kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use sets for ebscsidriver permissions

This commit is contained in:
Ole Markus With 2021-07-01 08:51:08 +02:00
parent d8bf4dcae1
commit 19833e6b73
56 changed files with 1534 additions and 2433 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/components/addonmanifests/awsebscsidriver/iam.go
View File

@ -36,7 +36,7 @@ func (r *ServiceAccount) BuildAWSPolicy(b *iam.PolicyBuilder) (*iam.Policy, erro
p := iam.NewPolicy(clusterName)
addSnapshotControllerPermissions := b.Cluster.Spec.SnapshotController != nil && fi.BoolValue(b.Cluster.Spec.SnapshotController.Enabled)
iam.AddAWSEBSCSIDriverPermissions(p, b.Cluster.ObjectMeta.Name, addSnapshotControllerPermissions)
iam.AddAWSEBSCSIDriverPermissions(p, addSnapshotControllerPermissions)
return p, nil
}

111
pkg/model/iam/iam_builder.go
View File

@ -317,9 +317,7 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
resource := createResource(b)
clusterName := b.Cluster.GetName()
p := &Policy{
Version: PolicyDefaultVersion,
}
p := NewPolicy(clusterName)
AddMasterEC2Policies(p, resource, b.Cluster.GetName())
addASLifecyclePolicies(p, resource, b.Cluster.GetName(), true)
@ -343,7 +341,7 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
if !b.UseServiceAccountIAM {
esc := b.Cluster.Spec.SnapshotController != nil &&
fi.BoolValue(b.Cluster.Spec.SnapshotController.Enabled)
AddAWSEBSCSIDriverPermissions(p, clusterName, esc)
AddAWSEBSCSIDriverPermissions(p, esc)
if b.Cluster.Spec.AWSLoadBalancerController != nil && fi.BoolValue(b.Cluster.Spec.AWSLoadBalancerController.Enabled) {
AddAWSLoadbalancerControllerPermissions(p, resource, b.Cluster.GetName())
@ -377,7 +375,7 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
}
if b.Cluster.Spec.SnapshotController != nil && fi.BoolValue(b.Cluster.Spec.SnapshotController.Enabled) {
addSnapshotPersmissions(p, b.Cluster.GetName())
addSnapshotPersmissions(p)
}
return p, nil
}
@ -829,54 +827,38 @@ func AddClusterAutoscalerPermissions(p *Policy, clusterName string) {
}
// AddAWSEBSCSIDriverPermissions appens policy statements that the AWS EBS CSI Driver needs to operate.
func AddAWSEBSCSIDriverPermissions(p *Policy, clusterName string, appendSnapshotPermissions bool) {
everything := stringorslice.String("*")
func AddAWSEBSCSIDriverPermissions(p *Policy, appendSnapshotPermissions bool) {
if appendSnapshotPermissions {
addSnapshotPersmissions(p, clusterName)
addSnapshotPersmissions(p)
}
p.unconditionalAction.Insert(
"ec2:DescribeAccountAttributes", // aws.go
"ec2:DescribeInstances", // aws.go
"ec2:DescribeVolumes", // aws.go
"ec2:DescribeVolumesModifications", // aws.go
"ec2:DescribeTags", // aws.go
)
p.clusterTaggedAction.Insert(
"ec2:ModifyVolume", // aws.go
"ec2:ModifyInstanceAttribute", // aws.go
"ec2:AttachVolume", // aws.go
"ec2:DeleteVolume", // aws.go
"ec2:DetachVolume", // aws.go
)
p.Statement = append(p.Statement,
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:DescribeAccountAttributes", // aws.go
"ec2:DescribeInstances", // aws.go
"ec2:DescribeVolumes", // aws.go
"ec2:DescribeVolumesModifications", // aws.go
"ec2:DescribeTags", // aws.go
}),
Resource: everything,
},
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:CreateVolume", // aws.go
}),
Resource: everything,
Resource: stringorslice.String("*"),
Condition: Condition{
"StringEquals": map[string]string{
"aws:RequestTag/KubernetesCluster": clusterName,
},
},
},
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"ec2:ModifyVolume", // aws.go
"ec2:ModifyInstanceAttribute", // aws.go
"ec2:AttachVolume", // aws.go
"ec2:DeleteVolume", // aws.go
"ec2:DetachVolume", // aws.go
}),
Resource: everything,
Condition: Condition{
"StringEquals": map[string]string{
"aws:ResourceTag/KubernetesCluster": clusterName,
"aws:RequestTag/KubernetesCluster": p.clusterName,
},
},
},
@ -916,51 +898,22 @@ func AddAWSEBSCSIDriverPermissions(p *Policy, clusterName string, appendSnapshot
),
Condition: Condition{
"StringEquals": map[string]string{
"ec2:ResourceTag/KubernetesCluster": clusterName,
},
},
},
&Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Of(
"ec2:AttachVolume", // aws.go
"ec2:DeleteVolume", // aws.go
"ec2:DetachVolume", // aws.go
"ec2:RevokeSecurityGroupIngress", // aws.go
),
Resource: everything,
Condition: Condition{
"StringEquals": map[string]string{
"ec2:ResourceTag/KubernetesCluster": clusterName,
"aws:ResourceTag/KubernetesCluster": p.clusterName,
},
},
},
)
}
func addSnapshotPersmissions(p *Policy, clusterName string) {
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Of(
"ec2:CreateSnapshot",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSnapshots",
),
Resource: stringorslice.Slice([]string{"*"}),
})
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Of(
"ec2:DeleteSnapshot",
),
Resource: stringorslice.Slice([]string{"*"}),
Condition: Condition{
"StringEquals": map[string]string{
"aws:ResourceTag/KubernetesCluster": clusterName,
},
},
})
func addSnapshotPersmissions(p *Policy) {
p.unconditionalAction.Insert(
"ec2:CreateSnapshot",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSnapshots",
)
p.clusterTaggedAction.Insert(
"ec2:DeleteSnapshot",
)
}

71
pkg/model/iam/tests/iam_builder_master_strict.json
View File

@ -189,17 +189,6 @@
"key-id-3"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -212,22 +201,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -248,7 +221,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
@ -257,21 +230,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -297,6 +255,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
pkg/model/iam/tests/iam_builder_master_strict_ecr.json
View File

@ -189,17 +189,6 @@
"key-id-3"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -212,22 +201,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -248,7 +221,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
@ -257,21 +230,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -312,6 +270,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/apiservernodes/cloudformation.json
View File

@ -1439,17 +1439,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1462,22 +1451,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1498,7 +1471,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -1507,21 +1480,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1547,6 +1505,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "bastionuserdata.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "bastionuserdata.example.com"
"aws:ResourceTag/KubernetesCluster": "bastionuserdata.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "bastionuserdata.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "bastionuserdata.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -1749,17 +1749,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1772,22 +1761,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1808,7 +1781,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "complex.example.com"
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
@ -1817,21 +1790,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1857,6 +1815,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "complex.example.com"
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "compress.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "compress.example.com"
"aws:ResourceTag/KubernetesCluster": "compress.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "compress.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "compress.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/containerd-custom/cloudformation.json
View File

@ -1135,17 +1135,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1158,22 +1147,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1194,7 +1167,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "containerd.example.com"
"aws:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
@ -1203,21 +1176,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1243,6 +1201,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/containerd/cloudformation.json
View File

@ -1135,17 +1135,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1158,22 +1147,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1194,7 +1167,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "containerd.example.com"
"aws:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
@ -1203,21 +1176,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1243,6 +1201,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/docker-custom/cloudformation.json
View File

@ -1135,17 +1135,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1158,22 +1147,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "docker.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1194,7 +1167,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "docker.example.com"
"aws:ResourceTag/KubernetesCluster": "docker.example.com"
}
},
"Effect": "Allow",
@ -1203,21 +1176,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "docker.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1243,6 +1201,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "docker.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "existingsg.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "existingsg.example.com"
"aws:ResourceTag/KubernetesCluster": "existingsg.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "existingsg.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "existingsg.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/externallb/cloudformation.json
View File

@ -1151,17 +1151,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1174,22 +1163,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1210,7 +1183,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "externallb.example.com"
"aws:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
@ -1219,21 +1192,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1259,6 +1217,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "externallb.example.com"
"aws:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "externallb.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "externalpolicies.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "externalpolicies.example.com"
"aws:ResourceTag/KubernetesCluster": "externalpolicies.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "externalpolicies.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "externalpolicies.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "ha.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "ha.example.com"
"aws:ResourceTag/KubernetesCluster": "ha.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "ha.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "ha.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

91
tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -183,40 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:CreateSnapshot",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ec2:DeleteSnapshot",
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -229,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -265,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -274,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAvailabilityZones",
@ -391,25 +326,33 @@
{
"Action": [
"ec2:CreateSnapshot",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSnapshots"
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": [
"*"
]
"Resource": "*"
},
{
"Action": "ec2:DeleteSnapshot",
"Action": [
"ec2:AttachVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-etcd/cloudformation.json
View File

@ -1135,17 +1135,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1158,22 +1147,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-etcd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1194,7 +1167,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-etcd.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal-etcd.example.com"
}
},
"Effect": "Allow",
@ -1203,21 +1176,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-etcd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1243,6 +1201,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-etcd.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-gp3/cloudformation.json
View File

@ -1131,17 +1131,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1154,22 +1143,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1190,7 +1163,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -1199,21 +1172,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1239,6 +1197,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-ipv6/cloudformation.json
View File

@ -1312,17 +1312,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1335,22 +1324,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1371,7 +1344,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
@ -1380,21 +1353,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1420,6 +1378,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-ipv6.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-json.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-json.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal-json.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-json.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-json.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-warmpool.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-warmpool.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal-warmpool.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal-warmpool.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal-warmpool.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal/cloudformation.json
View File

@ -1135,17 +1135,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1158,22 +1147,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1194,7 +1167,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -1203,21 +1176,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1243,6 +1201,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy
View File

@ -154,17 +154,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -177,22 +166,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -213,7 +186,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.k8s.local"
"aws:ResourceTag/KubernetesCluster": "minimal.k8s.local"
}
},
"Effect": "Allow",
@ -222,21 +195,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -262,6 +220,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.k8s.local"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/mixed_instances/cloudformation.json
View File

@ -1854,17 +1854,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1877,22 +1866,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1913,7 +1886,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
@ -1922,21 +1895,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1962,6 +1920,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/mixed_instances_spot/cloudformation.json
View File

@ -1855,17 +1855,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1878,22 +1867,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1914,7 +1887,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
@ -1923,21 +1896,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1963,6 +1921,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/nth_sqs_resources/cloudformation.json
View File

@ -1245,17 +1245,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1268,22 +1257,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1304,7 +1277,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
"aws:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
@ -1313,21 +1286,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1365,6 +1323,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
"aws:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -303,6 +261,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "nthsqsresources.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/private-shared-ip/cloudformation.json
View File

@ -1655,17 +1655,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1678,22 +1667,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1714,7 +1687,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
"aws:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
@ -1723,21 +1696,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1763,6 +1721,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
"aws:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "private-shared-ip.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com"
"aws:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecalico/cloudformation.json
View File

@ -1811,17 +1811,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1834,22 +1823,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1870,7 +1843,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecalico.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
@ -1879,21 +1852,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1929,6 +1887,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecalico.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -301,6 +259,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecalico.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecanal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecanal.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecanal.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecanal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecanal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecilium/cloudformation.json
View File

@ -1797,17 +1797,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1820,22 +1809,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1856,7 +1829,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
@ -1865,21 +1838,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1905,6 +1863,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecilium2/cloudformation.json
View File

@ -1797,17 +1797,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1820,22 +1809,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1856,7 +1829,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
@ -1865,21 +1838,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1905,6 +1863,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatecilium.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privateciliumadvanced/cloudformation.json
View File

@ -1830,17 +1830,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -1853,22 +1842,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -1889,7 +1862,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
"aws:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
@ -1898,21 +1871,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -1958,6 +1916,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
"aws:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -311,6 +269,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatedns1.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatedns1.example.com"
"aws:ResourceTag/KubernetesCluster": "privatedns1.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatedns1.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatedns1.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatedns2.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatedns2.example.com"
"aws:ResourceTag/KubernetesCluster": "privatedns2.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatedns2.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatedns2.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateflannel.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateflannel.example.com"
"aws:ResourceTag/KubernetesCluster": "privateflannel.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateflannel.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateflannel.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatekopeio.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatekopeio.example.com"
"aws:ResourceTag/KubernetesCluster": "privatekopeio.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privatekopeio.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privatekopeio.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateweave.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateweave.example.com"
"aws:ResourceTag/KubernetesCluster": "privateweave.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "privateweave.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "privateweave.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "sharedsubnet.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "sharedsubnet.example.com"
"aws:ResourceTag/KubernetesCluster": "sharedsubnet.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "sharedsubnet.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "sharedsubnet.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "sharedvpc.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "sharedvpc.example.com"
"aws:ResourceTag/KubernetesCluster": "sharedvpc.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "sharedvpc.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "sharedvpc.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "unmanaged.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "unmanaged.example.com"
"aws:ResourceTag/KubernetesCluster": "unmanaged.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "unmanaged.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "unmanaged.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"

71
tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -183,17 +183,6 @@
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
@ -206,22 +195,6 @@
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifyVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
@ -242,7 +215,7 @@
"Action": "ec2:DeleteTags",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
@ -251,21 +224,6 @@
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
@ -291,6 +249,33 @@
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "minimal.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"