From 1ec0bd18e86b881d6ef0304def5ba7108681cb52 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Sun, 18 Apr 2021 19:47:14 +0200 Subject: [PATCH] Enable support for the ASG WarmPool lifecycle hook Update pkg/model/iam/iam_builder.go Co-authored-by: Ciprian Hacman --- k8s/crds/kops.k8s.io_instancegroups.yaml | 6 +++ pkg/apis/kops/instancegroup.go | 3 ++ pkg/apis/kops/v1alpha2/instancegroup.go | 3 ++ .../kops/v1alpha2/zz_generated.conversion.go | 2 + pkg/model/alimodel/policy_builder.go | 2 +- pkg/model/awsmodel/autoscalinggroup.go | 21 ++++++++++ pkg/model/gcemodel/autoscalinggroup.go | 2 +- pkg/model/gcemodel/storageacl.go | 2 +- pkg/model/iam.go | 20 ++++++++- pkg/model/iam/iam_builder.go | 31 ++++++++++++-- pkg/model/iam/subject.go | 12 ++++-- .../iam/tests/iam_builder_master_legacy.json | 26 ++++++++++++ .../iam/tests/iam_builder_master_strict.json | 26 ++++++++++++ .../tests/iam_builder_master_strict_ecr.json | 26 ++++++++++++ .../apiservernodes/cloudformation.json | 26 ++++++++++++ ..._policy_masters.minimal.example.com_policy | 26 ++++++++++++ ...masters.bastionuserdata.example.com_policy | 26 ++++++++++++ .../complex/cloudformation.json | 26 ++++++++++++ ..._policy_masters.complex.example.com_policy | 26 ++++++++++++ ...policy_masters.compress.example.com_policy | 26 ++++++++++++ .../containerd-custom/cloudformation.json | 26 ++++++++++++ .../containerd/cloudformation.json | 26 ++++++++++++ .../docker-custom/cloudformation.json | 26 ++++++++++++ ...licy_masters.existingsg.example.com_policy | 26 ++++++++++++ .../externallb/cloudformation.json | 26 ++++++++++++ ...licy_masters.externallb.example.com_policy | 26 ++++++++++++ ...asters.externalpolicies.example.com_policy | 26 ++++++++++++ ..._role_policy_masters.ha.example.com_policy | 26 ++++++++++++ .../cloudformation.json | 26 ++++++++++++ .../minimal-gp3/cloudformation.json | 26 ++++++++++++ ..._policy_masters.minimal.example.com_policy | 26 ++++++++++++ ...cy_masters.minimal-json.example.com_policy | 26 ++++++++++++ ..._policy_masters.minimal.example.com_policy | 26 ++++++++++++ .../mixed_instances/cloudformation.json | 26 ++++++++++++ ..._masters.mixedinstances.example.com_policy | 26 ++++++++++++ .../mixed_instances_spot/cloudformation.json | 26 ++++++++++++ ..._masters.mixedinstances.example.com_policy | 26 ++++++++++++ .../nth_sqs_resources/cloudformation.json | 26 ++++++++++++ ...masters.nthsqsresources.example.com_policy | 26 ++++++++++++ .../private-shared-ip/cloudformation.json | 26 ++++++++++++ ...sters.private-shared-ip.example.com_policy | 26 ++++++++++++ ...s.private-shared-subnet.example.com_policy | 26 ++++++++++++ .../privatecalico/cloudformation.json | 26 ++++++++++++ ...y_masters.privatecalico.example.com_policy | 26 ++++++++++++ ...cy_masters.privatecanal.example.com_policy | 26 ++++++++++++ .../privatecilium/cloudformation.json | 26 ++++++++++++ ...y_masters.privatecilium.example.com_policy | 26 ++++++++++++ .../privatecilium2/cloudformation.json | 26 ++++++++++++ ...y_masters.privatecilium.example.com_policy | 26 ++++++++++++ .../privateciliumadvanced/cloudformation.json | 26 ++++++++++++ ...s.privateciliumadvanced.example.com_policy | 26 ++++++++++++ ...icy_masters.privatedns1.example.com_policy | 26 ++++++++++++ ...icy_masters.privatedns2.example.com_policy | 26 ++++++++++++ ..._masters.privateflannel.example.com_policy | 26 ++++++++++++ ...y_masters.privatekopeio.example.com_policy | 26 ++++++++++++ ...cy_masters.privateweave.example.com_policy | 26 ++++++++++++ ..._policy_masters.minimal.example.com_policy | 26 ++++++++++++ ...cy_masters.sharedsubnet.example.com_policy | 26 ++++++++++++ ...olicy_masters.sharedvpc.example.com_policy | 26 ++++++++++++ ...olicy_masters.unmanaged.example.com_policy | 26 ++++++++++++ .../autoscalinggroup_lifecyclehook.go | 10 ++--- upup/pkg/fi/nodeup/command.go | 42 +++++++++++++++++-- 62 files changed, 1411 insertions(+), 19 deletions(-) diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml index e09a0ea57c..ff6f19f71d 100644 --- a/k8s/crds/kops.k8s.io_instancegroups.yaml +++ b/k8s/crds/kops.k8s.io_instancegroups.yaml @@ -906,6 +906,12 @@ spec: description: WarmPool configures an ASG warm pool for the instance group properties: + enableLifecycleHook: + description: EnableLifecyleHook determines if an ASG lifecycle + hook will be added ensuring that nodeup runs to completion. + Note that the metadata API must be protected from arbitrary + Pods when this is enabled. + type: boolean maxSize: description: MaxSize is the maximum size of the warm pool. The desired size of the instance group is subtracted from this number diff --git a/pkg/apis/kops/instancegroup.go b/pkg/apis/kops/instancegroup.go index b94cf50b41..231091a738 100644 --- a/pkg/apis/kops/instancegroup.go +++ b/pkg/apis/kops/instancegroup.go @@ -194,6 +194,9 @@ type WarmPoolSpec struct { // (unless the resulting number is smaller than MinSize). // The default is the instance group's MaxSize. MaxSize *int64 `json:"maxSize,omitempty"` + // EnableLifecyleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. + // Note that the metadata API must be protected from arbitrary Pods when this is enabled. + EnableLifecyleHook bool `json:"enableLifecycleHook,omitempty"` } const ( diff --git a/pkg/apis/kops/v1alpha2/instancegroup.go b/pkg/apis/kops/v1alpha2/instancegroup.go index 5ae80f6ee0..92b3f3f464 100644 --- a/pkg/apis/kops/v1alpha2/instancegroup.go +++ b/pkg/apis/kops/v1alpha2/instancegroup.go @@ -159,6 +159,9 @@ type WarmPoolSpec struct { // (unless the resulting number is smaller than MinSize). // The default is the instance group's MaxSize. MaxSize *int64 `json:"maxSize,omitempty"` + // EnableLifecyleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. + // Note that the metadata API must be protected from arbitrary Pods when this is enabled. + EnableLifecyleHook bool `json:"enableLifecycleHook,omitempty"` } // InstanceMetadataOptions defines the EC2 instance metadata service options (AWS Only) diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index d6a4870ffa..b9c66bed81 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -6411,6 +6411,7 @@ func Convert_kops_VolumeSpec_To_v1alpha2_VolumeSpec(in *kops.VolumeSpec, out *Vo func autoConvert_v1alpha2_WarmPoolSpec_To_kops_WarmPoolSpec(in *WarmPoolSpec, out *kops.WarmPoolSpec, s conversion.Scope) error { out.MinSize = in.MinSize out.MaxSize = in.MaxSize + out.EnableLifecyleHook = in.EnableLifecyleHook return nil } @@ -6422,6 +6423,7 @@ func Convert_v1alpha2_WarmPoolSpec_To_kops_WarmPoolSpec(in *WarmPoolSpec, out *k func autoConvert_kops_WarmPoolSpec_To_v1alpha2_WarmPoolSpec(in *kops.WarmPoolSpec, out *WarmPoolSpec, s conversion.Scope) error { out.MinSize = in.MinSize out.MaxSize = in.MaxSize + out.EnableLifecyleHook = in.EnableLifecyleHook return nil } diff --git a/pkg/model/alimodel/policy_builder.go b/pkg/model/alimodel/policy_builder.go index 2460e1245c..a47f7d1364 100644 --- a/pkg/model/alimodel/policy_builder.go +++ b/pkg/model/alimodel/policy_builder.go @@ -329,7 +329,7 @@ func (b *PolicyBuilder) AddOSSPermissions(p *Policy) (*Policy, error) { } } - nodeRole, err := iam.BuildNodeRoleSubject(b.Role) + nodeRole, err := iam.BuildNodeRoleSubject(b.Role, false) if err != nil { return nil, err } diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index 2df46a0f41..da1cf999eb 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -21,6 +21,7 @@ import ( "sort" "strings" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ec2" "k8s.io/klog/v2" "k8s.io/kops/pkg/apis/kops" @@ -96,6 +97,26 @@ func (b *AutoscalingGroupModelBuilder) Build(c *fi.ModelBuilderContext) error { if warmPool != nil { warmPoolTask.MinSize = warmPool.MinSize warmPoolTask.MaxSize = warmPool.MaxSize + + if warmPool.EnableLifecyleHook { + name := "kops-warmpool" + + lifecyleTask := &awstasks.AutoscalingLifecycleHook{ + ID: aws.String(name), + Name: aws.String(name), + Lifecycle: b.Lifecycle, + AutoscalingGroup: b.LinkToAutoscalingGroup(ig), + DefaultResult: aws.String("ABANDON"), + // We let nodeup have 10 min to complete. Normally this should happen much faster, + // but CP nodes need 5 min or so to start on new clusters, and we need to wait for that. + HeartbeatTimeout: aws.Int64(600), + LifecycleTransition: aws.String("autoscaling:EC2_INSTANCE_LAUNCHING"), + } + + c.AddTask(lifecyleTask) + + } + } c.AddTask(warmPoolTask) } diff --git a/pkg/model/gcemodel/autoscalinggroup.go b/pkg/model/gcemodel/autoscalinggroup.go index 860636f763..c4122b3bfa 100644 --- a/pkg/model/gcemodel/autoscalinggroup.go +++ b/pkg/model/gcemodel/autoscalinggroup.go @@ -100,7 +100,7 @@ func (b *AutoscalingGroupModelBuilder) buildInstanceTemplate(c *fi.ModelBuilderC }, } - nodeRole, err := iam.BuildNodeRoleSubject(ig.Spec.Role) + nodeRole, err := iam.BuildNodeRoleSubject(ig.Spec.Role, false) if err != nil { return nil, err } diff --git a/pkg/model/gcemodel/storageacl.go b/pkg/model/gcemodel/storageacl.go index aef69df90d..ce9de3d806 100644 --- a/pkg/model/gcemodel/storageacl.go +++ b/pkg/model/gcemodel/storageacl.go @@ -68,7 +68,7 @@ func (b *StorageAclBuilder) Build(c *fi.ModelBuilderContext) error { } klog.Warningf("we need to split master / node roles") - nodeRole, err := iam.BuildNodeRoleSubject(kops.InstanceGroupRoleMaster) + nodeRole, err := iam.BuildNodeRoleSubject(kops.InstanceGroupRoleMaster, false) if err != nil { return err } diff --git a/pkg/model/iam.go b/pkg/model/iam.go index 777a8a4ebe..4de8344288 100644 --- a/pkg/model/iam.go +++ b/pkg/model/iam.go @@ -75,7 +75,15 @@ func (b *IAMModelBuilder) Build(c *fi.ModelBuilderContext) error { // Generate IAM tasks for each shared role for profileARN, igRole := range sharedProfileARNsToIGRole { - role, err := iam.BuildNodeRoleSubject(igRole) + lchPermissions := false + for _, ig := range b.InstanceGroups { + if ig.Spec.Role == igRole && ig.Spec.WarmPool != nil && ig.Spec.WarmPool.EnableLifecyleHook { + lchPermissions = true + break + + } + } + role, err := iam.BuildNodeRoleSubject(igRole, lchPermissions) if err != nil { return err } @@ -92,7 +100,15 @@ func (b *IAMModelBuilder) Build(c *fi.ModelBuilderContext) error { // Generate IAM tasks for each managed role for igRole := range managedRoles { - role, err := iam.BuildNodeRoleSubject(igRole) + warmPool := false + for _, ig := range b.InstanceGroups { + if ig.Spec.Role == igRole && ig.Spec.WarmPool != nil && ig.Spec.WarmPool.EnableLifecyleHook { + warmPool = true + break + + } + } + role, err := iam.BuildNodeRoleSubject(igRole, warmPool) if err != nil { return err } diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go index b0e7945426..4b75f0d799 100644 --- a/pkg/model/iam/iam_builder.go +++ b/pkg/model/iam/iam_builder.go @@ -245,7 +245,7 @@ func (r *NodeRoleAPIServer) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) { } addMasterEC2Policies(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName()) - addASLifecyclePolicies(p, resource, b.Cluster.GetName()) + addASLifecyclePolicies(p, resource, b.Cluster.GetName(), r.warmPool) addCertIAMPolicies(p, resource) var err error @@ -293,6 +293,7 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) { } addMasterEC2Policies(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName()) + addASLifecyclePolicies(p, resource, b.Cluster.GetName(), true) addMasterASPolicies(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName()) addMasterELBPolicies(p, resource, b.Cluster.Spec.IAM.Legacy) addCertIAMPolicies(p, resource) @@ -354,7 +355,7 @@ func (r *NodeRoleNode) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) { } addNodeEC2Policies(p, resource) - addASLifecyclePolicies(p, resource, b.Cluster.GetName()) + addASLifecyclePolicies(p, resource, b.Cluster.GetName(), r.enableLifecycleHookPermissions) var err error if p, err = b.AddS3Permissions(p); err != nil { @@ -1033,8 +1034,32 @@ func addMasterASPolicies(p *Policy, resource stringorslice.StringOrSlice, legacy } } -func addASLifecyclePolicies(p *Policy, resource stringorslice.StringOrSlice, clusterName string) { +func addASLifecyclePolicies(p *Policy, resource stringorslice.StringOrSlice, clusterName string, enableHookSupport bool) { + if enableHookSupport { + p.Statement = append(p.Statement, + &Statement{ + Effect: StatementEffectAllow, + Action: stringorslice.Of( + "autoscaling:CompleteLifecycleAction", // aws_manager.go + ), + Resource: resource, + Condition: Condition{ + "StringEquals": map[string]string{ + "autoscaling:ResourceTag/KubernetesCluster": clusterName, + }, + }, + }, + &Statement{ + Effect: StatementEffectAllow, + Action: stringorslice.Of( + "autoscaling:DescribeLifecycleHooks", + ), + Resource: resource, + }, + ) + } p.Statement = append(p.Statement, + &Statement{ Effect: StatementEffectAllow, Action: stringorslice.Of( diff --git a/pkg/model/iam/subject.go b/pkg/model/iam/subject.go index acb9a955ac..a1f94d569c 100644 --- a/pkg/model/iam/subject.go +++ b/pkg/model/iam/subject.go @@ -51,6 +51,7 @@ func (_ *NodeRoleMaster) ServiceAccount() (types.NamespacedName, bool) { // NodeRoleAPIServer represents the role of API server-only nodes, and implements Subject. type NodeRoleAPIServer struct { + warmPool bool } // ServiceAccount implements Subject. @@ -60,6 +61,7 @@ func (_ *NodeRoleAPIServer) ServiceAccount() (types.NamespacedName, bool) { // NodeRoleNode represents the role of normal ("worker") nodes, and implements Subject. type NodeRoleNode struct { + enableLifecycleHookPermissions bool } // ServiceAccount implements Subject. @@ -77,14 +79,18 @@ func (_ *NodeRoleBastion) ServiceAccount() (types.NamespacedName, bool) { } // BuildNodeRoleSubject returns a Subject implementation for the specified InstanceGroupRole. -func BuildNodeRoleSubject(igRole kops.InstanceGroupRole) (Subject, error) { +func BuildNodeRoleSubject(igRole kops.InstanceGroupRole, enableLifecycleHookPermissions bool) (Subject, error) { switch igRole { case kops.InstanceGroupRoleMaster: return &NodeRoleMaster{}, nil case kops.InstanceGroupRoleAPIServer: - return &NodeRoleAPIServer{}, nil + return &NodeRoleAPIServer{ + warmPool: enableLifecycleHookPermissions, + }, nil case kops.InstanceGroupRoleNode: - return &NodeRoleNode{}, nil + return &NodeRoleNode{ + enableLifecycleHookPermissions: enableLifecycleHookPermissions, + }, nil case kops.InstanceGroupRoleBastion: return &NodeRoleBastion{}, nil default: diff --git a/pkg/model/iam/tests/iam_builder_master_legacy.json b/pkg/model/iam/tests/iam_builder_master_legacy.json index f93660738d..ae924ef586 100644 --- a/pkg/model/iam/tests/iam_builder_master_legacy.json +++ b/pkg/model/iam/tests/iam_builder_master_legacy.json @@ -9,6 +9,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/pkg/model/iam/tests/iam_builder_master_strict.json b/pkg/model/iam/tests/iam_builder_master_strict.json index dbf876c920..bf7989c7d2 100644 --- a/pkg/model/iam/tests/iam_builder_master_strict.json +++ b/pkg/model/iam/tests/iam_builder_master_strict.json @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json index 54cbf99fa1..dc3545d9b8 100644 --- a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json +++ b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/apiservernodes/cloudformation.json b/tests/integration/update_cluster/apiservernodes/cloudformation.json index 0a3df946d9..41585f618b 100644 --- a/tests/integration/update_cluster/apiservernodes/cloudformation.json +++ b/tests/integration/update_cluster/apiservernodes/cloudformation.json @@ -1244,6 +1244,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy index e1cc0628a8..1e058a4259 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy index 8e5fc57842..bdda18dff7 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "bastionuserdata.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index 24410b42c7..7ac9701e90 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -1619,6 +1619,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "complex.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy index a84baf0868..f0d898c0b0 100644 --- a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy +++ b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "complex.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy index 8d3a73caba..13514b23f6 100644 --- a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy +++ b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "compress.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json b/tests/integration/update_cluster/containerd-custom/cloudformation.json index 434880b6bc..ed2336b013 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json @@ -946,6 +946,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "containerd.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/containerd/cloudformation.json b/tests/integration/update_cluster/containerd/cloudformation.json index 434880b6bc..ed2336b013 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json +++ b/tests/integration/update_cluster/containerd/cloudformation.json @@ -946,6 +946,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "containerd.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json b/tests/integration/update_cluster/docker-custom/cloudformation.json index 1822897f3c..08854f8133 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json @@ -946,6 +946,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "docker.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy index 7ce39be2e7..b6a46c1f73 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy +++ b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "existingsg.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index 87a68a76e4..ebc9a10ba1 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -962,6 +962,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "externallb.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy index 0f926d7744..1e53d6581f 100644 --- a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy +++ b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "externallb.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy index c4b531ca21..e8f0ffe562 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy +++ b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "externalpolicies.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy index 0c7c3a94b9..d70ef0dd88 100644 --- a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy +++ b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "ha.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json index 9bbb5e4900..19e973950d 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json @@ -946,6 +946,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json b/tests/integration/update_cluster/minimal-gp3/cloudformation.json index 725c6cdb9b..0f892a356d 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json @@ -942,6 +942,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy index 5c74ca6ae0..7a2e4b678f 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy index 8276a8eea8..3387fc2440 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy +++ b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal-json.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy index 5c74ca6ae0..7a2e4b678f 100644 --- a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index e5203020b8..3dfc6ed818 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -1649,6 +1649,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index 99e66c7be6..278dc30dc4 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index 25e7d2cbd4..025d35d827 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -1650,6 +1650,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index 99e66c7be6..278dc30dc4 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json b/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json index fec93c3a5f..bda44a8598 100644 --- a/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json +++ b/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json @@ -1056,6 +1056,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "nthsqsresources.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy b/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy index 01ce42941a..7d12594d03 100644 --- a/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy +++ b/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "nthsqsresources.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json b/tests/integration/update_cluster/private-shared-ip/cloudformation.json index 0804d3559c..716030589b 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json @@ -1441,6 +1441,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "private-shared-ip.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy index 66d7f993d9..1540b862f0 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "private-shared-ip.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy index 5e5cd1e023..b390112e53 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index 20300df9a4..3e61d5d794 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -1586,6 +1586,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecalico.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy index 3fc672a266..a1fe9b4cef 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecalico.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy index 7463ede9c9..1bc0c7c5f2 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy +++ b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecanal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json b/tests/integration/update_cluster/privatecilium/cloudformation.json index bcfea7c489..a6df40203d 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json @@ -1572,6 +1572,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 91fc8571df..12dee21d05 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecilium2/cloudformation.json b/tests/integration/update_cluster/privatecilium2/cloudformation.json index bcfea7c489..a6df40203d 100644 --- a/tests/integration/update_cluster/privatecilium2/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium2/cloudformation.json @@ -1572,6 +1572,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 91fc8571df..12dee21d05 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json index bd5778e5b2..f8046d2a47 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json @@ -1605,6 +1605,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy index 2533c0a67e..ef944f0a2d 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy index e423f4fcfe..a020452b45 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy +++ b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatedns1.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy index f86bfa1f12..faac6dc252 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy +++ b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatedns2.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy index 84109d95a8..cc9ec7daa7 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy +++ b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateflannel.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy index 417a2a657c..5fd9cc06ab 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy +++ b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatekopeio.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy index 1a91c05ef4..99ea7c9928 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy +++ b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateweave.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy index e1cc0628a8..1e058a4259 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy index 6ffd5b344e..373fedf91c 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy +++ b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "sharedsubnet.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy index 1c30828944..d501a44415 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "sharedvpc.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy index f48475278a..1c02591982 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy +++ b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy @@ -51,6 +51,32 @@ "*" ] }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "unmanaged.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeLifecycleHooks", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", diff --git a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_lifecyclehook.go b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_lifecyclehook.go index ff69872716..4262e5ac43 100644 --- a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_lifecyclehook.go +++ b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_lifecyclehook.go @@ -95,14 +95,14 @@ func (_ *AutoscalingLifecycleHook) CheckChanges(a, e, changes *AutoscalingLifecy return nil } -func (h *AutoscalingLifecycleHook) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *AutoscalingLifecycleHook) error { - if a == nil { +func (*AutoscalingLifecycleHook) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *AutoscalingLifecycleHook) error { + if changes != nil { request := &autoscaling.PutLifecycleHookInput{ AutoScalingGroupName: e.AutoscalingGroup.Name, - DefaultResult: h.DefaultResult, - HeartbeatTimeout: h.HeartbeatTimeout, + DefaultResult: e.DefaultResult, + HeartbeatTimeout: e.HeartbeatTimeout, LifecycleHookName: e.Name, - LifecycleTransition: h.LifecycleTransition, + LifecycleTransition: e.LifecycleTransition, } _, err := t.Cloud.Autoscaling().PutLifecycleHook(request) if err != nil { diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go index 31337528e0..e4de349689 100644 --- a/upup/pkg/fi/nodeup/command.go +++ b/upup/pkg/fi/nodeup/command.go @@ -205,12 +205,10 @@ func (c *NodeUpCommand) Run(out io.Writer) error { return err } awsCloud, err := awsup.NewAWSCloud(region, nil) - - cloud = awsCloud - if err != nil { return err } + cloud = awsCloud } modelContext := &model.NodeupModelContext{ @@ -363,6 +361,44 @@ func (c *NodeUpCommand) Run(out io.Writer) error { klog.Exitf("error closing target: %v", err) } + if modelContext.InstanceGroup.Spec.WarmPool != nil && modelContext.InstanceGroup.Spec.WarmPool.EnableLifecyleHook { + if api.CloudProviderID(c.cluster.Spec.CloudProvider) == api.CloudProviderAWS { + err := completeWarmingLifecycleAction(cloud.(awsup.AWSCloud), modelContext) + if err != nil { + return fmt.Errorf("failed to complete lifecylce action: %w", err) + } + } + } + return nil +} + +func completeWarmingLifecycleAction(cloud awsup.AWSCloud, modelContext *model.NodeupModelContext) error { + asgName := modelContext.InstanceGroup.GetName() + "." + modelContext.Cluster.GetName() + hookName := "kops-warmpool" + svc := cloud.(awsup.AWSCloud).Autoscaling() + hooks, err := svc.DescribeLifecycleHooks(&autoscaling.DescribeLifecycleHooksInput{ + AutoScalingGroupName: &asgName, + LifecycleHookNames: []*string{&hookName}, + }) + if err != nil { + return fmt.Errorf("failed to find lifecycle hook %q: %w", hookName, err) + } + + if len(hooks.LifecycleHooks) > 0 { + klog.Info("Found ASG lifecycle hook") + _, err := svc.CompleteLifecycleAction(&autoscaling.CompleteLifecycleActionInput{ + AutoScalingGroupName: &asgName, + InstanceId: &modelContext.InstanceID, + LifecycleHookName: &hookName, + LifecycleActionResult: fi.String("CONTINUE"), + }) + if err != nil { + return fmt.Errorf("failed to complete lifecycle hook %q for %q: %v", hookName, modelContext.InstanceID, err) + } + klog.Info("Lifecycle action completed") + } else { + klog.Info("No ASG lifecycle hook found") + } return nil }