller: fakeKarpenterInstaller, + ClientSet: fakeClientSet, + } + err := install.Create(context.Background()) + Expect(err).To(MatchError(ContainSubstring("failed to describe cluster to get security group"))) + }) + }) + When("karpenter.sh/discovery tag is set but tagging cluster SG fails", func() { + BeforeEach(func() { + cfg.Metadata.Tags = map[string]string{ + "karpenter.sh/discovery": clusterName, + } + fakeCluster := testutils.NewFakeCluster(clusterName, ekstypes.ClusterStatusActive) + fakeCluster.ResourcesVpcConfig.ClusterSecurityGroupId = aws.String("sg-cluster-1234") + // Allow subnet tagging to succeed, but fail on cluster SG tagging + p.MockEKS().On("DescribeCluster", mock.Anything, mock.Anything).Return(&awseks.DescribeClusterOutput{ + Cluster: fakeCluster, + }, nil) + p.MockEC2().On("CreateTags", mock.Anything, mock.MatchedBy(func(input *ec2.CreateTagsInput) bool { + for _, r := range input.Resources { + if r == "sg-cluster-1234" { + return true + } + } + return false + })).Return(nil, errors.New("tag failed")) + }) + It("errors", func() { + install := &karpenteractions.Installer{ + StackManager: fakeStackManager, + CTL: ctl, + Config: cfg, + KarpenterInstaller: fakeKarpenterInstaller, + ClientSet: fakeClientSet, + } + err := install.Create(context.Background()) + Expect(err).To(MatchError(ContainSubstring("failed to tag cluster security group"))) + }) + }) }) }) diff --git a/pkg/cfn/builder/karpenter.go b/pkg/cfn/builder/karpenter.go index f5199f6842..3982598ac5 100644 --- a/pkg/cfn/builder/karpenter.go +++ b/pkg/cfn/builder/karpenter.go @@ -50,13 +50,18 @@ const ( ec2DescribeImages = "ec2:DescribeImages" ec2DescribeSpotPriceHistory = "ec2:DescribeSpotPriceHistory" // IAM - iamPassRole = "iam:PassRole" - iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole" - iamGetInstanceProfile = "iam:GetInstanceProfile" - iamCreateInstanceProfile = "iam:CreateInstanceProfile" - iamDeleteInstanceProfile = "iam:DeleteInstanceProfile" - iamTagInstanceProfile = "iam:TagInstanceProfile" - iamAddRoleToInstanceProfile = "iam:AddRoleToInstanceProfile" + iamPassRole = "iam:PassRole" + iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole" + iamGetInstanceProfile = "iam:GetInstanceProfile" + iamCreateInstanceProfile = "iam:CreateInstanceProfile" + iamDeleteInstanceProfile = "iam:DeleteInstanceProfile" + iamTagInstanceProfile = "iam:TagInstanceProfile" + iamAddRoleToInstanceProfile = "iam:AddRoleToInstanceProfile" + iamRemoveRoleFromInstanceProfile = "iam:RemoveRoleFromInstanceProfile" + iamListInstanceProfiles = "iam:ListInstanceProfiles" + iamListInstanceProfilesForRole = "iam:ListInstanceProfilesForRole" + // EKS + eksDescribeCluster = "eks:DescribeCluster" // SSM ssmGetParameter = "ssm:GetParameter" // Pricing @@ -177,6 +182,10 @@ func (k *KarpenterResourceSet) addResourcesForKarpenter() error { iamDeleteInstanceProfile, iamTagInstanceProfile, iamAddRoleToInstanceProfile, + iamRemoveRoleFromInstanceProfile, + iamListInstanceProfiles, + iamListInstanceProfilesForRole, + eksDescribeCluster, ssmGetParameter, pricingGetProducts, }, diff --git a/pkg/cfn/builder/karpenter_test.go b/pkg/cfn/builder/karpenter_test.go index 1acfbc9269..f68aec3baa 100644 --- a/pkg/cfn/builder/karpenter_test.go +++ b/pkg/cfn/builder/karpenter_test.go @@ -144,6 +144,10 @@ var expectedTemplate = `{ "iam:DeleteInstanceProfile", "iam:TagInstanceProfile", "iam:AddRoleToInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:ListInstanceProfiles", + "iam:ListInstanceProfilesForRole", + "eks:DescribeCluster", "ssm:GetParameter", "pricing:GetProducts" ], @@ -300,6 +304,10 @@ var expectedTemplateWithPermissionBoundary = `{ "iam:DeleteInstanceProfile", "iam:TagInstanceProfile", "iam:AddRoleToInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:ListInstanceProfiles", + "iam:ListInstanceProfilesForRole", + "eks:DescribeCluster", "ssm:GetParameter", "pricing:GetProducts" ], @@ -481,6 +489,10 @@ var expectedTemplateWithSpotInterruptionQueue = `{ "iam:DeleteInstanceProfile", "iam:TagInstanceProfile", "iam:AddRoleToInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:ListInstanceProfiles", + "iam:ListInstanceProfilesForRole", + "eks:DescribeCluster", "ssm:GetParameter", "pricing:GetProducts" ], diff --git a/pkg/cfn/builder/vpc_ipv4.go b/pkg/cfn/builder/vpc_ipv4.go index 911d84cecc..1fd6202c79 100644 --- a/pkg/cfn/builder/vpc_ipv4.go +++ b/pkg/cfn/builder/vpc_ipv4.go @@ -299,6 +299,14 @@ func (v *IPv4VPCResourceSet) addSubnets(refRT *gfnt.Value, topology api.SubnetTo Key: gfnt.NewString("kubernetes.io/role/internal-elb"), Value: gfnt.NewString("1"), }} + if v.clusterConfig.Karpenter != nil && v.clusterConfig.Karpenter.Version != "" { + if discoveryValue, ok := v.clusterConfig.Metadata.Tags["karpenter.sh/discovery"]; ok { + subnet.Tags = append(subnet.Tags, gfncfn.Tag{ + Key: gfnt.NewString("karpenter.sh/discovery"), + Value: gfnt.NewString(discoveryValue), + }) + } + } case api.SubnetTopologyPublic: subnet.Tags = []gfncfn.Tag{{ Key: gfnt.NewString("kubernetes.io/role/elb"), diff --git a/pkg/cfn/builder/vpc_ipv4_test.go b/pkg/cfn/builder/vpc_ipv4_test.go index a1a7e1acfd..9dff9ed43a 100644 --- a/pkg/cfn/builder/vpc_ipv4_test.go +++ b/pkg/cfn/builder/vpc_ipv4_test.go @@ -168,6 +168,34 @@ var _ = Describe("VPC Template Builder", func() { Expect(vpcTemplate.Resources[rtaPrivateB].Properties.RouteTableID).To(Equal(makeRef(privRouteTableB))) }) + Context("when Karpenter is enabled with discovery tag", func() { + BeforeEach(func() { + cfg.Karpenter = &api.Karpenter{ + Version: "1.9.0", + } + cfg.Metadata.Tags = map[string]string{ + "karpenter.sh/discovery": "test-cluster", + } + }) + + It("adds karpenter.sh/discovery tag to private subnets", func() { + Expect(vpcTemplate.Resources[privateSubnetRef1].Properties.Tags[0].Key).To(Equal("kubernetes.io/role/internal-elb")) + Expect(vpcTemplate.Resources[privateSubnetRef1].Properties.Tags[0].Value).To(Equal("1")) + Expect(vpcTemplate.Resources[privateSubnetRef1].Properties.Tags[1].Key).To(Equal("karpenter.sh/discovery")) + Expect(vpcTemplate.Resources[privateSubnetRef1].Properties.Tags[1].Value).To(Equal("test-cluster")) + + Expect(vpcTemplate.Resources[privateSubnetRef2].Properties.Tags[0].Key).To(Equal("kubernetes.io/role/internal-elb")) + Expect(vpcTemplate.Resources[privateSubnetRef2].Properties.Tags[0].Value).To(Equal("1")) + Expect(vpcTemplate.Resources[privateSubnetRef2].Properties.Tags[1].Key).To(Equal("karpenter.sh/discovery")) + Expect(vpcTemplate.Resources[privateSubnetRef2].Properties.Tags[1].Value).To(Equal("test-cluster")) + }) + + It("does not add karpenter.sh/discovery tag to public subnets", func() { + Expect(vpcTemplate.Resources[publicSubnetRef1].Properties.Tags[0].Key).To(Equal("kubernetes.io/role/elb")) + Expect(vpcTemplate.Resources[publicSubnetRef1].Properties.Tags).To(HaveLen(2)) // elb + Name only + }) + }) + Context("highly available nat is set", func() { BeforeEach(func() { *cfg.VPC.NAT.Gateway = api.ClusterHighlyAvailableNAT diff --git a/pkg/cfn/builder/vpc_ipv6.go b/pkg/cfn/builder/vpc_ipv6.go index 9f88a4972f..7ff9daa429 100644 --- a/pkg/cfn/builder/vpc_ipv6.go +++ b/pkg/cfn/builder/vpc_ipv6.go @@ -205,6 +205,14 @@ func (v *IPv6VPCResourceSet) createSubnet(az, azFormatted string, i, cidrPartiti Value: gfnt.NewString("1"), }}, } + if private && v.clusterConfig.Karpenter != nil && v.clusterConfig.Karpenter.Version != "" { + if discoveryValue, ok := v.clusterConfig.Metadata.Tags["karpenter.sh/discovery"]; ok { + subnet.Tags = append(subnet.Tags, cloudformation.Tag{ + Key: gfnt.NewString("karpenter.sh/discovery"), + Value: gfnt.NewString(discoveryValue), + }) + } + } maybeSetHostnameType(v.clusterConfig.VPC, subnet) return v.rs.newResource(subnetKey, subnet) diff --git a/pkg/cfn/builder/vpc_ipv6_test.go b/pkg/cfn/builder/vpc_ipv6_test.go index ef80b52471..9d2ca3a0b8 100644 --- a/pkg/cfn/builder/vpc_ipv6_test.go +++ b/pkg/cfn/builder/vpc_ipv6_test.go @@ -687,6 +687,41 @@ var _ = Describe("IPv6 VPC builder", func() { })) }) }) + + Context("when Karpenter is enabled with discovery tag", func() { + BeforeEach(func() { + cfg.Karpenter = &api.Karpenter{ + Version: "1.9.0", + } + cfg.Metadata.Tags = map[string]string{ + "karpenter.sh/discovery": "test-cluster", + } + }) + + It("adds karpenter.sh/discovery tag to private subnets only", func() { + vpcRs := builder.NewIPv6VPCResourceSet(builder.NewRS(), cfg, nil) + vpcTemplate, err := createAndRenderTemplate(vpcRs) + Expect(err).NotTo(HaveOccurred()) + + privateSubnetA := builder.PrivateSubnetKey + azAFormatted + Expect(vpcTemplate.Resources[privateSubnetA].Properties.Tags).To(ContainElement(fakes.Tag{ + Key: "karpenter.sh/discovery", + Value: "test-cluster", + })) + + privateSubnetB := builder.PrivateSubnetKey + azBFormatted + Expect(vpcTemplate.Resources[privateSubnetB].Properties.Tags).To(ContainElement(fakes.Tag{ + Key: "karpenter.sh/discovery", + Value: "test-cluster", + })) + + publicSubnetA := builder.PublicSubnetKey + azAFormatted + Expect(vpcTemplate.Resources[publicSubnetA].Properties.Tags).NotTo(ContainElement(fakes.Tag{ + Key: "karpenter.sh/discovery", + Value: "test-cluster", + })) + }) + }) }) func createAndRenderTemplate(vpcRs *builder.IPv6VPCResourceSet) (*fakes.FakeTemplate, error) {