Skip to content

PCP-4952: EKS AL2023 Custom AMI with Dynamic Credentials(STS) Cluster… #980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 1, 2025
Merged

PCP-4952: EKS AL2023 Custom AMI with Dynamic Credentials(STS) Cluster… #980

merged 1 commit into from
Aug 1, 2025

Conversation

@AmitSahastra
Copy link

… Provisioning is failing (#979)

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Checklist:

  • squashed commits
  • includes documentation
  • includes emoji in title
  • adds unit tests
  • adds or updates e2e tests

Release note:

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Aug 1, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Gitleaks scan found potential secrets or sensitive information:

    • File: spectro/generated/core-global.yaml
    • Fingerprint: b687c16d8c38fb4a8a2c1c7f966173e52dc3763e:spectro/generated/core-global.yaml:aws-access-token:3706
    • File: spectro/generated/core-global.yaml
    • Fingerprint: b687c16d8c38fb4a8a2c1c7f966173e52dc3763e:spectro/generated/core-global.yaml:aws-access-token:3812
    • File: spectro/generated/core-global.yaml
    • Fingerprint: b687c16d8c38fb4a8a2c1c7f966173e52dc3763e:spectro/generated/core-global.yaml:generic-api-key:16196
    • File: spectro/generated/core-global.yaml
    • Fingerprint: 24c392cf5c536e0bb8d3be1e6205dd8968a453eb:spectro/generated/core-global.yaml:aws-access-token:3287
    • File: spectro/generated/core-global.yaml
    • Fingerprint: 24c392cf5c536e0bb8d3be1e6205dd8968a453eb:spectro/generated/core-global.yaml:aws-access-token:3394
    • File: spectro/generated/core-global.yaml
    • Fingerprint: 24c392cf5c536e0bb8d3be1e6205dd8968a453eb:spectro/generated/core-global.yaml:aws-access-token:3492

Please review these findings and remove any sensitive information before merging.

@spectro-prow
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: AmitSahastra, snehala27
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Aug 1, 2025
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoVulnCheck scan found vulnerabilities:

  1. GO-2025-3754
    • Module: github.com/cloudflare/circl
    • Found in: v1.3.7
    • Fixed in: v1.6.1
    • Example Traces:
      #1: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
      #2: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls goldilocks.init
      #3: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls x25519.init
      #4: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ecc.init
      #5: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ecc.init
  2. GO-2025-3595
    • Module: golang.org/x/net
    • Found in: v0.33.0
    • Fixed in: v0.38.0
    • Example Traces:
      #1: pkg/rosa/externalauthproviders.go:52:35: rosa.UpdateExternalAuth calls v1.Send, which eventually calls bluemonday.sanitize
  3. GO-2025-3553
    • Module: github.com/golang-jwt/jwt/v4
    • Found in: v4.5.1
    • Fixed in: v4.5.2
    • Example Traces:
      #1: pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build

Please review these findings and fix the issues before merging.

@AmitSahastra AmitSahastra merged commit e70422b into spectro-release-4.7 Aug 1, 2025
3 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bulwark-spectrocloud bulwark-spectrocloud[bot] bulwark-spectrocloud[bot] requested changes

@snehala27 snehala27 snehala27 approved these changes

@tiwarisumit3 tiwarisumit3 Awaiting requested review from tiwarisumit3

Assignees

No one assigned

Labels

size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AmitSahastra @spectro-prow @snehala27