Merge pull request #5154 from richardcase/fix_nlb_setsecuritygroups

🐛 fix: add missing permissions for nlb

Author: k8s-ci-robot

cmd/clusterawsadm/cloudformation/bootstrap/cloud_provider_integration_control_plane.go

@@ -67,6 +67,7 @@ func (t Template) cloudProviderControlPlaneAwsPolicy() *iamv1.PolicyDocument {
 					"elasticloadbalancing:AddTags",
 					"elasticloadbalancing:AttachLoadBalancerToSubnets",
 					"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+					"elasticloadbalancing:SetSecurityGroups",
 					"elasticloadbalancing:CreateLoadBalancer",
 					"elasticloadbalancing:CreateLoadBalancerPolicy",
 					"elasticloadbalancing:CreateLoadBalancerListeners",

cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go

@@ -161,6 +161,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 				"elasticloadbalancing:DescribeLoadBalancerAttributes",
 				"elasticloadbalancing:DescribeTargetGroups",
 				"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+				"elasticloadbalancing:SetSecurityGroups",
 				"elasticloadbalancing:DescribeTags",
 				"elasticloadbalancing:ModifyLoadBalancerAttributes",
 				"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
@@ -415,15 +416,17 @@ func (t Template) ControllersPolicyEKS() *iamv1.PolicyDocument {
 				"arn:*:iam::*:role/*",
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"iam:GetPolicy",
 			},
 			Resource: iamv1.Resources{
 				t.generateAWSManagedPolicyARN(eksClusterPolicyName),
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"eks:DescribeCluster",
 				"eks:ListClusters",
@@ -449,7 +452,8 @@ func (t Template) ControllersPolicyEKS() *iamv1.PolicyDocument {
 				"arn:*:eks:*:*:nodegroup/*/*/*",
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"ec2:AssociateVpcCidrBlock",
 				"ec2:DisassociateVpcCidrBlock",
@@ -468,7 +472,8 @@ func (t Template) ControllersPolicyEKS() *iamv1.PolicyDocument {
 				"*",
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"iam:PassRole",
 			},

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -220,6 +221,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -220,6 +221,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -226,6 +227,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -220,6 +221,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml

@@ -57,6 +57,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -226,6 +227,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml

@@ -57,6 +57,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -226,6 +227,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -220,6 +221,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -220,6 +221,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer